Am 05.08.24 um 11:07 schrieb Vitaly Kuznetsov:
Julian Sikorski <belegdol@xxxxxxxxx> writes:
Hi list,
I recently got curious about unified kernel images and what they bring
to the table. While informing myself about these, the following
questions came to mind:
- ESP partition size: my laptop has it set at 260 MB by the laptop
vendor, my desktop has it at 100 MB. Recommendation is 200 to 500 MB
[0]. This seems too little, given that now the /boot partition on my
desktop is 512 MB full with 3 kernels installed. Or are the UKIs packed
more efficiently? Moreover, resizing ESP is somewhat challenging due to
a parted bug [1][2]. Are there plans to make this more user-friendly
once UKIs become more prevalent?
Hey Julian,
are you trying 'kernel-uki-virt' package or building your own UKI? With
'kernel-uki-virt' we're mostly targeting virtualized and cloud
environments but bare metal can certainly be tried too! The size of the
packaged vmlinuz-virt.efi is 68Mb now so if you keep three of them in
your ESP, you need 210Mb or so. 256 MB feels limiting but I don't think
anything prevents from creating a bigger ESP. I'm not sure about
resizing partitions but if you're ready to wipe out your hard drive
completely, it should work.
Hi Vitaly,
I was referring to trying out `kernel-uki-virt`. I have now bit the
bullet and installed it on my laptop with 260 MiB ESP. System has booted
normally, except that there was a lot more console output than with
grub. I guess this make sense if cloud images are the primary target here.
With one UKI kernel I am already at 100 MiB full, meaning that trying
that on my desktop is out of question for the moment as I do not have
the spare capacity to wipe out the entire drive. On my desktop I have
actually already increased the partition to 500 MiB, but due to the bug
mentioned earlier the filesystem is still at 100 MiB. Looks like it
might need to be looked into if the UKI is ever considered default for
Workstation. 100 MiB is lower than current Microsoft default, but I
guess it was the default for 512 byte sector drives back when I
installed it. I am guessing nobody cared for the parted bug until now
because except for the ESP, dealing with tiny FAT16 partitions is hardly
a frequent use case.
- does UKI work with third-party kernel modules like nvidia?
Yes, there's no difference between the traditional kernel layout and UKI
if you want to use third party modules. The only issue (not specific to
UKI) is SecureBoot. If you want to keep it on, you may need to either
enroll your key into SecureBoot 'db' (possible on virtualized and cloud
environments) or deal with 'MOK' (the only sane option for bare metal).
I am already doing it for my desktop machine for nvidia and xone modules
so I am happy to hear it should keep working as expected. Does mokutil
enroll MOKs in a way that they are also usable by the direct boot
option? I could never see my MOK key listed in the UEFI setup yet it was
working as expected.
- grub-less UKIs mean updating efivars with every kernel update. GRUB
developers expressed concerns this might wear down the NVRAM chips. Was
this ever looked into in more detail?
With 'kernel-uki-virt' we're targeting virtualized and cloud
environments where NVRAM is virtual so it's not an issue. It may (in
theory) represent a problem for certain bare metal scenarios, in that
case I would recommend using a bootloader between UEFI and UKI. As grub
is not capable of booting UKIs (I remember seeing patches doing this but
I'm not sure they were merged upstream/in Fedora) something like
systemd-boot can be used. The merging 'nmbl' bootloader should also be
capable of booting UKIs from day 1 (AFAIU).
(Personally, I'm not sure NVRAM wear is a real world problem. AFAIU,
different NVRAMs support 10000 to 500000 write cycles. For example, koji
tells we that there were 173 kernel built for Fedora-39. Even 10000
cycles will allow you to use 57 Fedora versions and this is likely
beyond the life expectancy of any hardware.)
I was thinking about bare metal. Fair enough. The only reason for my
paranoia is that once NVRAM stops working, the machine is realistically
a paperweight. In other words, once one realizes that the manufacturer
has used subpar nvram, it is effectively too late. Having said that,
having efivars updated twice per kernel update could be fewer writes
than every time Windows is booted, depending on how often one actually
boots Windows.
In any case, it is an exciting new development and I am interested to
experience what it brings in the future.
Best regards,
Julian
--
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue