Removing duplication in /boot - affects kernel development

Daniel Drake dsd at
Wed Mar 7 17:00:38 EST 2012

On Mon, Mar 5, 2012 at 12:32 PM, Paul Fox <pgf at> wrote:
> and if i don't, the machine will be unbootable, i guess?


> is there a way to fall back on the signed zip version of the initrd
> if there's no "plain" version?

We did try to do this, back in the thread "OFW unsecure
kernel/initramfs load from zip file", but it was messy, and the final
cleaner version doesn't do this, in the interests of boot code
unification between secure/unsecure boot. So I think the answer is
"no" there, unfortunately.

Mitch, what are your thoughts?
This is the case where we want to load the kernel from vmlinuz, but
the initramfs from (without signature checking).

>From my perspective, the most ideal thing would to be able to do:
  " last:\boot\" to ramdisk
But I don't know of the challenges behind this. And even if that were
implemented now, we'd then have to require a new firmware for unsecure
boots - I'm not sure if that is something we would accept.

> it would be nice if the script didn't clobber existing plain kernel
> and/or initrd files by default -- then one could install one's new
> kernel and run the script in either order.

Good idea.

> is the duplication problem greater than simply the waste of disk space?

The primary motivation is the space-saving. There is also the smaller
issue that we duplicate boot code in 2 places (e.g. the firmware
update code in olpc.fth in addition to the firmware).


More information about the Devel mailing list