hi,
Am Donnerstag, dem 09.12.2021 um 08:51 +0200 schrieb Mark Shuttleworth:
> On 08/12/2021 23:02, Julian Andres Klode wrote:
> > I'd kind of like us to ship "default" initramfs in like
> > linux-initrd-$uname-r
> > and linux-initrd-generic and so on. Maybe even signed somehow so
> > that
> > the kernel can verify its integrity when booting. Such that booting
> > with
> > authenticated FDE is fully authenticated.
> >
> > But oh well, those are all long term wishes :)
>
> That is in fact how Ubuntu Core handles this; initrd is fixed, and
> signed. Since we want the same machinery for FDE in Classic that we
> have in Core, its likely this is a reasonable wish :)
well, the split-initrd implementation [1] I did for UC16 and UC18 (that
we in the end did not use for modules but for allowing custom splash
screens from the gadget without having to maintain your own kernel
snap) has been dropped for UC20 due to added complexity with secure
boot in that setup ...
do we plan to bring it back in a new implementation ?
ciao
oli
[1] https://forum.snapcraft.io/t/split-initrd-implementation/2224
