Lennart Poettering on Nostr: You might know the UKI concept we introduced a couple of years ago, i.e. the unified ...
You might know the UKI concept we introduced a couple of years ago, i.e. the unified kernel image. You glue kernel, initrd and some other metadata into one UEFI PE binary, so that it can be secureboot authenticated as one, and be measured as one.
It has many benefits to do things that way, but it also comes at one drawback: you bake in a single kernel cmdline, and in sb mode there's no way to use any other (well unless you use cmdline addon files, but that involves signing stuff separately, …
Published at
2024-06-27 21:28:55Event JSON
{
"id": "3f01be2f9b7efc5e4adc6c882a8dc342da50530df8141686cd45f61f36144d5f",
"pubkey": "1d95c32d9a9d95a54f98eb2eaa156f3d3a71dc49eca2c960b2b89962758f1cc0",
"created_at": 1719523735,
"kind": 1,
"tags": [
[
"proxy",
"https://mastodon.social/users/pid_eins/statuses/112690707502279905",
"activitypub"
]
],
"content": "You might know the UKI concept we introduced a couple of years ago, i.e. the unified kernel image. You glue kernel, initrd and some other metadata into one UEFI PE binary, so that it can be secureboot authenticated as one, and be measured as one.\n\nIt has many benefits to do things that way, but it also comes at one drawback: you bake in a single kernel cmdline, and in sb mode there's no way to use any other (well unless you use cmdline addon files, but that involves signing stuff separately, …",
"sig": "f8ed08b6251810d6654b5c80339eb14e2a5168fb5d4949459bc8d02308049ea5541aca9b9a46f935dccc84728ea1201f6a115d8d05cdd56b24757d930a962626"
}