F39 Change Proposal: Clean Systemd-boot installs (Self-Contained_

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



https://fedoraproject.org/wiki/Changes/cleanup_systemd_install

This document represents a proposed Change. As part of the Changes
process, proposals are publicly announced in order to receive
community feedback. This proposal will only be implemented if approved
by the Fedora Engineering Steering Committee.

== Summary ==
Fedora default installs with a shim + grub bootloader on EFI
platforms, yet has been shipping systemd-boot in various forms for a
number of releases. There are a few howto's which describe how to
replace grub with systemd-boot with varying levels of functionality.
This should be easier with a formalized default method that can be
built upon. This proposal aims to complete the work started with
anaconda (inst.sdboot), kickstart (bootloader --sdboot) such that the
"everything" media can install a grub free machine.

== Owner ==
* Name: [[User:jlinton| Jeremy Linton]]

* Email: <jeremy.linton@xxxxxxx>

* Name: Possibly others since it may touch -comps, systemd-boot, etc


== Detailed Description ==
As a first pass, the 'inst.sdboot' option already in anaconda should
work. As it stands, that replaces grub+shim with the systemd-boot
loader, and moves the kernel + initrd to the EFI system partition
(ESP). It doesn't attempt to create unified kernel images, so the
existing `dnf update`, `kdumpctl`, and `make install` in a kernel
source directory should all work. The vast majority of this work has
been done, leaving only two action items, removing grubby from core,
and merging a shimming package (sdubby) into the fedora repos.

Beyond that there are various enhancements which can be made to remove
the /boot partition (leaving the EFI at /boot/efi), enrolling fedora
keys if the secure boot mode is "Setup", adding options to enable
shim+systemd-boot, assuring that there is a systemd-boot-signed
package, etc.

The advantages of just enabling the systemd-boot loader without UKIs
or restructuring the /boot and /boot/efi mount points result in a
wider range of supported machines and a more familiar environment for
users and applications. AKA, by not changing the HostOnly/initrd build
process the vast majority of UEFI machines are supported.

To be clear the intention isn't to replace grub, but to co-exist
alongside as an alternative bootloader.

== Feedback ==


== Benefit to Fedora ==

Fedora is considered a forward looking distro. As systemd-boot and
UKIs gain traction it should be straightforward for users/testers to
try out this option in their own environments with a well defined
configuration.

Potentially in the future, once secure boot/etc is straightened out
the simpler/cleaner code base may prove to be more secure, or a
consistent set of measured boot PCRs may enable a simpler (for the end
user) encrypted storage environment.

== Scope ==
* Proposal owners:

At the moment two things remain open:

https://pagure.io/fedora-comps/pull-request/838

and:

https://bugzilla.redhat.com/show_bug.cgi?id=2134972

Both of which are largely in the "needs more discussion" state, but
otherwise are complete as they stand.

There is also an open kexec-tools + aarch64 zboot set that needs to be
merged in order to support kdump properly on aarch64 platforms,
although that problem is caused by zboot and affects grub as well.
Zboot is required for systemd-boot at the moment.

* Other developers:


Depending on the results of the discussion above: Its possible the
systemd maintainers, kdumpctl, etc may need changes.

* Release engineering: [https://pagure.io/releng/issues #Releng issue number]

* Policies and guidelines: N/A (not needed for this Change)

* Trademark approval: N/A (not needed for this Change)

* Alignment with Community Initiatives:


== Upgrade/compatibility impact ==

Ideally nothing as we aren't deprecating or changing the shim + grub boot paths.



== How To Test ==

# Have a VM or non critical test machine that can be reinstalled at will.
# Assure secure boot is disabled or in setup mode.
# Pass `inst.sdboot` on the kernel/grub command line presented on the
install media and install as normal.
## possibly adding additional space to the EFI system partition during
partitioning to guarantee there is sufficient space for the number of
bootable kernels active on the machine (~100MB each should be more
than sufficient)
## Alternatively `--sdboot` can be added to the bootloader command in
kickstarts, and the partitions/etc adjusted there
# Use the machine as normal.
# Report issues during upgrades, or with any packages that can't find
kernel images. Everything besides the loader entries, kernel image,
and generated initrds should remain in /boot.


== User Experience ==

Ideally, after the initial install the fedora experience should
generally remain the same. There may be slight differences in boot
timings (at least on aarch64 possibly slightly faster) and the bootctl
utility may have more information and work properly.


== Dependencies ==

Systemd-boot, described in the comps and sdubby review.




== Contingency Plan ==




== Documentation ==


*https://anaconda-installer.readthedocs.io/en/latest/boot-options.html#inst-sdboot

or

*https://pykickstart.readthedocs.io/en/latest/kickstart-docs.html#bootloader

== Release Notes ==



-- 
Aoife Moloney

Product Owner

Community Platform Engineering Team

Red Hat EMEA

Communications House

Cork Road

Waterford
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue




[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Users]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]

  Powered by Linux