Red Hat engineers are proposing a separate, minimal GRUB bootloader package so the Linux VMs handling sealed off, remotely verifiable workloads can keep a stable, auditable boot chain.
Fedora's next release is weighing a deliberate split inside its boot chain. The proposal: a stripped-down version of GRUB, the bootloader that hands control from a machine's firmware to the Linux kernel, built narrowly for confidential computing VMs whose memory and compute must stay sealed off from the host and verifiable to a remote party.
Under the change under consideration and summarized by Phoronix, Red Hat engineers are floating a separate, minimal GRUB package focused on UEFI boot with UEFI Secure Boot enabled. That lighter build would carry only the bare modules it actually needs, and would add support for Unified Kernel Images and Bootloader Specification entries, the file format that tells a bootloader which kernel to launch and with what options. The standard GRUB would stay the default in Fedora Linux; the new variant would exist specifically for confidential computing VMs, according to the Phoronix write-up of the proposal.
The reasoning is rooted in how confidential VMs earn trust. Those workloads depend on measured boot, a process in which every stage of startup is hashed and those hashes are recorded in the TPM, the secure cryptoprocessor built into most modern servers. A remote party then performs remote attestation, cryptographically checking those recorded hashes before it is willing to trust the VM with sensitive data. The smaller and more auditable the boot surface, the easier it is to keep those measurements stable across kernel updates, security patches, and ordinary distro churn.
That stability is the point. A confidential VM that changes its boot fingerprint every time a package is updated forces the remote attester to re-validate the whole chain, or risks false rejections when nothing has actually been tampered with. By pinning confidential workloads to a deliberately narrow GRUB build, Fedora is trying to keep the trust anchor still.
The proposal also reflects a quiet rejection. Engineers weighed using systemd-boot, the simpler bootloader shipped with systemd, before landing on the parallel GRUB approach. As Phoronix summarizes it, systemd-boot lost out on scope and maintainership: systemd upstream has been unwilling to absorb the additional features required, and systemd-boot is less tested and fuzzed than GRUB. The decision amounts to scope discipline winning over consolidation, at the cost of carrying two GRUB trees inside one distribution.
Fedora 45 is still in development, and the lighter package is a proposal rather than a merged change. The next concrete signals to watch are the Fedora development list, an upstream GRUB mailing list thread, and a Red Hat or Fedora wiki entry that confirms the package name, the exact module set, and the named engineers behind the change. For now, the direction is clear: Fedora wants the VMs handling its most security-sensitive workloads to boot through a bootloader that is small enough to audit and stable enough to attest.