Comment by vbezhenar

Comment by vbezhenar 5 days ago

0 replies

View on Hacker News

It is not useless. I'm using UKI, so initrd is built into the kernel binary and signed. I'm not using bootloader, so UEFI checks my kernel signature. My userspace is encrypted and key is stored in TPM, so the whole boot chain is verified.