core/attestation/attestation_requester.c (8 lines):
	- line 662: /* TODO:  This signature verification flow does not use the ECDSA APIs so is not compatible with
	- line 1473: // TODO: Get maximum permitted sleep duration from PCD
	- line 1566: /* TODO:  Is there a better error that could be reported here? */
	- line 1914: /* TODO:  Cert chain digest calculation seems like it might be wrong for Cerberus now relative
	- line 1982: // TODO Get Cerberus Protocol version using the MCTP control Get VDM Support command
	- line 2081: /* TODO Implement additional Cerberus Challenge Protocol attestation flows
	- line 2486: // TODO: If device responds with raw blocks, hash them here instead of reporting error
	- line 3412: // TODO: Implement Cerberus protocol device discovery


core/cmd_interface/cmd_interface_protocol_cerberus.c (4 lines):
	- line 34: /* TODO:  These are redundant checks that are done in the MCTP layers, but until those headers
	- line 52: /* TODO:  Remove the Cerberus protocol header from the payload.  This requires the rest of the
	- line 73: /* TODO:  Just like in the pre-processing case, a Cerberus header should be added to the payload
	- line 91: /* TODO:  These are MCTP components and should be updated by MCTP protocol handlers


core/mctp/cmd_interface_protocol_mctp_msft_vdm.c (4 lines):
	- line 42: /* TODO:  Remove the MCTP header before returning from this protocol layer.  Requires updating
	- line 66: /* TODO:  Add the MCTP VDM header in this layer. */
	- line 76: * TODO:  This logic is duplicated from cmd_interface_protocol_cerberus.  It should
	- line 96: * TODO:  Currently assume the request buffer hasn't been changed by the failure.  Ideally,


core/spdm/spdm_commands.c (3 lines):
	- line 220: * TODO:  This needs to be re-evaluated.  There is no requirement per the SPDM spec for this
	- line 1279: * TODO:  Perhaps FIPS compliant implementations need to explicitly fail requests using
	- line 2425: /* TODO: Maybe macro for length check. */


core/asn1/dice/x509_extension_builder_dice_tcbinfo.c (3 lines):
	- line 17: * TODO:  Put this in a common location.
	- line 24: * TODO:  Remove the need for the extra padding with updates to the DER encoder.
	- line 105: /* TODO:  Not each of these error checks is tested.  Add tests when refactoring DER encoding. */


core/asn1/dme/x509_extension_builder_dme.c (3 lines):
	- line 17: * TODO:  Put this in a common location.
	- line 24: * TODO:  Remove the need for the extra padding with updates to the DER encoder.
	- line 85: /* TODO:  Not each of these error checks is tested.  Add tests when refactoring DER encoding. */


core/spdm/cmd_interface_spdm.h (2 lines):
	- line 17: * TODO:  Rename this to cmd_interface_spdm_requester.
	- line 25: /* TODO:  Observable needs to support const model in order to support static/const instances. */


core/mctp/mctp_interface.c (2 lines):
	- line 1005: /* TODO: Delete this function in favor of using the msg_transport interface. */
	- line 1148: /* TODO:  This should probably use the NULL EID. */


core/mctp/cmd_interface_protocol_mctp.c (2 lines):
	- line 61: /* TODO:  MCTP control message structures currently assume presence of the message header,
	- line 88: /* TODO:  Just like in the pre-processing phase, this exception needs to be eliminated and


core/riot/reference/RiotDerEnc.c (2 lines):
	- line 12: #include <winsock2.h>    // TODO: REMOVE THIS
	- line 341: long valx = platform_htonl (Val);    // TODO: REMOVE USAGE


core/cmd_interface/cmd_interface_protocol_cerberus_secure.c (2 lines):
	- line 33: /* TODO:  As in the base Cerberus handler, remove the Cerberus protocol header from the
	- line 69: /* TODO:  Deal with the base Cerberus handler adding payload header. */


