From Fedora Project Wiki
No edit summary
(add release note ticket)
 
(12 intermediate revisions by 3 users not shown)
Line 1: Line 1:
{{admon/important | Comments and Explanations | The page source contains comments providing guidance to fill out each section. They are invisible when viewing this page. To read it, choose the "view source" link.<br/> '''Copy the source to a ''new page'' before making changes!  DO NOT EDIT THIS TEMPLATE FOR YOUR CHANGE PROPOSAL.'''}}
{{admon/tip | Guidance | For details on how to fill out this form, see the [https://docs.fedoraproject.org/en-US/program_management/changes_guide/ documentation].}}
{{admon/tip | Report issues | To report an issue with this template, file an issue in the [https://pagure.io/fedora-pgm/pgm_docs pgm_docs repo].}}
<!-- The actual name of your proposed change page should look something like: Changes/Your_Change_Proposal_Name.  This keeps all change proposals in the same namespace -->
<!-- The actual name of your proposed change page should look something like: Changes/Your_Change_Proposal_Name.  This keeps all change proposals in the same namespace -->


= Clean Systemd-boot installs =
= Clean Systemd-boot installs =


{{Change_Proposal_Banner}}


== Summary ==
== Summary ==
Fedora default installs with a shim + grub bootloader on EFI platforms, yet has been shipping systemd-boot in various forms for a number of releases. There are a few howto's which describe how to replace grub with systemd-boot with varying levels of functionality. This should be easier, with a formalized default method that can be built upon. This proposal aims to complete the work started with anaconda (inst.sdboot), kickstart (bootloader --sdboot) such that the "everything" media can install a grub free machine.
Fedora default installs with a shim + grub bootloader on EFI platforms, yet has been shipping systemd-boot in various forms for a number of releases. There are a few howto's which describe how to replace grub with systemd-boot with varying levels of functionality. This should be easier with a formalized default method that can be built upon. This proposal aims to complete the work started with anaconda (inst.sdboot), kickstart (bootloader --sdboot) such that the "everything" media can install a grub free machine.


== Owner ==
== Owner ==
Line 25: Line 18:


== Current status ==
== Current status ==
[[Category:ChangePageIncomplete]]
[[Category:ChangeAcceptedF39]]
<!-- When your change proposal page is completed and ready for review and announcement -->
<!-- When your change proposal page is completed and ready for review and announcement -->
<!-- remove Category:ChangePageIncomplete and change it to Category:ChangeReadyForWrangler -->
<!-- remove Category:ChangePageIncomplete and change it to Category:ChangeReadyForWrangler -->
Line 43: Line 36:
ON_QA -> change is fully code complete
ON_QA -> change is fully code complete
-->
-->
* [<will be assigned by the Wrangler> devel thread]
* [https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org/thread/624CXXKVVN3QJODQQMO23I4BJ2QU7DA7/ devel thread]
* FESCo issue: <will be assigned by the Wrangler>
* FESCo issue: [https://pagure.io/fesco/issue/3022 #3022]
* Tracker bug: <will be assigned by the Wrangler>
* Tracker bug: [https://bugzilla.redhat.com/show_bug.cgi?id=2233234 #2233234]
* Release notes tracker: <will be assigned by the Wrangler>
* Release notes tracker: [https://pagure.io/fedora-docs/release-notes/issue/1014 #1014]


== Detailed Description ==
== Detailed Description ==
As a first pass, the 'inst.sdboot' option already in anaconda should work. As it stands, that replaces grub+shim with the systemd-boot loader, and moves the kernel + initrd to the EFI system partition (ESP). It doesn't attempt to create unified kernel images, so the existing `dnf update`, kdumpctl, `make install` in a kernel source directory should all work. The vast majority of this work has been done, leaving only two action items, removing grubby from core, and merging a shimming package (sdubby) into the fedora repos.
As a first pass, the 'inst.sdboot' option already in anaconda should work. As it stands, that replaces grub+shim with the systemd-boot loader, and moves the kernel + initrd to the EFI system partition (ESP). It doesn't attempt to create unified kernel images. The existing `dnf update`, `kdumpctl`, and `make install` in a kernel source directory should all work. The vast majority of this work has been done, leaving only two action items, removing grubby from core, and merging a shimming package (sdubby) into the fedora repos.


Beyond that there are various enhancements which can be made to remove the /boot partition (leaving the EFI at /boot/efi), enrolling fedora keys if the secure boot mode is "Setup", adding options to enable shim+systemd-boot, assuring that there is a systemd-boot-signed package, etc.
Beyond that there are various enhancements which can be made to remove the /boot partition (leaving the EFI at /boot/efi), enrolling fedora keys if the secure boot mode is "Setup", adding options to enable shim+systemd-boot, assuring that there is a systemd-boot-signed package, etc.


