Hello, what are the differences? As i understand efistub is loading straight to kernel and uki is file which connects initramfs ucode and kernel, but whilei create efistub i give parameters for initramfs and ucode so i dont understand why uki would be better? Also what would be better for encryption with esp partition or without?
You must log in or register to comment.
UKIs are good for secureboot/measureboot, because you can sign the uki, and everything inside of it be validated for secureboot. If you really like to have a secure chain without a uki, you need to validate all the boot components. You can do it with grub and gpg signatures, but is more simple to use an uki and a efi bootloader like systemd-boot
