Thu Sep 19 06:10:00 UTC 2024: ## Debian Users Can Now Enjoy Unified Kernel Images (UKIs) for Enhanced Boot Security

**[City, State] – September 19, 2024** – Debian users who rely on systemd-boot as their bootloader can now benefit from Unified Kernel Images (UKIs), a streamlined and secure way to boot their systems.

UKIs combine the boot stub program, kernel image, initrd, and other essential resources into a single UEFI PE file, eliminating the need for complex configuration and offering enhanced security through secure boot integration.

This new method requires a few simple steps:

1. **Install the systemd-ukify package:** This package enables the generation and management of UKIs.
2. **Configure the UKI generation process:** Create a configuration file in /etc/kernel/install.conf to specify the UKI generator and other settings.
3. **Define the kernel command line:** Create another configuration file in /etc/kernel/uki.conf to specify the kernel command line for the UKI image.
4. **Regenerate the UKI image:** Run a command to regenerate the UKI image for the currently running kernel.
5. **Verify the UKI entry:** Use the bootctl list command to confirm the presence of a Type #2 entry for the current kernel.
6. **Remove old boot entries:** Remove any Type #1 entries using the bootctl unlink command.
7. **Reboot:** Reboot your system to boot from the UKI-based image.

While this guide focuses on UKI generation, signing the UKI image for secure boot is also possible and can be configured during the setup process. This new feature empowers Debian users with a more secure and simplified boot experience.

Read More