On Thu, Dec 09, 2021 at 09:21:35AM +1300, Michael Hudson-Doyle wrote: > On Thu, 9 Dec 2021 at 08:52, Julian Andres Klode <julian.kl...@canonical.com> > wrote: > > > The most interesting solution would be to create the cpip archive > > dynamically by giving cpio a list of files over a pipe that we create > > dynamically in the hooks as we copy files in, then pipe that to zstd > > --adapt; then it would all work super nicely. > > > > If we're going to spend significant effort, I think I'd prefer we try to > find a way to not recompress the modules when making the initrd at all, at > least for MODULES=most builds. We could just ship a zstd -19'ed > MODULES=most cpio archive in the kernel packaging and have four layers of > initrd (intel firmware, amd64 firmware, modules, everything else) but that > would bloat the kernel package rather a lot...
I'd kind of like us to ship "default" initramfs in like linux-initrd-$uname-r and linux-initrd-generic and so on. Maybe even signed somehow so that the kernel can verify its integrity when booting. Such that booting with authenticated FDE is fully authenticated. But oh well, those are all long term wishes :) -- debian developer - deb.li/jak | jak-linux.org - free software dev ubuntu core developer i speak de, en -- ubuntu-devel mailing list ubuntu-devel@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel
