[$] Systemd takes steps toward a more secure boot process

The systemd project has been working for some time onpromotingunified kernelimages (UKIs), a format that bundles a kernel, initial disk image, kernel command line, andother associated data into a single file. The advantage of the format is the ability toauthenticate the entire collection with secure boot, which makes it easier forend users to know that their operating system hasn't been tampered with. Thedownside is the lack of flexibility and increase in disk usage, since all of thethings packaged in a UKI must be updated together. But therecent systemd 257 release (along with other changes to be covered in a future article) includes somemajor changes to the UKI format, and the rest of the boot process, thatpartially mitigate those downsides. The release also includes improvements forhardware-locked disk encryption, which may also help secure some computers.