diff options
author | Luca Boccassi <bluca@debian.org> | 2023-11-14 20:11:01 +0000 |
---|---|---|
committer | Luca Boccassi <bluca@debian.org> | 2023-11-14 20:11:01 +0000 |
commit | feed291094a590d3d89efa2ef4832ab721b0f33c (patch) | |
tree | 4131ee67dfc69842b0f83d584299f5cd6cab0b25 | |
parent | Merge pull request #30023 from mrc0mmand/selinux (diff) | |
download | systemd-feed291094a590d3d89efa2ef4832ab721b0f33c.tar.xz systemd-feed291094a590d3d89efa2ef4832ab721b0f33c.zip |
NEWS: update for latest features
-rw-r--r-- | NEWS | 36 |
1 files changed, 32 insertions, 4 deletions
@@ -130,9 +130,10 @@ CHANGES WITH 255 in spe: machinectl bind and mount-image verbs will now cause the new mount to replace the old mount (if any), instead of overmounting it. - * Units now have a MemoryPeak and MemorySwapPeak property, which - contain the value of cgroup v2's memory.peak and memory.swap.peak - property. + * Units now have MemoryPeak, MemorySwapPeak, MemorySwapCurrent and + MemoryZSwapCurrent properties, which respectively contain the values of + the cgroup v2's memory.peak, memory.swap.peak, memory.swap.current and + memory.zswap.current properties. TPM2 Support + Disk Encryption & Authentication: @@ -142,11 +143,17 @@ CHANGES WITH 255 in spe: * systemd-cryptenroll now allows specifying a TPM2 key handle to be used instead of the default SRK via the new --tpm2-seal-key-handle= option. + * systemd-cryptenroll now allows enrolling using only a TPM2 public key, + without access to the TPM2 itself, which enables remote sealing. + * systemd-cryptsetup is now installed in /usr/bin/ and is no longer an internal-only executable. * The TPM2 Storage Root Key will now be set up, if not already present, - by a new systemd-tpm2-setup.service early boot service. + by a new systemd-tpm2-setup.service early boot service. The SRK will be + stored in PEM format and TPM2_PUBLIC format for easier access. A new + srk verb has been added to systemd-analyze to allow extracting it on + demand if it is already set up. * The internal systemd-pcrphase executable has been renamed to systemd-pcrextend. @@ -223,6 +230,9 @@ CHANGES WITH 255 in spe: passed from systemd-boot when running inside Confidential VMs with UEFI SecureBoot enabled. + * systemd-stub will now load a Devicetree blob even if the firmware did + not load any beforehand (e.g.: for ACPI systems). + * ukify is no longer considered experimental, and now ships in /usr/bin/. * ukify gained a new verb inspect to describe the sections of a UKI and @@ -234,6 +244,12 @@ CHANGES WITH 255 in spe: * The 90-loaderentry kernel-install hook now supports installing device trees. + * kernel-install now supports --json, --root, --image and --image-policy + options for the inspect verb. + + * kernel-install now supports new list and add-all verbs. The latter will + install all the kernels it can find to the ESP. + systemd-repart: * A new option --copy-from= has been added that synthesizes partition @@ -257,11 +273,18 @@ CHANGES WITH 255 in spe: files, to indicate which directories in the target partition should be btrfs subvolumes. + * A new --tpm2-device-key= option can be used to encrypt a disk against + a remote TPM2 using its public key. + Journal: * The journalctl --lines= parameter now accepts +N to show the oldest N entries instead of the newest. + * journald now ensures that sealing happens once per epoch, and sets a + new compatibility flag to distinguish old journal files that were + created before this change, for backward compatibility. + Device Management: * udev will now create symlinks to loopback block devices in the @@ -456,6 +479,9 @@ CHANGES WITH 255 in spe: * seccomp now supports the LoongArch64 architecture. + * seccomp may now be enabled for services running as a non-root User= + without NoNewPrivileges=yes. + * systemd-id128 now supports a new -P option to show only values. The combination of -P and --app options is also supported. @@ -539,6 +565,8 @@ CHANGES WITH 255 in spe: and %systemd_user_postun_with_reload do a reload for system and user units on upgrades. + * coredumpctl now propagates SIGTERM to the debugger process. + Contributions from: 김인수, Abderrahim Kitouni, Adam Williamson, Alexandre Peixoto Ferreira, Alex Hudspith, Alvin Alvarado, André Paiusco, Antonio Alvarez Feijoo, Anton Lundin, |