On Tue, Jan 21, 2020 at 12:29:13AM -0700, Chris Murphy wrote: > What about the on-going cost: downloading ~80M initramfs for each kernel > update; systemd-analyze on NVMe says initrd time is 2.5s for a host-only > ~25M initramfs. No-host-only initramfs is about 3x bigger. If the size to > time relationship is linear, that's a chunk of extra time. Maybe there's a > way to improve the read performance in the bootloader to compensate? I don't see this as an obligatory choice - users should still be free to generate images locally instead. I'm certainly willing to do the work on performance calculations if there's no absolute objection to the idea. > Any expected hardware with TPM2 but without UEFI? Not on x86 - the PC client spec for TPM2 only covers UEFI. > If the first initramfs contains systemd, could systemd start things in > parallel while unpacking a second initramfs? The straightforward implementation involves the kernel unpacking all the initramfs archives before it starts init. In theory we could add functionality to the kernel to expose additional archives to userland rather than have the kernel unpack them, but that's not currently achievable - and it's one of those situations where we'd need to be very careful about ensuring there's no potential for races. > I take it you've found some liability with measuring a locally produced > initramfs? You'd need a trusted mechanism for passing the new initramfs measurements to whatever's verifying the measurements. That's not easy. -- Matthew Garrett | mjg59@xxxxxxxxxxxxx _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
