Hi,
We have been working on building tools and filling gaps to make that workable reasonably in systemd upstream, and with a focus on Fedora. The difficulty is in both being able to prebuild everything but also keeping things somewhat modular and parameterizable. Because right now those are the primary reasons initrds are built on the installed host instead of Fedora: they contain local configuration and drivers. If we prebuild everything we must have model to replace these parts, without compromising security, and that's not rivial.
Is all this this discussed somewhere in public? systemd-devel list maybe?
For virtual machines we need some way to make sure they actually run the software we want them run, and it seems the options we have are:
(1) finally plug that initrd hole, or (2) use encrypted /boot
... where (2) feels more like a workaround for the unsigned initrd problem and it also opens another can of worms like requiring luks support in the boot loader.
I guess you already have a list of the "local configuration" bits which must be tackled? Obvious #1 is finding the root filesystem. Should be solvable with discoverable partitions. A few days back I've found a 7 (!) year old bug[1] of yours truly asking to support that in anaconda, still in NEW state :(
take care, Gerd