Post Syndicated from original https://lwn.net/Articles/912370/

Lennart Poettering has posted a
detailed specification for a new approach to “trusted computing”
systems.

Central to the proposed design is the concept of a Unified Kernel
Image (UKI). These UKIs are the combination of a Linux kernel
image, and initrd, a UEFI boot stub program (and further resources,
see below) into one single UEFI PE file that can either be directly
invoked by the UEFI firmware (which is useful in particular in some
cloud/Confidential Computing environments) or through a boot loader
(which is generally useful to implement support for multiple kernel
versions, with interactive or automatic selection of image to boot
into, potentially with automatic fallback management to increase
robustness).

This work is evidently the first in a series that will come out of the
newly formed Linux Userspace API
Group.