Fedora 38 plan to realize support of universal nucleus images

In the release of Fedora 38 proposed Implement first stage transition to a modernized loading process, previously proposed by Lennart Pottering to organize a full -fledged boot, covering all stages from the firmware to the user space, and not just and bootloader. The proposal has not yet been considered by the FESCO committee (Fedora Engineering Steering Committee), which is responsible for the technical part of the development of the Fedora distribution.

The components for the implementation of the proposed idea are already integrated into Systemd 252 and are reduced to use instead of the INITRD image, formed on the local system when installing a package of the kernel unified UKI (Unified Kernel Image), generated in the distribution of the distribution and certified by the distribution distribution and certified by the distribution distribution. . UKI combines a processor for loading a nucleus from UEFI (UEFI Boot Stub) in one file, the image of the Linux nucleus and the Initrd system environment loaded in memory. When calling the UKI image from UEFI, it is possible to check the integrity and reliability of the digital signature of not only the nucleus, but also the Initrd contents, the reliability of which is important since the keys are extracted in this environment to decipher the root fs.

Due to significantly upcoming changes, the implementation is planned to be divided into several stages. At the first stage, UKI support will be added to the bootloader and the publication of the optional image of the UKI will begin, which will be focused on loading virtual machines with a limited set of components and drivers, as well as the installation and updating of the UKI tools. In the second and third stages, it is planned to move from the transfer of settings in the command line of the nucleus and stop storing keys in Initrd.

/Media reports cited above.