graft-kernel: a new UKI generator

This news article (in part) announces two new components! Thats a two for one deal unlike any other!!

graft-kernel is a standalone UKI generator which implements the same feature-set as systemd-ukify, this allows secureboot signing, PCR measurments and multi profile UKIs (though those aren’t supported by Rootloader and Stem yet).

With ukify, this is the second UKI generator that, to my knowledge, supports PCR measurments! With the added bonus of not depending on systemds TPM/PCR toolset (systemd-measure, systemd-pcrextend, systemd-tpm2-setup). Instead, Gardenhouse has its own set of tpm utilities called Gardenlock.

With this, Gardenhouse builds by default only use Gentoos systemd-utils for udev, everything else has been replaced!

References

graft-kernel repository: git.pinkro.se codeberg

Gardenlock repository: git.pinkro.se codeberg

Systemd-ukify: https://www.freedesktop.org/software/systemd/man/latest/ukify.html