Poettering: Brave new trusted boot world

by
corbet
from LWN.net on (#6543H)
Lennart Poettering has posted adetailed specification for a new approach to "trusted computing"systems.

Central to the proposed design is the concept of a Unified KernelImage (UKI). These UKIs are the combination of a Linux kernelimage, and initrd, a UEFI boot stub program (and further resources,see below) into one single UEFI PE file that can either be directlyinvoked by the UEFI firmware (which is useful in particular in somecloud/Confidential Computing environments) or through a boot loader(which is generally useful to implement support for multiple kernelversions, with interactive or automatic selection of image to bootinto, potentially with automatic fallback management to increaserobustness).

This work is evidently the first in a series that will come out of thenewly formed Linux Userspace APIGroup.

External Content
Source RSS or Atom Feed
Feed Location http://lwn.net/headlines/rss
Feed Title LWN.net
Feed Link https://lwn.net/
Reply 0 comments