diff --git a/TODO b/TODO
index 2ef8035099..0cd9bc114f 100644
--- a/TODO
+++ b/TODO
@@ -49,6 +49,9 @@ Features:
 
 * nspawn: support time namespaces
 
+* systemd-firstboot: make sure to always use chase_symlinks() before
+  reading/writing files
+
 * add ConditionSecurity=tpm2
 
 * Remove any support for booting without /usr pre-mounted in the initrd entirely.
@@ -94,8 +97,9 @@ Features:
   this, it's useful to have one that can dump contents of them, too.
 
 * All tools that support --root= should also learn --image= so that they can
-  operate on disk images directly. Specifically: bootctl, firstboot, tmpfiles,
-  sysusers, systemctl, repart, journalctl, coredumpctl.
+  operate on disk images directly. Specifically: bootctl, tmpfiles, sysusers,
+  systemctl, repart, journalctl, coredumpctl. (Already done: systemd-nspawn,
+  systemd-firstboot)
 
 * seccomp: by default mask x32 ABI system wide on x86-64. it's on its way out