sprout/README.md

<div align="center">

![Sprout Logo](assets/logo-small.png)

# Sprout

</div>

Sprout is a programmable UEFI bootloader written in Rust.

It is in use at Edera today in development environments and is intended to ship to production soon.

The name "Sprout" is derived from our company name "Edera" which means "ivy."
Given that Sprout is the first thing intended to start on an Edera system, the name was apt.

It supports `x86_64` and `ARM64` EFI-capable systems. It is designed to require UEFI and can be chainloaded from an
existing UEFI bootloader or booted by the hardware directly.

Sprout is licensed under Apache 2.0 and is open to modifications and contributions.

**NOTE**: Sprout is still in beta. Some features may not work as expected.
Please [report any bugs you find](https://github.com/edera-dev/sprout/issues/new/choose).

## Background

At [Edera] we make compute isolation technology for a wide variety of environments, often ones we do not fully control.
Our technology uses a hypervisor to boot the host system to provide a new isolation mechanism that works
with or without hardware virtualization support. To do this, we need to inject our hypervisor at boot time.

Unfortunately, GRUB, the most common bootloader on Linux systems today, uses a shell-script like
configuration system. Both the code that runs to generate a GRUB config and the GRUB config
itself is fully turing complete. This makes modifying boot configuration difficult and error-prone.

Sprout was designed to take in a machine-readable, writable, and modifiable configuration that treats boot information
like data plus configuration, and can be chained from both UEFI firmware and GRUB alike.

Sprout aims to be flexible, secure, and modern. Written in Rust, it handles data safely and uses unsafe code as little
as possible. It also critically must be easy to install into all common distributions, relying on simple principles to
simplify installation and usage.

## Documentation

### Setup Guides

Some guides support Secure Boot and some do not.
We recommend running Sprout without Secure Boot for development, and with Secure Boot for production.

| Operating System | Secure Boot Enabled | Link                                                  |
|------------------|---------------------|-------------------------------------------------------|
| Fedora           | ✅                   | [Setup Guide](./docs/setup/signed/fedora.md)          |
| Debian           | ✅                   | [Setup Guide](./docs/setup/signed/debian.md)          |
| Ubuntu           | ✅                   | [Setup Guide](./docs/setup/signed/ubuntu.md)          |
| openSUSE         | ✅                   | [Setup Guide](./docs/setup/signed/opensuse.md)        |
| Fedora           | ❌                   | [Setup Guide](./docs/setup/unsigned/fedora.md)        |
| Alpine Edge      | ❌                   | [Setup Guide](./docs/setup/unsigned/alpine-edge.md)   |
| Generic Linux    | ❌                   | [Setup Guide](./docs/setup/unsigned/generic-linux.md) |
| Windows          | ❌                   | [Setup Guide](./docs/setup/unsigned/windows.md)       |

### Project Documentation

- [Development Guide]
- [Contributing Guide]
- [Sprout License]
- [Code of Conduct]
- [Security Policy]

## Features

### Current

- [x] Loadable driver support
- [x] Basic [Bootloader specification (BLS)](https://uapi-group.org/specifications/specs/boot_loader_specification/) support
- [x] Chainload support
- [x] Linux boot support via EFI stub
- [x] Windows boot support via chainload
- [x] Load Linux initrd from disk
- [x] Basic boot menu
- [x] BLS autoconfiguration support
- [x] [Secure Boot support](https://github.com/edera-dev/sprout/issues/20): beta
- [x] [Bootloader interface support](https://github.com/edera-dev/sprout/issues/21): beta
- [x] [BLS specification conformance](https://github.com/edera-dev/sprout/issues/2): beta

### Roadmap

- [ ] [Full-featured boot menu](https://github.com/edera-dev/sprout/issues/1)
- [ ] [UKI support](https://github.com/edera-dev/sprout/issues/6): partial
- [ ] [multiboot2 support](https://github.com/edera-dev/sprout/issues/7)
- [ ] [Linux boot protocol (boot without EFI stub)](https://github.com/edera-dev/sprout/issues/7)

