I am a pretty big fan of “composed/controlled/managed” systems like Atomic Desktops.
As I only into Linux since a couple of years, I also like to have a system that “just works”.
But still, the more I read into it, the systemd dominance is a bit scary.
Unlike the Linux kernel, the systemd API surface is large, and there are more and more projects like Desktop Environments kinda enforcing it.
In my understanding, computer security can only come from simple code that is understandable. The Linux Kernel… not really that. Grub2, systemd, glibc… probably not either.
So using simpler solutions sounds like a good idea.
The limine bootloader may be such a project.
It is very simple, with limited support for filesystems, and a couple of security features like
- verifying the integrity of the kernel with a signature
- being able to store that signature in the EFI executable, so that tampering is not possible with a secure firmware
It is restricted though. EXT4 is only barely supported, so having a FAT32 /boot partition would be the way to go. It cannot be encrypted, but can be verified, I am not sure what implications this has. There is no support for encrypted boot in grub2 either.
@ericzhang456 made a COPR here, no recent builts but they went fine
https://copr.fedorainfracloud.org/coprs/ericzhang456/limine/
What do you think about this? Is systemd-boot the future that Fedora wants?