Gardenhouse
Navigation

Stem UKI-stub

Stem is a UKI compatible implementation of the linux efi-stub. It’s an alternative to systemd-stub as the second UKI compatible efistub.

It aims to be fully compatible with anything that uses systemd-stub. So far it has been tested as verified with ukify UKIs and ZFSBootMenu.

While Stem aims to be compatible with systemd-stub, it does not implement every feature. So far Stem supports the following features:

  • Device tree loading (required for ARM or RISC-V)

  • TPM Measurment (both PCR 11 and PCR 12)

  • Random seed

  • Splash

  • Sbat

  • Variable exporting

  • Ucode embedding

  • Multi profile UKIs

Sbat

Stem contains it’s own sbat identifier following the specification:

sbat,1,SBAT Version,sbat,1,https://github.com/rhboot/shim/blob/main/SBAT.md
stem,1,Rose,stem,1,https://git.pinkro.se/Rose/gardenhouse/stem.git/about/

TPM Measurment

Stem measures hashes into the TPM2 if available following the UAPI TPM specification.

PCR 11 contains measurments for the sections .linux, .initrd, .ucode, .dtb and .osrel.

PCR 12 contains measurments for the section .cmdline.

PCR 13 is unused by Stem as it does not support initrd system extension images.

Further references

Stem Repository: git.pinkro.se codeberg

UAPI UKI spec: https://uapi-group.org/specifications/specs/unified_kernel_image/