On Tue, Dec 20, 2022 at 04:38:37PM +0100, Dan Horák wrote:
On Tue, 20 Dec 2022 10:22:03 -0500
Ben Cotton <bcotton(a)redhat.com> wrote:
>
https://fedoraproject.org/wiki/Changes/Unified_Kernel_Support_Phase_1
>
> This document represents a proposed Change. As part of the Changes
> process, proposals are publicly announced in order to receive
> community feedback. This proposal will only be implemented if approved
> by the Fedora Engineering Steering Committee.
>
>
> == Summary ==
> Add support for unified kernels images to Fedora.
>
> == Owner ==
> * Name: [[User:kraxel| Gerd Hoffmann]]
> * Email: kraxel(a)redhat.com
>
>
> == Detailed Description ==
> The goal is to move away from initrd images being generated on the
> installed machine. They are generated while building the kernel
> package instead, then shipped as part of a unified kernel image.
>
> A unified kernel image is an all-in-one efi binary containing kernel,
> initrd, cmdline and signature. The secure boot signature covers
> everything, specifically the initrd is included which is not the case
> when the initrd gets loaded as separate file from /boot.
What platforms are going to be affected? Is it x86-64 only or does it
include aarch64 (as it's also using UEFI)? Are ppc64le and s390x out of
the current scope?
This change proposal would only be x86_64, since that's the platform
where we need to solve the unsigned initrd problem with SecureBoot
with EDK2/QEMU (and more generally with bare metal, but this change
is limited scope to VMs to make it tractable to pre-built initrds
with a fixed set of kmods).
While aarch64 uses UEFI, there's no viable SecureBoot support for
it in EDK2/QEMU yet. If and when that appears, then it could be
extended to aarch64 at that time.
There's no plans for ppc64le / s390x.
NB, I'm talking from the POV of what we require to address as
virtualization platform maintainers. There might be other use cases
for UKIs from other teams TBD.
With regards,
Daniel
--
|:
https://berrange.com -o-
https://www.flickr.com/photos/dberrange :|
|:
https://libvirt.org -o-
https://fstop138.berrange.com :|
|:
https://entangle-photo.org -o-
https://www.instagram.com/dberrange :|