Source: Hacker News
Article note: Ugh, this looks nightmarish.
Single-provider from the trust root through all the software components.
The UKI blob of "all your boot stuff" isn't the worst idea, though if I'm reading correctly, it more or less means you _have_ to bundle all your modules and device tree and such in the image stored on the EFI partition, which causes it's own collection of problems related to size and inflexibility... and the whole blob has to be built and signed upstream unless you do the hostile blood-ritual to enroll your own keys and possibly brick your machine.
Comments 