4️⃣ Here's the 4th post highlighting key new features of the upcoming v257 release of systemd. #systemd257
One of the key features of systemd we have talked about in the past years are UKIs, i.e. "unified kernel images", which is a combination of a Linux kernel, an initrd, and more into a single unified PE binary, that can be signed as a whole for SecureBoot, measured as a whole and updated as a whole.
In my PoV UKIs are a central concept of securing the Linux boot process.
But: they do have some disadvantages. They typically imply (not strictly, but typically) that they are built on OS vendor build systems instead of locally. This is different from the status quo ante, where the initrd is typically built on the deployed system (at least on generic distros), and thus highly adapted to the local system.
UKIs being vendor-built hence means they are a lot more rigid, less flexible than the traditional way. So far this meant you'd have to settle…