Fedora 38 Plots Path To Unified Kernel Support

Written by Michael Larabel in Fedora on 20 December 2022 at 01:50 PM EST. 56 Comments
FEDORA
Red Hat and Fedora engineers are plotting a path to supporting Unified Kernel Images (UKI) with Fedora Linux and for the Fedora 38 release in the spring they are aiming to get their initial enablement in place.

Unified Kernel Images have been championed by the systemd folks for better securing and trusting Linux distributions. Unified kernel images are a combination of the kernel image, initrd, and UEFI stub program all distributed as one.


The change proposal for Fedora 38 outlines some of the plans for this unified kernel support as:
The goal is to move away from initrd images being generated on the installed machine. They are generated while building the kernel package instead, then shipped as part of a unified kernel image.

A unified kernel image is an all-in-one efi binary containing kernel, initrd, cmdline and signature. The secure boot signature covers everything, specifically the initrd is included which is not the case when the initrd gets loaded as separate file from /boot.

Main motivation for this move is to make the distro more robust and more secure.

Switching the whole distro over to unified kernels quickly is not realistic though. Too many features are depending on the current workflow with a host-specific initrd (and host-specific kernel command line), which is fundamentally incompatible with unified kernels where everybody will have the same initrd and command line. Thats why there is 'Phase 1' in title, so we can have more Phases in future releases.

The initial phase would focus on shipping a UKI as an optional sub-RPM that users can opt into initially, updating kernel install scripts so unified kernels are installed and properly updated, and bootloader support for unified kernel images. Adding systemd-boot support to the installers, better measurement and remote attestation support, and switching Fedora Cloud images to using unified kernels are among the additional goals but of lower priority.

Past Fedora 38 the unified kernel transition will likely involve moving away from the kernel command line for configuration handling, moving away from storing secrets in the initrd, and handling Dracut optional modules in a different manner.

More details on this tentative change proposal for Fedora 38, which still needs to be approved by the Fedora Engineering and Steering Committee, can be found on the Fedora Wiki.
56 Comments
Related News
Fedora Asahi Remix 40 Now Available For Apple Silicon Devices, KDE Plasma 6 By Default
Fedora 41 Approved To Make Package Builds More Reproducible
Fedora Cleared To Build Python Package With "-O3" Optimizations
Fedora Evaluates Replacing Redis With Valkey
Fedora Miracle Spin Proposed For Fedora 41
Fedora Linux 40 Available For Download As A Wonderful Upgrade
About The Author
Michael Larabel

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via MichaelLarabel.com.

Popular News This Week
NetBSD On The State & Future Of X.Org/X11
Framework Laptop EC Driver Being Prepared For Linux
Valve Working On Explicit Sync Support For "NVK" NVIDIA Vulkan Driver
Wine 9.8 Fixes Nearly 20 Year Old Bug For Installing Microsoft Office 97
GNOME Shell's Layout Being Improved For Smaller Displays
Valve Publishes Steam Survey Numbers For April 2024
Punting GPU Drivers From The Initramfs Due To Ever Increasing Firmware Bloat
Proton 9.0-1 Released With Many Improvements For Steam Play Linux Gaming