Goal:

• Make it possible to create Confidential VM images which use Unified Kernel Image instead of the traditional kernel layout.

In 9.2, RHEL gained support for Unified Kernel Images https://bugzilla.redhat.com/show_bug.cgi?id=2142102 to support Azure Confidential VMs use-case. Unified Kernel Image (UKI) is shipped in a separate 'kernel-uki-virt' package and can be used instead of the traditional 'kernel-core' package. Currently, the only existing Azure RHEL CVM Image is built by Microsoft using a customized kickstart. Enhancing ImageBuilder with an option to build UKI based images would allow customers to build their own images, compatible with Azure CVM.

Acceptance Criteria:

• ImageBuilder is able to create an image which uses UKI instead of the traditional kernel.
• The created image boots well on Azure CVM.

Caveats:

• Currently, UKI can be booted on UEFI systems only so the UKI based image is going to be UEFI only.
• The UKI must be booted directly from 'shim' and not through grub.
• UKI requires partition auto discovery (https://www.freedesktop.org/software/systemd/man/systemd-gpt-auto-generator.html) to work. This implies using compatible partition GUIDs.

Example kickstart: https://people.redhat.com/~vkuznets/azure_cvm/RHEL9-CVM.ks

Additional links:

Azure CVM Tech preview description.