On Tue, Dec 20, 2022 at 10:22:03AM -0500, Ben Cotton wrote:
It's great to see this happening!
Phase 1 goals (high priority):
* Ship a unified kernel image as (optional) kernel sub-rpm. Users can
opt-in to use that kernel by installing the sub-rpm. Initial focus is
on booting virtual machines where we have a relatively small and well
defined set of drivers / features needed. Supporting modern physical
machines with standard setup (i.e. boot from local sata/nvme storage)
too should be easy.
* Update kernel install scripts so unified kernels are installed and
updated properly.
* Add bootloader support for unified kernel images. Add
[
https://systemd.io/BOOT_LOADER_SPECIFICATION/#type-2-efi-unified-kernel-i...
unified kernel bls support] to grub2, or support using systemd-boot,
or both.
Phase 1 goals (lower priority, might move to Phase 2):
* Add proper discoverable partitions support to installers (anaconda,
image builder, ...).
** Temporary workaround possible: set types using sfdisk in %post script.
** When using btrfs: configure 'root' subvolume as default volume.
* Add proper systemd-boot support to installers.
** Temporary workaround possible: run 'bootctl install' in %post script.
* Better measurement and remote attestation support.
** store kernel + initrd hashes somewhere (kernel-hashes.rpm ?) to
allow pre-calculate TPM PCR values.
** avoid using grub2 (measures every config file line executed which
is next to impossible to pre-calculate).
* Switch cloud images to use unified kernels.
With my FESCo hat on, I immediately have the following comment:
please narrow down the scope to things that we can actually approve
for F38. E.g. the parts related to replacing grub2 by sd-boot
are IMHO not realistic for F38 (*). And if we use grub2, then also the
pre-calculation of TPM PCR values is not realistic, since they are
too volatile with grub2... I think that those are all very interesting
research tangents, but the stuff that gets a stamp of approval as a
Fedora Change needs to be down-to-earth and users-know-what-to-expect
and you-can-pretty-much-figure-out-how-things-will-look-from-the-change-description.
(*) Or if that is actually the plan, please specify *where* sd-boot
would be supported.
Zbyszek