The advantages of just enabling the systemd-boot loader without UKIs or restructuring the /boot and /boot/efi mount points result in a wider range of supported machines and a more familiar environment for users and applications. AFA, by not changing the HostOnly initrd build process the vast majority of UEFI machines are supported.
The advantages of just enabling the systemd-boot loader without UKIs or restructuring the /boot and /boot/efi mount points result in a wider range of supported machines and a more familiar environment for users and applications. AKA, by not changing the HostOnly/initrd build process the vast majority of UEFI machines are supported.
 
To be clear the intention isn't to replace grub, but to co-exist alongside as an alternative bootloader.
 


To be clear, the intention isn't to replace grub, but to co-exist alongside as an alternative bootloader.


== Feedback ==
== Feedback ==
Line 82: Line 73:
Both of which are largely in the "needs more discussion" state, but otherwise are complete as they stand.
Both of which are largely in the "needs more discussion" state, but otherwise are complete as they stand.


There is also an open kexec-tools + aarch64 zboot set that needs to be merged in order to support kdump properly on aarch64 platforms, although that problem is caused by zboot enablement and affects grub as well. Zboot is required for systemd-boot at the moment.
There is also an open kexec-tools + aarch64 zboot set that needs to be merged in order to support kdump properly on aarch64 platforms, although that problem is caused by zboot and affects grub as well. Zboot is required for systemd-boot at the moment.


* Other developers: <!-- REQUIRED FOR SYSTEM WIDE CHANGES -->
* Other developers: <!-- REQUIRED FOR SYSTEM WIDE CHANGES -->
Line 88: Line 79:


Depending on the results of the discussion above: Its possible the systemd maintainers, kdumpctl, etc may need changes.
Depending on the results of the discussion above: Its possible the systemd maintainers, kdumpctl, etc may need changes.


* Release engineering: [https://pagure.io/releng/issues #Releng issue number] <!-- REQUIRED FOR SYSTEM WIDE CHANGES -->
* Release engineering: [https://pagure.io/releng/issues #Releng issue number] <!-- REQUIRED FOR SYSTEM WIDE CHANGES -->
Line 111: Line 101:


== How To Test ==
== How To Test ==
<!-- This does not need to be a full-fledged document. Describe the dimensions of tests that this change implementation is expected to pass when it is done.  If it needs to be tested with different hardware or software configurations, indicate them.  The more specific you can be, the better the community testing can be.
Remember that you are writing this how to for interested testers to use to check out your change implementation - documenting what you do for testing is OK, but it's much better to document what *I* can do to test your change.
A good "how to test" should answer these four questions:
0. What special hardware / data / etc. is needed (if any)?
1. How do I prepare my system to test this change? What packages
need to be installed, config files edited, etc.?
2. What specific actions do I perform to check that the change is
working like it's supposed to?
3. What are the expected results of those actions?
-->


# Have a VM or non critical test machine that can be reinstalled at will.
# Have a VM or non critical test machine that can be reinstalled at will.
Line 132: Line 109:
# Use the machine as normal.
# Use the machine as normal.
# Report issues during upgrades, or with any packages that can't find kernel images. Everything besides the loader entries, kernel image, and generated initrds should remain in /boot.
# Report issues during upgrades, or with any packages that can't find kernel images. Everything besides the loader entries, kernel image, and generated initrds should remain in /boot.
<!-- REQUIRED FOR SYSTEM WIDE CHANGES -->




Line 148: Line 122:
  - Green has been scientifically proven to be the most relaxing color. The move to a default background color of green with green text will result in Fedora users being the most relaxed users of any operating system.
  - Green has been scientifically proven to be the most relaxing color. The move to a default background color of green with green text will result in Fedora users being the most relaxed users of any operating system.
-->
-->
Ideally, after the initial install the fedora experience should generally remain the same. There may be slight differences in boot timings (at least on aarch64 possibly slightly faster) and the bootctl utility may have more information.
Ideally, after the initial install the fedora experience should generally remain the same. There may be slight differences in boot timings (at least on aarch64 possibly slightly faster) and the bootctl utility may have more information and work properly.
 


