No more boot loader: Please use the kernel instead DevConf.CZ
pretalx.com
We are working on a new scheme to replace the GRUB bootloader with a fast, secure, Linux-based, user-space solution: nmbl (for no more boot loader). Most people are familiar with GRUB, a powerful, flexible, fully-featured bootloader that is used on multiple architectures (x86_64, aarch64, ppc64le OpenFirmware). Although GRUB is quite versatile and capable, its features create complexity that is difficult to maintain, and that both duplicate and lag behind the Linux kernel while also creating numerous security holes. On the other hand, the Linux kernel, which has a large developer base, benefits from fast feature development, quick responses to vulnerabilities and greater overall scrutiny. We (Red Hat boot loader engineering) will present our solution to this problem, which is to use the Linux kernel as its own bootloader. Loaded by the EFI stub on UEFI, and packed into a unified kernel image (UKI), the kernel, initramfs, and kernel command line, contain everything they need to reach the final boot target. All necessary drivers, filesystem support, and networking are already built in and code duplication is avoided. We will showcase the work done so far, and ask you for your feedback and use cases.
  • Lvxferre@mander.xyz
    5·
    4 months ago

    Yeah, nah. This only throws more complexity under the rug.

    Among other stuff, whatever is booting your computer needs to 1) find the kernels that you have, 2) find any other OS that you might have, and 3) allow the user to pick one of those. You can either use a specific tool for that (bootloader) or dump those roles into the kernel, but you can’t get rid of them without breaking a lot of stuff.

    what about secure boot?

    Regardless of the above, the owner of a device should be able to turn secure boot off; devices not allowing so are broken by design, to prevent your full ownership over it.

    GRUB2 is really complicated.

    Part of the complexity is intrinsic, as explained. And if you’re concerned about the additional complexity from the implementation, the solution is a different bootloader, not ditching the concept altogether.

    I stopped watching the video at 8:22, as she was talking about bugs.

    The simpler solution is to simply pour more development into GRUB2, not to throw the problem into the kernel devs’ hands, as if it was some sort of hot potato.