This latest UKI work for Fedora will lead to better UEFI Secure Boot support, better supporting TPM measurements and confidential computing, and a more robust boot process.
and HOPEFULLY lead to a less jerky-flashy-switchy boot xperience, looks like a Vegas light show at present. switched to systemd-boot, but it’s only a tiny bit better, still switches modes/blanks screen like five times.
Mine only switches modes once, on load save backlight.
yeah, if you don’t have an encrypted drive (which I’m gonna do on a laptop NEVER) on some OEMs this can look semi-seamless.
here’s what it looks like on a laptop:
-
- OEM logo
-
- screen goes blank, backlight off
-
- light on, OEM logo
-
- blank screen
-
- decrypt password
-
- blank screen
-
- loading spinner with OEM logo
-
- gdm/sddm login screen
-
- blank screen
- 9a. (sddm) loading animation
- 9b. (sddm) jerk when fractional scaling kicks in
-
- and finally there’s the desktop
with additional mode switching interjected and occasionally the horror that is GRUB inserts a ‘Loading blah blah’ text message; thankfully we’re getting rid of that.
My HP crapbook doesn’t have this OEM logo bullshit. Only the windows bootloader shows it, and the logo file is stored in the BGRT. So I don’t think I’m affected unless the WBM or systemd-boot have this vuln.
Mine:
1. Screen turns on 2. I pick EndeavorOS in systemd-boot 3. It starts spitting out logs (I love this behavior) 4. It switches modes once the backlight is loaded 5. I log in 6. KDE loadsI will never understand people who install Plymouth, it just adds complexity in the boot process. If your distro installs this then I understand why: so it doesn’t look like you’re “hacking the government”. If your distro doesn’t install it and you install it then you probably picked the wrong distro.
-
Omg yes, I hate those. I’m sitting here thinking it’s probably one of those simple things that scares people away from Linux…“Oh god, I see black text on white background. Abort, abort, ABORT!!”
Is this good?
It basically means instead of relying on a bootloader (e.g. GRUB or systemd-boot) the computer boots the kernel directly. Generally there should be no change besides having to use the BIOS menu to manually select a kernel.
Thank you, you’re awesome!
No problem! :)
FWIW, a lot of the DIY distros (Arch and Gentoo being the ones on most minds) allow this already so it’s nothing new. It’s just Fedora implementing it that’s new I guess. If you’re curious, the term to search is “EFISTUB”.
Is the benifit making secure boot work better?
Presume so, that’s what the article claims:
This latest UKI work for Fedora will lead to better UEFI Secure Boot support, better supporting TPM measurements and confidential computing, and a more robust boot process.
That’s nice, stuff like that does make dual booting harder unfortunately
I’d imagine that if you want a bootloader, the option is there as well. I can’t imagine Fedora just doing away with that unless the bootloaders themselves are unmaintained.
I think for most people they won’t care either way.
Some people do legitimately occasionally need to poke around in GRUB before loading the kernel. Setting up certain kernel parameters or looking for something on the filesystem or something like that. For those people, booting directly into the kernel means your ability to “poke around” is now limited by how nice your motherboard’s firmware is. But even for those people, they should always at least have the option of setting up a 2-stage boot.
Yes, in my opinion. The configuration of grub (boot loader) is just another step to go wrong, and this will eliminate that possibility. Additionally, it will prevent stupider operating systems (cough Windows) from accidentally overwriting the boot loader during an update.
Does that mean that the OS would have to handle version booting?
My understanding is that’s a yes.
Thank you
This is the best summary I could come up with:
Fedora 40 is eyeing the next phase of its unified kernel (UKI) support within the distribution that will include the ability to support booting to unified kernel image files directly without having to go through a traditional bootloader like GRUB or SD-Boot.
The second phase of Fedora’s unified kernel support is looking at a boot path from the EFI SHIM to UKI directly without any bootloader present.
The UEFI boot configuration will get an entry for each kernel installed, newly-installed kernels are configured to be booted once but will then be made permanent after a successful boot, and also enabling UKI support for 64-bit Arm (AArch64).
This latest UKI work for Fedora will lead to better UEFI Secure Boot support, better supporting TPM measurements and confidential computing, and a more robust boot process.
Those interested in the latest UKI efforts for Fedora 40 can see this Fedora mailing list thread with more details.
The original article contains 153 words, the summary contains 153 words. Saved 0%. I’m a bot and I’m open source!