I've just merged dist-#kernel eclass changes from Andrew Ammerlaan to #Gentoo. They bring support for "generic UKI" (Unified Kernel Image) kernels. These kernels build a preconfigured "generic" initramfs, then combine it along with the kernel into a single EFI executable.

The change is considered experimental and it will be tested on 6.6.x branch first (either in a future release, or a revbump). It adds a new `generic-uki` flag. If it is disabled (the current default), ebuilds work as usual, install the kernel image and then let installkernel take care of generating initramfs.

When you enable USE=generic-uki, the ebuild will create a generic initramfs, combine it with the kernel into a single UKI executable and install that instead. The postinst phase will afterwards extract the kernel image and initramfs from it, so that (depending on configuration) installkernel can either install the prebuilt UKI executable, the prebuilt initramfs or generate a new one.

We are also going to build our binary kernels in generic-uki configuration. The gentoo-kernel-bin ebuild is going to either install that, or if you disable the flag, extract kernel image from the UKI and install it. On the plus side, this means that we'll eventually be able to provide fully signed kernel images that are suitable for secure boot. On the minus side, this means that the distfiles are going to be larger for everyone.