== Dependencies ==
== Dependencies ==
Line 175: Line 148:
<!-- Is there upstream documentation on this change, or notes you have written yourself?  Link to that material here so other interested developers can get involved. -->
<!-- Is there upstream documentation on this change, or notes you have written yourself?  Link to that material here so other interested developers can get involved. -->


https://anaconda-installer.readthedocs.io/en/latest/boot-options.html#inst-sdboot
*https://anaconda-installer.readthedocs.io/en/latest/boot-options.html#inst-sdboot
 
or
or
https://pykickstart.readthedocs.io/en/latest/kickstart-docs.html#bootloader


<!-- REQUIRED FOR SYSTEM WIDE CHANGES -->
*https://pykickstart.readthedocs.io/en/latest/kickstart-docs.html#bootloader
N/A (not a System Wide Change)


== Release Notes ==
== Release Notes ==

Latest revision as of 23:41, 28 September 2023


Clean Systemd-boot installs

Summary

Fedora default installs with a shim + grub bootloader on EFI platforms, yet has been shipping systemd-boot in various forms for a number of releases. There are a few howto's which describe how to replace grub with systemd-boot with varying levels of functionality. This should be easier with a formalized default method that can be built upon. This proposal aims to complete the work started with anaconda (inst.sdboot), kickstart (bootloader --sdboot) such that the "everything" media can install a grub free machine.

Owner

  • Name: Jeremy Linton
  • Name: Possibly others since it may touch -comps, systemd-boot, etc
  • Email: <jeremy.linton@arm.com>


Current status

Detailed Description

As a first pass, the 'inst.sdboot' option already in anaconda should work. As it stands, that replaces grub+shim with the systemd-boot loader, and moves the kernel + initrd to the EFI system partition (ESP). It doesn't attempt to create unified kernel images. The existing dnf update, kdumpctl, and make install in a kernel source directory should all work. The vast majority of this work has been done, leaving only two action items, removing grubby from core, and merging a shimming package (sdubby) into the fedora repos.

Beyond that there are various enhancements which can be made to remove the /boot partition (leaving the EFI at /boot/efi), enrolling fedora keys if the secure boot mode is "Setup", adding options to enable shim+systemd-boot, assuring that there is a systemd-boot-signed package, etc.

The advantages of just enabling the systemd-boot loader without UKIs or restructuring the /boot and /boot/efi mount points result in a wider range of supported machines and a more familiar environment for users and applications. AKA, by not changing the HostOnly/initrd build process the vast majority of UEFI machines are supported.

To be clear, the intention isn't to replace grub, but to co-exist alongside as an alternative bootloader.

Feedback

Benefit to Fedora

Fedora is considered a forward looking distro. As systemd-boot and UKIs gain traction it should be straightforward for users/testers to try out this option in their own environments with a well defined configuration.

Potentially in the future, once secure boot/etc is straightened out the simpler/cleaner code base may prove to be more secure, or a consistent set of measured boot PCRs may enable a simpler (for the end user) encrypted storage environment.

Scope

  • Proposal owners:

At the moment two things remain open:

https://pagure.io/fedora-comps/pull-request/838

and:

https://bugzilla.redhat.com/show_bug.cgi?id=2134972

Both of which are largely in the "needs more discussion" state, but otherwise are complete as they stand.

There is also an open kexec-tools + aarch64 zboot set that needs to be merged in order to support kdump properly on aarch64 platforms, although that problem is caused by zboot and affects grub as well. Zboot is required for systemd-boot at the moment.

  • Other developers:

Depending on the results of the discussion above: Its possible the systemd maintainers, kdumpctl, etc may need changes.

  • Policies and guidelines: N/A (not needed for this Change)
  • Trademark approval: N/A (not needed for this Change)
  • Alignment with Community Initiatives:

Upgrade/compatibility impact

Ideally nothing as we aren't deprecating or changing the shim + grub boot paths.


How To Test

  1. Have a VM or non critical test machine that can be reinstalled at will.
  2. Assure secure boot is disabled or in setup mode.
  3. Pass inst.sdboot on the kernel/grub command line presented on the install media and install as normal.
    1. possibly adding additional space to the EFI system partition during partitioning to guarantee there is sufficient space for the number of bootable kernels active on the machine (~100MB each should be more than sufficient)
    2. Alternatively --sdboot can be added to the bootloader command in kickstarts, and the partitions/etc adjusted there
  4. Use the machine as normal.
  5. Report issues during upgrades, or with any packages that can't find kernel images. Everything besides the loader entries, kernel image, and generated initrds should remain in /boot.


User Experience

Ideally, after the initial install the fedora experience should generally remain the same. There may be slight differences in boot timings (at least on aarch64 possibly slightly faster) and the bootctl utility may have more information and work properly.

Dependencies

Systemd-boot, described in the comps and sdubby review.



Contingency Plan

Tell users that the install option remains incomplete and point them at how to manually edit comps and pull down the copr repos needed. Similar to the existing systemd-boot HOWTOs.

  • Contingency mechanism: N/A (not a System Wide Change)
  • Contingency deadline: N/A (not a System Wide Change)
  • Blocks release? N/A (not a System Wide Change), Yes/No


Documentation

or

Release Notes

Retrieved from "https://fedoraproject.org/w/index.php?title=Changes/cleanup_systemd_install&oldid=690554"