Hello, what are the differences? As i understand efistub is loading straight to kernel and uki is file which connects initramfs ucode and kernel, but whilei create efistub i give parameters for initramfs and ucode so i dont understand why uki would be better? Also what would be better for encryption with esp partition or without?
You must log in or # to comment.
UKIs are good for secureboot/measureboot, because you can sign the uki, and everything inside of it be validated for secureboot. If you really like to have a secure chain without a uki, you need to validate all the boot components. You can do it with grub and gpg signatures, but is more simple to use an uki and a efi bootloader like systemd-boot
