- The mitigations are slightly intrusive, and may clash
with other, similar mitigations (especially for initramfs,
the recommended solution is to configure the system with
the snippet outside of Calamares).
- This is a simple variation on the theme of things-that-call-a-
initramfs-updater, so the code is mostly a copy of initramfs/
module. I didn't even bother to strip out the configuration-
handling (I figure it might be good for *something*) so now
"" and "$uname" are valid kernel names as well.
- Fixes security issue where the initramfs ends up readable
by all, and that includes the cryptfile for LUKS.
SEE #1190
