Skip to content

ephemeral: Fix UKI detection to look inside kernel version subdirectories#190

Merged
cgwalters merged 1 commit intobootc-dev:mainfrom
cgwalters:sdboot
Jan 26, 2026
Merged

ephemeral: Fix UKI detection to look inside kernel version subdirectories#190
cgwalters merged 1 commit intobootc-dev:mainfrom
cgwalters:sdboot

Conversation

@cgwalters
Copy link
Collaborator

@cgwalters cgwalters commented Jan 22, 2026
edited
Loading

UKI files are located at /usr/lib/modules//.efi, not directly in /usr/lib/modules/. Update the kernel/initramfs detection loop to search inside version subdirectories for .efi files.

This enables ephemeral boot for "pure UKI" images that ship only a Unified Kernel Image without separate vmlinuz/initramfs.img files.

Note: UKI boot extracts kernel/initramfs using objcopy, which breaks the signature chain. Secure Boot is not supported for ephemeral runs. See docs/todo/ephemeral-uefi.md for future UEFI boot work.

Closes: #161

Assisted-by: OpenCode (Claude Sonnet 4)

@cgwalters cgwalters changed the title ephemeral: Fix UKI detection to look inside kernel version subdirecto… ephemeral: Fix UKI detection to look inside kernel version subdirectories Jan 22, 2026
gemini-code-assist[bot]
gemini-code-assist bot reviewed Jan 22, 2026
View reviewed changes
Copy link

@gemini-code-assist gemini-code-assist bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This pull request significantly improves UKI detection by correctly searching for .efi files within kernel version subdirectories, enabling ephemeral boot for pure UKI images. The introduction of the new crates/kit/src/kernel.rs module is a great enhancement, centralizing kernel detection logic in a clean, testable, and sandboxed manner. The refactoring in crates/kit/src/run_ephemeral.rs to use this new module is well-executed and improves code maintainability.

The changes are thoroughly validated with new integration tests and a dedicated Dockerfile fixture. I also appreciate the detailed documentation in docs/todo/ephemeral-uefi.md, which provides valuable context on the current implementation's limitations and a clear roadmap for future UEFI boot support. Overall, this is a high-quality contribution. I have one minor formatting suggestion for the new documentation file.

@cgwalters
ephemeral: Fix UKI detection to look inside kernel version subdirecto…
6ef8a01 
…ries

UKI files are located at /usr/lib/modules/<version>/<version>.efi, not
directly in /usr/lib/modules/. Update the kernel/initramfs detection
loop to search inside version subdirectories for .efi files.

This enables ephemeral boot for "pure UKI" images that ship only a
Unified Kernel Image without separate vmlinuz/initramfs.img files.

Note: UKI boot extracts kernel/initramfs using objcopy, which breaks
the signature chain. Secure Boot is not supported for ephemeral runs.
See docs/todo/ephemeral-uefi.md for future UEFI boot work.

Closes: bootc-dev#161

Assisted-by: OpenCode (Claude Sonnet 4)
Signed-off-by: Colin Walters <walters@verbum.org>
@cgwalters cgwalters enabled auto-merge (rebase) January 22, 2026 21:27
@cgwalters cgwalters mentioned this pull request Jan 23, 2026
Merged
@cgwalters cgwalters merged commit ac5d74a into bootc-dev:main Jan 26, 2026
17 of 22 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@gursewak1997 gursewak1997 gursewak1997 approved these changes

+1 more reviewer

@gemini-code-assist gemini-code-assist[bot] gemini-code-assist[bot] left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Change ephemeral to still use systemd-boot if detected

2 participants

@cgwalters @gursewak1997