On Tue, Dec 20, 2022 at 10:22:03AM -0500, Ben Cotton wrote:
> https://fedoraproject.org/wiki/Changes/Unified_Kernel_Support_Phase_1

It's great to see this happening!

> Phase 1 goals (high priority):
> 
> * Ship a unified kernel image as (optional) kernel sub-rpm.  Users can
> opt-in to use that kernel by installing the sub-rpm.  Initial focus is
> on booting virtual machines where we have a relatively small and well
> defined set of drivers / features needed.  Supporting modern physical
> machines with standard setup (i.e. boot from local sata/nvme storage)
> too should be easy.
> * Update kernel install scripts so unified kernels are installed and
> updated properly.
> * Add bootloader support for unified kernel images.  Add
> [https://systemd.io/BOOT_LOADER_SPECIFICATION/#type-2-efi-unified-kernel-images
> unified kernel bls support] to grub2, or support using systemd-boot,
> or both.
> 
> Phase 1 goals (lower priority, might move to Phase 2):
> 
> * Add proper discoverable partitions support to installers (anaconda,
> image builder, ...).
> ** Temporary workaround possible: set types using sfdisk in %post script.
> ** When using btrfs: configure 'root' subvolume as default volume.
> * Add proper systemd-boot support to installers.
> ** Temporary workaround possible: run 'bootctl install' in %post script.
> * Better measurement and remote attestation support.
> ** store kernel + initrd hashes somewhere (kernel-hashes.rpm ?) to
> allow pre-calculate TPM PCR values.
> ** avoid using grub2 (measures every config file line executed which
> is next to impossible to pre-calculate).
> * Switch cloud images to use unified kernels.

With my FESCo hat on, I immediately have the following comment:
please narrow down the scope to things that we can actually approve
for F38. E.g. the parts related to replacing grub2 by sd-boot
are IMHO not realistic for F38 (*). And if we use grub2, then also the
pre-calculation of TPM PCR values is not realistic, since they are
too volatile with grub2... I think that those are all very interesting
research tangents, but the stuff that gets a stamp of approval as a
Fedora Change needs to be down-to-earth and users-know-what-to-expect
and 
you-can-pretty-much-figure-out-how-things-will-look-from-the-change-description.

(*) Or if that is actually the plan, please specify *where* sd-boot
would be supported.

Zbyszek
_______________________________________________
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Reply via email to