Software

OSes

Version 252 of systemd, as expected, locks down the Linux boot process

The init system that everybody loves to hate


The fall version of systemd is here, with support for increased boot security, including tightened full-disk encryption.

The 113th version has the usual long feature list of very specific, targeted elements outlined in the release announcement. However, as one might expect following recent events, several of the headline features relate to the new UKI fully signed boot process.

UKI is short for "Unified Kernel Image" and combines the Linux kernel and initrd into a single file, along with some other smaller components, allowing the whole thing to be cryptographically signed. The purpose is to tighten up security on the Linux boot process.

This version also has new functions and modules concerned with manipulating the Platform Configuration Registers (PCRs) of Trusted Platform Module 2.0 chips – as also favored by VMware as well as Windows Server and Windows 11, unless you use Rufus or other tools to turn this off.

The enhanced TPM2 support will enable linking a drive's encryption keys to the keys held in compatible firmware so that an encrypted disk can be unlocked automatically during boot – but can't be unlocked by other distros. The result will be improved security for users, especially corporate users, but we foresee this hindering data-recovery efforts.

There is improved support for picking up data from the hypervisor while VMs are starting, as well as for booting RISC-V machines. The systemd-boot module now supports starting a 64-bit kernel on 32-bit UEFI, which may help owners of older Intel Macs. Some early models, no longer supported by macOS, make it very tricky to run Linux. Not many distros use this, though. So far, The Reg FOSS desk has only seen it in Pop!_OS, though there could well be others.

A new feature that will upset some but we feel could prove useful is detecting when the OS passes its end-of-life date then sets a "taint" flag called support-ended. The date is picked up from a new field in the /etc/os-release file.

The systemd project is now mature enough that old functionality is getting deprecated and removed. Support for version 1 of the cgroups feature, originally donated by Google, will be removed soon, and apps must move to cgroups 2, which appeared in 2016. Support for unmerged /usr folders, as The Reg described when Debian adopted it, is also going away. Both are anticipated to be removed by the end of 2023.

Although Ubuntu's second release of the year has come and gone, there's a small chance that version 252 might still make it into Fedora 37, which has been delayed several weeks due to an OpenSSL security issue which turned out to be a damp squib. If not, this version will be in the spring releases of both Ubuntu and Fedora, as well as Debian 12. ®

Bootnote

This is actually the 113th release of systemd because when the project merged in the udev tool in 2012, its maintainers bumped the version number directly from 44 to 183 in order to match the version number of udev.

Far be it from us to suggest that anyone would bump a version number, say, to make it look more mature and trustworthy.

Send us news
170 Comments

Good news: HMRC offers a Linux version of Basic PAYE Tools. Bad news: It broke

Python 2 has been dead for four years

Redis tightens its license terms, pleasing basically no one

FOSS developers gotta eat, but users need certainty

Flox rocks the Nix box by conquering code chaos

FOSS CLI package management framework for repeatable, declarative deployments across multiple platforms

TrueNAS CORE 13 is the end of the FreeBSD version

Debian-based TrueNAS SCALE is the future primary focus

Securing open source software: Whose job is it, anyway?

CISA announces more help, and calls on app makers to step up

Linux kernel 4.14 gets a life extension, thanks to OpenELA

Could this be the first green shoot of enterprise vendors paying for long-term maintenance?

First release candidate of Linux kernel 6.9 looks 'fairly normal,' says Torvalds

Improved workqueues mean the end of tasklets is looming at long last

Canva acquires Affinity, further wounding a regulator-bruised Adobe

Yet another reason to reconsider that overpriced Creative Cloud subscription

FreeBSD Foundation hands out Beacon gongs for safer software

Multiple CHERI-related projects win money for important research that prizes safety over speed

Fresh version of Windows user-friendly Zorin OS arrives to tempt the Linux-wary

Adding extra shine to Ubuntu Jammy… with the lightweight edition to follow

Beijing issues list of approved CPUs – with no Intel or AMD

2024 may be the year of Linux On The Arm-or-RISC-desktop as China moves away from Western tech

Licensing labyrinth for Power Apps and Dynamics 365 must be clarified, warns expert

Rules still unclear for Microsoft users making potentially costly decisions on enterprise applications