28 lines
956 B
ReStructuredText
28 lines
956 B
ReStructuredText
.. index:: UKI
|
|
|
|
Kernel: Unified Kernel Image
|
|
*****************************
|
|
|
|
CoreOS use by default a `Unified Kernel Image (UKI) <https://github.com/siemens/efibootguard/blob/master/docs/UNIFIED-KERNEL.md>`_
|
|
generated by tools from the EFIBootGuard project.
|
|
|
|
An UKI is a EFI app that load in memory multiple artifacts needed by the Linux
|
|
Kernel before loading and booting the Linux Kernel itself:
|
|
|
|
* The kernel commands line is always loaded from the UKI
|
|
* A device-tree file: UKI can contain multiple UKI and will load the one
|
|
matching the device-tree file passed by the firmware.
|
|
|
|
Known Issues and unimplemented feature
|
|
--------------------------------------
|
|
|
|
.. note::
|
|
|
|
Bundling an INITRD image into the UKI is not implemented yet.
|
|
|
|
.. danger::
|
|
|
|
The Unified Kernel Image is signed but CoreOS currently provide no way to
|
|
verify the integrity of the choosed ROOTFS partition as CoreOS doesn't
|
|
provide an end-to-end secure boot solution yet.
|