Tweet
Originally posted by chuckula
View Post
-
In servers it’s not too uncommon to swap drives into completely different hardware -
-
Interesting.
Seems as if it could make auto-provisioning k8s clusters much easier?
Some kind of auto-build system though would seem to be a requirement.
From a repo of available stuff, pull these requirements, with these kernel args, (on top of required standard stuff to make a running system), build and sign it.
load file to ipxe server (or local system) and be up and running.
Sure could be a much easier, less time consuming, less(human) error prone way, thus more productive and maybe “less elitist” way to allow more people to make more choices and customize.
Comment
-
You could just make some tweaks to configuration and recompile the kernel before changing hardware.Originally posted by You- View PostComment
-
One part of the user community that would see some impact should they decide to opt-in to the new kernel UKI sub-packages are those that have explicitly chosen to select GPUs and drivers that are not (yet) in the kernel (i.e. users who have chosen to purchase nvidia GPUs and that chose to use the nvidia proprietary drivers). Since Fedora no longer collects system configuration data (though something like smolt) no one can be sure what percentage of the user community (should they choose to opt-in) would be impacted, but the general feeling is a significant percentage (so, at a minimum, there needs to be warning notices to not move to UKI images if you use nvidia GPUs today).Originally posted by pdbecid View PostComment
-
Soon they are going to remove GCC/Clang package and make root fs readonly for anyone without a Fedora license
Please do not even bother replying to my brainless post. Just chuckle and move on.Comment
-
Finally, people are actually starting to care about GNU/Linux secured boot process, and how “Secure Boot” wasn’t actually secure the way it's implemented on most distros. https://0pointer.net/blog/brave-new-...oot-world.htmlComment
-
So... basically a modular kernel... which is the default behavior. Also, who's "optimized build"? Do you not realize just how many different builds and options that would be? Apparently not. This isn't about you. It's about the lowest common denominator (most common user) the distribution creators are targeting. They are looking to minimize their work load, not create exponentially more work with customized kernels. The decision tree alone would be an effin nightmare.Originally posted by chuckula View Post
Linux boot security is absolutely atrocious right now, this is a step in the right direction to change that. If you don't like it, don't use it. That's what "opt-in" is all about. The rest of the users that care about boot security chains will welcome the change.Comment
-
Loyal Fedora user (since, I think, Fedora Core 9). Very happy with the current status of NVidia GPU and ZFS integration. I see a lot of storm clouds on the horizon with this proposal.
Let me start by saying that I like the goal in general and I am looking forward to what the Fedora team will come up with. However, as I read the proposal I shutter at the idea of Discoverable Partitions. I may move all my machines to network boot if this will be the only way to multi-boot in the secure future...Comment
-
I like the idea of unified selfbooting kernels.
If you really need to add or change kernel parameters then I'm sure you could build your own UKI's which will not be signed with redhat's Secure boot key.
So either disable Secure boot or use your own keys.Comment
Comment