Session
Recent systemd releases have introduced several new features to improve secure boot and add support for use cases around “Image-Based Linux”. Yet, adoption of these features in the embedded Linux world is slow. This talk tours a couple of these features and discusses their potential to simplify common embedded or edge computing use cases. We will explore recently added secure boot components (unified kernel images, systemd-boot, systemd’s initramfs services, systemd-repart) in a Yocto environment. Some of these new components were developed for non-embedded use cases, and we will need to deploy them in slightly different scenarios. We will discuss the remaining challenges and unsolved parts. The result is a sketch towards a turn-key solution to secure user-space for embedded Linux devices – and a TODO list of what is left to be done.