All mkinitcpio info was ruthlessly copied from  Not sure how to reference this.
Mkinitcpio still also creates regular initramfs
The linux.preset file leaves both the regular initramfs files and the .efi binary. Might need adapting so that only the .efi file is left in the end, but not sure about that.
- Now you can use kernel-install (with layout=uki mode) instead of mkinitpcio and that will only generate .efi files. I have added a section about this. 05storm26 (talk) 10:09, 12 December 2022 (UTC)
Keep sbctl pacman hook with kernel install?
The kernel-install section stubs out the sbctl pacman hook. Is this a good idea? The kernel-install plugins only sign the kernel after all, so presumably folks would still use sbctl to keep their boot loader signed, at least. Disabling the hook could perhaps silently render systems unbootable under secure boot, because an unsigned bootloader copy ends up on /efi.
ukify needs an experimental warning?
At the very top of man ukify there is a warning
Note: this command is experimental for now. While it is intended to become a regular component of systemd, it might still change in behaviour and interface.
This warning should be mentioned in the ukify section, as such a change will break the solution given there.
The section on ukify probably has a factual inaccuracy with respect to mkinitcpio
The section contains:
If the initramfs generator already bundles CPU microcode by default such as mkinitcpio, then only specify the initramfs image in
However, as far as I understand the mkinitcpio documentation, mkinitcpio can only bundle microcode when it produces a UKI itself. Hence, when ukify is used, the microcode never already is provided by mkinitcpio.
- Yes, you are correct and thanks for pointing that out. The mkinitcpio script does not bundle microcode within the generated image, and this can be confirmed be listing its content using lsinitcpio and ensuring the ALL_microcode option is set in the preset(s). However, it's possible that other generators may bundle microcode so I still left the note. Nu4425 (talk) 17:48, 29 October 2023 (UTC)
Automatic update of ukify-generated images via systemd path units is unreliable
The section on ukify shows a way to use systemd path units to automatically trigger rebuilding the UKI when microcode or initramfs changes. However, that does not work reliably. I do not know exactly why. But probably ukify in some situations gets triggered at times when either the new microcode of the new initramfs is not yet completely written. Then it probably creates a UKI with, e.g., half of an initramfs. The effect is that the system becomes unbootable. Whxvd (talk) 17:44, 28 October 2023 (UTC)