On Fri, 28 Oct 2022 08:28:21 +0200 aplanas wrote:
On 2022-10-08 18:08, yurishish@gmail.com wrote:
I wonder if devs have considered to switch to Unified Kernel Images before? Existing tools are able to create such images already but the installation scripts needs to be updated. That would allow to simplify the booting process when Secure Boot and full disk encryption are used and also would make it more secure.
Not sure about the UKIs. There are cool properties on going on that direction, and one that I can see that will force OBS to start providing some kind of small, static and common initrd.
In any case the UKIs are a bit of a bigger plan, and IMHO the security model is something that definitively yes, we should work on that.
There is more info here: https://uapi-group.org/
I was unfamiliar with UKI concept, so "Brave New Trusted Boot World"[0] was posted just in time to explain it :) [0]https://0pointer.net/blog/brave-new-trusted-boot-world.html Pedja