Reference #
This section contains reference documentation for the current ST components: stprov, stmgr, and stboot. Example tooling that uses these components to boot an OS package is provided in the build guide.
Overview #
An overview of how the different ST components interact with each other is shown in the figure below. Click on the rendered components or use the left-side submenu for navigating into the more detailed documentation.
At a glance, a provisioning tool (stprov) writes various configuration files to a new platform. Provisioning of a host configuration is required. Additional configuration that is useful for OS packages can optionally be provisioned using an interactive client-server protocol.
A tool named stmgr is used to assemble various inputs that the ST bootloader (stboot) reads. For example, it can generate keys, sign OS packages, and assemble stprov/stboot images suitable for running on a platform.
The ST bootloader (stboot) verifies OS packages against its trust policy. If all goes well, control is handed over to the verified OS package. The OS package may read some of the configuration provisioned by stprov.
flowchart TB
%% For basic mermaid sytax, see:
%% https://mermaid.js.org/syntax/flowchart.html
subgraph Installation and boot
%%%%
%% Components (diamonds, red)
%%%%
stboot{{stboot}}; style stboot fill:#FC2B59,stroke:#333,stroke-width:2px,color:white
stmgr{{stmgr}}; style stmgr fill:#FC2B59,stroke:#333,stroke-width:2px,color:white
stprov_client{{stprov local}}; style stprov_client fill:#FC2B59,stroke:#333,stroke-width:2px,color:white
stprov_server{{stprov remote}}; style stprov_server fill:#FC2B59,stroke:#333,stroke-width:2px,color:white
click stboot href "./stboot-system" "stboot system documentation"
click stprov_client href "./stprov-manual" "stprov manual"
click stprov_server href "./stprov-manual" "stprov manual"
click stmgr href "./stmgr-manual" "stmgr manual"
%%%%
%% Formats (rounded rectangles, blue)
%%%%
hostconf([Host configuration]); style hostconf fill:#0C6695,stroke:#333,stroke-width:2px,color:white
trustpol([Trust policy]); style trustpol fill:#0C6695,stroke:#333,stroke-width:2px,color:white
ospkg([OS package]); style ospkg fill:#0C6695,stroke:#333,stroke-width:2px,color:white
ssh_key([SSH hostkey]); style ssh_key fill:#0C6695,stroke:#333,stroke-width:2px,color:white
hostname([Hostname]); style hostname fill:#0C6695,stroke:#333,stroke-width:2px,color:white
click hostconf href "./host_configuration" "Host configuration"
click trustpol href "./trust_policy" "Trust policy"
click ospkg href "./os_package" "OS package"
click ssh_key "./efi-variables" "Storage index - SSH hostkey"
click hostname "./efi-variables" "Storage index - Hostname"
%%%%
%% Protocols (trapezoid, green)
%%%%
stprov_protocol[/stprov protocol/]; style stprov_protocol fill:#0c970c,stroke:#333,stroke-width:2px,color:white
click stprov_protocol href "./stprov-system" "stprov system documentation"
%%%%
%% Edges
%%%%
stprov_server .-> hostname
stprov_client <.-> stprov_protocol <.-> stprov_server
stprov_server .-> ssh_key
stprov_server --> hostconf --> stboot
stmgr --> ospkg --> stboot
trustpol --> stboot
%% Consider depicting relevant inputs to stmgr?
end
%%%%
%% Running OS package outside of the install+boot graph
runtime>Running OS package]; style runtime fill:#ffff00,stroke:#333,stroke-width:2px
%%%%
%% Edges
%%%%
stboot x-- kexec syscall --x runtime
hostconf .-> runtime
hostname .-> runtime
ssh_key .-> runtime
Diamonds (red) depict components used by users or scripts via command-line interfaces and configuration files. Rounded rectangles (blue) depicts formats typically stored at rest. Trapezoids (green) depicts protocols. An outgoing arrows indicates something is produced. An incoming arrow indicates something is consumed.
Note that it should be possible to replace a component if compatible formats and protocols are used. For example, where an OS package reads its hostname is up to the user-defined OS package. Similarly, there is no requirement on using stprov if alternative tools can provision a compatible host configuration for stboot.