core/cmd_interface/cmd_interface.c (2 lines):
	- line 239: * TODO:  Deprecate use of this function and remove it.  Use the cmd_interface_protocol handlers
	- line 316: * TODO:  Deprecate use of this function and remove it.  Use the cmd_interface_protocol handlers


core/asn1/x509_cert_build.c (2 lines):
	- line 29: * TODO:  Put this is a common location.
	- line 165: DER_CHK_ENCODE (DERAddOID (der, keyUsageOID));    /* TODO:  Statically encode all OIDs. */


core/cmd_interface/cmd_interface.h (2 lines):
	- line 137: * TODO:  Likely remove this function from this interface.  The request issuing flow using
	- line 149: /* TODO:  Now that the cmd_interface is used for more than Cerberus messages, this should get


core/asn1/dice/x509_extension_builder_dice_ueid.c (2 lines):
	- line 16: * TODO:  Put this in a common location.
	- line 54: /* TODO:  Not each of these error checks is tested.  Add tests when refactoring DER encoding. */


projects/linux/crypto/ecc_openssl.c (1 line):
	- line 473: /* TODO:  It's not clear how to leverage the EVP API to control the random number generation


core/keystore/keystore_flash.c (1 line):
	- line 39: /* TODO: add better error handling for scenarios where keystore isn't initialized and the flash


core/mctp/cmd_interface_mctp_control.h (1 line):
	- line 27: /* TODO:  Observable needs to support const model in order to support static/const instances. */


core/crypto/ephemeral_key_generation_rsa.c (1 line):
	- line 29: /* TODO:  Needs pairwise consistency test. */


tools/spdm_measurements_to_cfm.py (1 line):
	- line 41: # TODO: Replace shell commands with python file system APIs


core/mctp/mctp_interface.h (1 line):
	- line 59: * TODO:  Since the focus of this module really should be MCTP transport layer handling, the type


cmake/toolchain/GccRiscV32.cmake (1 line):
	- line 28: # TODO - relocate to Gcc.cmake and/or Clang.cmake as needed for portability.


core/manifest/cfm/cfm_flash.c (1 line):
	- line 1150: // TODO: Support interleaved measurement and measurement block entries


core/cmd_interface/cerberus_protocol_debug_commands.h (1 line):
	- line 15: /* TODO: Define command formats for all debug commands. */


core/common/observable.c (1 line):
	- line 61: * TODO:  Once all observers are built to support const instances, this should only deal is const


core/spi_filter/spi_filter_interface.c (1 line):
	- line 34: /* TODO: Error checking on these calls would probably be good.  Otherwise, the log output


core/spdm/spdm_protocol.h (1 line):
	- line 114: * TODO:  This shouldn't be needed anymore, replaced with mctp_base_protocol_message_header and new


core/host_fw/host_fw_util.c (1 line):
	- line 864: /* TODO: Flash operations should include a verify step.  At least for program. */


core/spdm/spdm_secure_session_manager.h (1 line):
	- line 9: /* TODO:  This fila has many dependencies but is missing headers for them. */


core/asn1/dice/x509_extension_builder_dice_ueid.h (1 line):
	- line 13: * TODO:  Remove the need for the extra padding with updates to the DER encoder.


core/spdm/spdm_measurements.c (1 line):
	- line 110: * TODO:  Define a separate API and infrastructure to support chunking large measurement bit


core/cmd_interface/cmd_interface_system.h (1 line):
	- line 67: /* TODO:  Observable needs to support const model in order to support static/const instances. */


core/cmd_interface/cerberus_protocol_required_commands.c (1 line):
	- line 46: /* TODO:  Don't populate the MCTP header. */


core/attestation/pcr.c (1 line):
	- line 834: /* TODO: Can this be done with buffer_copy? */


core/spdm/spdm_commands.h (1 line):
	- line 1326: /* TODO:  This is a temporary work-around in the absence of a SPDM connection handler that is


core/manifest/pcd/pcd.h (1 line):
	- line 187: /* TODO Implement a similar function to get_next_mctp_bridge_component for direct connection