Update TODO with some stuff

Signed-off-by: Peter Jones <pjones@redhat.com>

TODO

@@ -1,23 +1,14 @@
-Versioned protocol:
+- Versioned protocol:
-- Make shim and the bootloaders using it express how enlightened they
+  - Make shim and the bootloaders using it express how enlightened they
-  are to one another, so we can stop earlier without tricks like
+    are to one another, so we can stop earlier without tricks like the one
-  the one above
+    above
-MokListRT signing:
+  - Make a LoadImage/CheckImage/StartImage based protocol
-- For kexec and hybernate to work right, MokListRT probably needs to
+- Hashing of option roms:
-  be an authenticated variable.  It's probable this needs to be done
+  - hash option roms and add them to MokListRT
-  in the kernel boot stub instead, just because it'll need an
+  - probably belongs in MokManager
-  ephemeral key to be generated, and that means we need some entropy
+- Ability to specify second stage as a device path
-  to build up.
+  - including vendor path that means "parent of this image's path"
-New security protocol:
+  - including vendor path that means "this image"
-- TBD
+  - including path that's like Fv() to embed images.
-kexec MoK Management:
+
-Modsign enforcement mgmt MoK:
+# vim:filetype=mail:tw=74
-- This is part of the plan for SecureBoot patches.  Basically these
-  features need to be disableable/enableable in MokManager.
-Variable for debug:
-- basically we need to be able to set a UEFI variable and get debug
-  output.  Right now some code uses SHIM_VERBOSE but that needs a fair
-  amount of work to actually be useful.
-Hashing of option roms:
-- hash option roms and add them to MokListRT
-- probably belongs in MokManager