Among the changes being considered for the in-development Fedora 45 is a lightened version of the GRUB UEFI bootloader that would focus on being a minimal implementation suitable for confidential computing.
Red Hat engineers are considering a separate, minimal package of the GRUB bootloader that would be focused just on UEFI boot, UEFI Secure Boot enabled, and the bare minimal number of built-in modules while also being able to handle Unified Kernel Images (UKIs) and the Bootloader Specification (BLS) files.
The standard GRUB bootloader would remain available and the default in Fedora Linux while this lighter version of GRUB would be focused on confidential compute VMs. Due to confidential VMs relying on measured boot and remote attestation, the hope with the "GRUB light" is to maintain the same TPM PCR values longer and thus leading to a more stable confidential computing experience.
Rather than shipping a light version of GRUB, Fedora / Red Hat developers at first considered making use of systemd-boot for confidential VMs but the systemd developers reject adding additional features, systemd-boot isn't as widely tested and fuzzed as GRUB, wanting to avoid maintaining multiple bootloaders in Fedora, and other architecture concerns.
Those wanting to learn more about this proposed light version of GRUB for confidential computing VMs on Fedora Linux moving forward can see the F45 change proposal.
此内容由惯性聚合(RSS阅读器)自动聚合整理,仅供阅读参考。 原文来自 — 版权归原作者所有。