From: Lennart Poettering <lennart@poettering.net>
To: Eric Curtin <ecurtin@redhat.com>
Cc: systemd-devel@lists.freedesktop.org, initramfs@vger.kernel.org,
Yariv Rachmani <yrachman@redhat.com>,
Stephen Smoogen <ssmoogen@redhat.com>,
Douglas Landgraf <dlandgra@redhat.com>
Subject: Re: [RFC] initoverlayfs - a scalable initial filesystem
Date: Mon, 11 Dec 2023 11:07:03 +0100 [thread overview]
Message-ID: <ZXbfR6eyL3XXEACe@gardel-login> (raw)
In-Reply-To: <ZXbdJp1Vz8M8c1MS@gardel-login>
On Mo, 11.12.23 10:57, Lennart Poettering (mzerqung@0pointer.de) wrote:
> Which leaves item 1, which is a bit harder to address. We have been
> discussing this off an on internally too. A generic solution to this
> is hard. My current thinking for this could be something like this,
> covering the UEFI world: support sticking a DDI for the main initrd in
> the ESP. The ESP is per definition unencrypted and unauthenticated,
> but otherwise relatively well defined, i.e. known to be vfat and
> discoverable via UUID on a GPT disk. So: build a minimal
> single-process initrd into the kernel (i.e. UKI) that has exactly the
> storage to find a DDI on the ESP, and set it up. i.e. vfat+erofs fs
> drivers, and dm-verity. Then have a PID 1 that does exactly enough to
> jump into the rootfs stored in the ESP. That latter then has proper
> file system drivers, storage drivers, crypto stack, and can unlock the
> real root. This would still be a pretty specific solution to one set
> of devices though, as it could not cover network boots (i.e. where
> there is just no ESP to boot from), but I think this could be kept
> relatively close, as the logic in that case could just fall back into
> loading the DDI that normally would still in the ESP fully into
> memory.
BTW, one thing I would like to emphasize though. i think this item is
really the last thing you should focus on. If your OS never
transitions out of the initrd, and gets its payload merged in via
DDIs, then the root fs should be reasonably small enough and "fully
used at boot" (i.e. every sector read anyway) that doing this extra
work of finding a split-out DDI on the ESP is entirely unnecessary and
just a waste of time (both of developer time and boot time).
Lennart
--
Lennart Poettering, Berlin
next prev parent reply other threads:[~2023-12-11 10:16 UTC|newest]
Thread overview: 49+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-12-08 17:59 [RFC] initoverlayfs - a scalable initial filesystem Eric Curtin
2023-12-09 12:46 ` Luca Boccassi
2023-12-09 14:42 ` Eric Curtin
2023-12-09 14:56 ` Andrei Borzenkov
2023-12-09 15:07 ` Eric Curtin
2023-12-09 15:22 ` Daan De Meyer
2023-12-09 15:46 ` Eric Curtin
2023-12-09 17:19 ` Luca Boccassi
2023-12-09 17:24 ` Eric Curtin
2023-12-09 17:46 ` Luca Boccassi
2023-12-09 17:57 ` Eric Curtin
2023-12-09 18:11 ` Luca Boccassi
2023-12-09 18:26 ` Eric Curtin
2023-12-11 9:57 ` Lennart Poettering
2023-12-11 10:07 ` Lennart Poettering [this message]
2023-12-11 11:20 ` Eric Curtin
2023-12-11 11:28 ` Eric Curtin
2023-12-11 11:42 ` Eric Curtin
2023-12-11 11:58 ` Lennart Poettering
2023-12-11 11:51 ` Lennart Poettering
2023-12-11 12:48 ` Eric Curtin
2023-12-11 12:52 ` Eric Curtin
2023-12-12 17:37 ` Lennart Poettering
2023-12-12 17:40 ` Lennart Poettering
2023-12-12 19:05 ` Demi Marie Obenour
2023-12-11 16:28 ` Demi Marie Obenour
2023-12-11 17:03 ` Eric Curtin
2023-12-11 17:46 ` Demi Marie Obenour
2023-12-12 18:00 ` Lennart Poettering
2023-12-12 20:34 ` Nils Kattenbeck
2023-12-12 20:48 ` Eric Curtin
2023-12-12 21:02 ` Lennart Poettering
2023-12-12 22:01 ` Nils Kattenbeck
2023-12-13 9:03 ` Lennart Poettering
2023-12-14 1:17 ` Nils Kattenbeck
2023-12-16 14:34 ` Lennart Poettering
2023-12-11 17:33 ` Neal Gompa
2023-12-11 20:15 ` Luca Boccassi
2023-12-11 20:43 ` Demi Marie Obenour
2023-12-11 20:58 ` Luca Boccassi
2023-12-11 21:20 ` Demi Marie Obenour
2023-12-11 21:45 ` Luca Boccassi
2023-12-12 3:47 ` Paul Menzel
2023-12-12 3:56 ` Paul Menzel
2023-12-12 15:26 ` Paul Menzel
2023-12-11 21:24 ` Eric Curtin
2023-12-12 17:50 ` Lennart Poettering
-- strict thread matches above, loose matches on Subject: below --
2023-12-18 21:59 Askar Safin
[not found] ` <CAOgh=FyA94-7YqGpsAqVQjadegRusoAvRhD=t-ipzVWN0CiJRQ@mail.gmail.com>
2023-12-18 23:31 ` Askar Safin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ZXbfR6eyL3XXEACe@gardel-login \
--to=lennart@poettering.net \
--cc=dlandgra@redhat.com \
--cc=ecurtin@redhat.com \
--cc=initramfs@vger.kernel.org \
--cc=ssmoogen@redhat.com \
--cc=systemd-devel@lists.freedesktop.org \
--cc=yrachman@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox