Am 10.09.24 um 13:15 schrieb Nicolas Chauvet:
Le ven. 6 sept. 2024 à 16:56, Julian Sikorski via rpmfusion-developers
<[email protected]> a écrit :
Hi Sergio,
I know it is - my question is why it was chosen over config files. The
reason I am asking is that the kernel command line method does not work
with UKI. Apologies if this was not clear.
While I know that UKI is an extremely niche use case, if there are no
downsides to using config files, there is little rationale not to switch.
Hi,
Thanks for raising this point.
Is there a way to detect that the uki boot method is being used ?
For me, it comes as a surprise that UKI "deprecates" a valid and well
documented method to deal with kernel cmdline options.
I can understand that it's hard for uki to protect the cmdline given
their security premises, but maybe they should work better on that
front...
They are at least two major reasons for us to keep using kernel
cmdline rather than modprobe.d/nvidia.conf:
- It allows end-users to switch nvidia to nouveau from cold-boot
removing the cmdline
It's particularly useful for disaster recovery , specially when it
comes, but not limited to, rootfs encrypted recovery or any
graphical/display regression.
- It is totally stateless in that it doesn't requires any
configuration changes from the rootfs.
- And specially it doesn't requires to recreate the dracut image (on
normal installation) to embed the nouveau blocklist into the
initramfs.
That's to avoid a range of potential error on the end-users system.
Knowing that, would it be possible to suggest UKI to unblock the
modprobe.blacklist=nouveau cmdline options. We already have a fallback
mechanism that will force nouveau back, so using that option as a
thread vector is without object.
Hope this helps.
Hi Nicolas,
thank you for explaining the rationale for using the kernel
command-line. It makes sense now.
If I am understanding correctly, currently the focus of UKI are
predominantly cloud VMs. Bare metal installs more likely to use nvidia
binary drivers just happen to work. Quoting the feature page [1]:
Bare metal hardware with standard storage (ahci / nvme) should work too.
I got curious and decided to test it and report my findings, in case
they are interesting for future phases.
As to whether allowing module blacklisting could be allowed for UKI, I
have copied Gerd. I am a strong proponent of direct communication.
Best regards,
Julian
[1] https://fedoraproject.org/wiki/Changes/Unified_Kernel_Support_Phase_2
_______________________________________________
rpmfusion-developers mailing list -- [email protected]
To unsubscribe send an email to [email protected]
