After five months of development the release of the new version of "systemd 250" was announced in which it was possible to store the credentials in an encrypted form, the verification of the GPT partitions detected automatically by digital signature was implemented, the information on the causes of delays when starting services was improved, among other things.
Of the novelties that are presented we can find that it stands out that added support for encrypted and authenticated credentials, which can be useful for safely storing confidential materials such as SSL keys and access passwords.
Credential decryption is performed only when necessary and in connection with the local computer or facility. Data is automatically encrypted using symmetric encryption algorithms, the key of which can be located on the file system, on the TPM2 chip, or using a combination scheme.
When the service starts, the credentials are automatically decrypted and made available to the service in its normal way. The 'systemd-creds' utility has been added to work with encrypted credentials, and the LoadCredentialEncrypted and SetCredentialEncrypted settings are offered for services.
Added support to boot kernel using LINUX_EFI_INITRD_MEDIA_GUID EFI protocol to sd-stub, the EFI executable that the EFI firmware uses to boot the Linux kernel. Also added to sd-stub is the ability to wrap credentials and sysext files in the cpio file and transfer this file to the kernel along with initrd (additional files are located in the /.extra/ directory). This feature enables a verifiable and immutable initrd environment, complemented by sysexts and encrypted authentication credentials.
The specification of discoverable partitions has been expanded significantly to provide a means to define, mount, and activate system partitions using GPT (GUID Partition Tables). Compared to previous versions, for most architectures, the specification includes support for the root partition and the / usr partition, even for non-UEFI platforms.
For units that are running or stopped for a long time, in addition to displaying an animated progress bar, the ability to display status information is provided, allowing you to understand what exactly is happening with the service at the moment and the completion of what service.
It is also noted that the DefaultOOMScoreAdjust parameter was added to /etc/systemd/system.conf and /etc/systemd/user.conf, which allows you to adjust the OOM-killer threshold when insufficient memory is applied to the processes that systemd starts for the system and users.
By default, the weight of system services is greater than that of user servicesthat is, if there is not enough memory, the probability of terminating user services is greater than that of system services.
The RestrictFileSystems setting was added to restrict access to services to certain types of file systems.
Also added a new unit file systemd-boot-update.service, when enabled and the sd-boot bootloader is installed, systemd will automatically update the version of the sd-boot bootloader, keeping the bootloader code always up to date.
El sd-boot itself is now built by default with support for the SBAT mechanism (UEFI Secure Boot Advanced Targeting), which resolves issues with certificate revocation for UEFI Secure Boot. In addition, sd-boot offers the ability to analyze the Microsoft Windows boot configuration to correctly generate the names of the Windows boot partitions and display the Windows version.
sd-boot it also offers the ability to define a color scheme at compile time. During the boot process, added support to change the screen resolution by pressing the «r» key, also added the automatic boot mode for the system corresponding to the menu item selected at the last boot. Added the ability to automatically load EFI drivers located in the / EFI / systemd / drivers / directory on the ESP (EFI System Partition) partition.
A new factory-reset.target unit file is included, processed in systemd-logind by analogy with restart, shutdown, suspend, and hibernate operations, and is used to create drivers for performing a factory reset.
Finally if you are interested in knowing more about it, you can check the details in the following link