On Tue, 2022-12-20 at 20:42 +0100, Björn Persson wrote:
> I note that taking away the kernel command line is indeed a clearly
> stated goal, which will limit Fedora to simple, appliance-like uses.
I for one, haven't touched once the command line in this laptop that
has 4 years. So I welcome simplification for that *common* case.
Every person who chooses basic graphics mode is triggering this case. The kernel command line is pretty much the first stop for troubleshooting and bypassing driver problems. It's incredibly common even now, which is why we keep hitting bugs and fixing them each release. We are finally starting to automate testing of these modes, so I do not appreciate you saying they are uncommon, because the reality is they are.
Given nobody is taking away the initrd way all you will have to do (at
most, if you use it) is to disable secure boot and regain the ability
to change the kernel command line and build your own initrd or even
your own kernel if you so like.
This is becoming harder and harder to do. Consumer hardware has not been required to offer that ability in years and I have friends and colleagues who have such hardware today. This is not a realistic expectation to have. And while most still have the capacity to disable it, it is difficult and something we cannot expect users to be able to accomplish.
And if you chose your HW carefully you may even be able to register
your own public keys, generate and sign your own built UKIs and re-
enable SecureBoot after that... your choice!
That doesn't mean we should offer any in Fedora itself unless we can be assured someone cares about how regular people are supposed to deal with problems caused by this.