On Tue, Dec 5, 2023 at 3:47 PM Aoife Moloney <amolo...@redhat.com> wrote: > > This document represents a proposed Change. As part of the Changes > process, proposals are publicly announced in order to receive > community feedback. This proposal will only be implemented if approved > by the Fedora Engineering Steering Committee. > > == Summary == > Improve support for unified kernels in Fedora. > > == Owner == > * Name: [[User:kraxel| Gerd Hoffmann]] > * Email: kra...@redhat.com > > * Name: [[User:vittyvk| Vitaly Kuznetsov]] > * Email: vkuzn...@redhat.com > > > == Detailed Description == > See [[ Changes/Unified_Kernel_Support_Phase_1 ]] for overview and Phase 1 > goals. > > ==== Phase 2 goals ==== > > * Add support for booting UKIs directly. > ** Boot path is shim.efi -> UKI, without any boot loader (grub, > sd-boot) involved. > ** The UEFI boot configuration will get an entry for each kernel installed. > ** Newly installed kernels are configured to be booted once (via BootNext). > ** Successful boot of the system will make the kernel update permanent > (update BootOrder). > * Enable UKIs for aarch64. > ** Should be just flipping the switch, dependencies such as kernel > zboot support are merged. > * Add a UEFI-only cloud image variant which uses UKIs. > ** Also suitable for being used in confidential VMs. > ** Cover both x86_64 and aarch64. >
What is the point of using shim in this path? We're not having UKIs signed by Microsoft, and unless the Linux kernel knows how to call shim for certificates, I don't see how this is supposed to be useful for the Microsoft->Fedora->OS boot chain. -- 真実はいつも一つ!/ Always, there's only one truth! -- _______________________________________________ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