## Concepts

- drivers: loadable EFI modules that can add functionality to the EFI system.
- autoconfiguration: code that can automatically generate sprout.toml based on the EFI environment.
- actions: executable code with a configuration that can be run by various other sprout concepts.
- generators: code that can generate boot entries based on inputs or runtime code.
- extractors: code that can extract values from the EFI environment.
- values: key-value pairs that can be specified in the configuration or provided by extractors or generators.
- entries: boot entries that will be displayed to the user.
- phases: stages of the bootloader that can be hooked to run actions at specific points.

## Usage

Sprout is provided as a single EFI binary called `sprout.efi`.
It can be chainloaded from GRUB or other UEFI bootloaders or booted into directly.
Sprout will look for \sprout.toml in the root of the EFI partition it was loaded from.
See [Configuration](#configuration) for how to configure sprout.

## Configuration

Sprout is configured using a TOML file at `\sprout.toml` on the root of the EFI partition sprout was booted from.

### Command Line Options

Sprout supports some command line options that can be combined to modify behavior without the configuration file.

```bash
# Boot Sprout with a specific configuration file.
$ sprout.efi --config=\path\to\config.toml
# Boot a specific entry, bypassing the menu.
$ sprout.efi --boot="Boot Xen"
# Autoconfigure Sprout, without loading a configuration file.
$ sprout.efi --autoconfigure
```

### Boot Linux from ESP

```toml
# sprout configuration: version 1
version = 1

# add a boot entry for booting linux
# which will run the boot-linux action.
[entries.boot-linux]
title = "Boot Linux"
actions = ["boot-linux"]

# use the chainload action to boot linux via the efi stub.
# the options below are passed to the efi stub as the
# kernel command line. the initrd is loaded using the efi stub
# initrd loader mechanism.
[actions.boot-linux]
chainload.path = "\\vmlinuz"
chainload.options = ["root=/dev/sda1"]
chainload.linux-initrd = "\\initrd"
```

### Bootloader Specification (BLS) Support

```toml
# sprout configuration: version 1
version = 1

# load an EFI driver for ext4.
[drivers.ext4]
path = "\\sprout\\drivers\\ext4.efi"

# global options.
[options]
# enable autoconfiguration by detecting bls enabled
# filesystems and generating boot entries for them.
autoconfigure = true
```

[Edera]: https://edera.dev
[Development Guide]: ./DEVELOPMENT.md
[Contributing Guide]: ./CONTRIBUTING.md
[Sprout License]: ./LICENSE
[Code of Conduct]: ./CODE_OF_CONDUCT.md
[Security Policy]: ./SECURITY.md
improve documentation of some functions and more readme work 2025-10-19 20:23:55 -07:00			`<div align="center">`
initial commit 2025-10-01 16:45:04 -07:00
chore(assets): update sprout logo 2025-10-24 16:49:34 -07:00			`![Sprout Logo](assets/logo-small.png)`
add initial logo and readme 2025-10-14 22:58:02 -07:00
improve documentation of some functions and more readme work 2025-10-19 20:23:55 -07:00			`# Sprout`

			`</div>`
add initial logo and readme 2025-10-14 22:58:02 -07:00
chore(doc): update readme 2025-11-01 02:04:52 -04:00			`Sprout is a programmable UEFI bootloader written in Rust.`
update logo to be smaller 2025-10-19 20:25:47 -07:00
chore(doc): update readme 2025-11-01 02:04:52 -04:00			`It is in use at Edera today in development environments and is intended to ship to production soon.`
add initial logo and readme 2025-10-14 22:58:02 -07:00
chore(doc): update readme 2025-11-01 02:04:52 -04:00			`The name "Sprout" is derived from our company name "Edera" which means "ivy."`
readme improvements 2025-10-19 00:25:11 -07:00			`Given that Sprout is the first thing intended to start on an Edera system, the name was apt.`

improve readme even more 2025-10-19 00:38:36 -07:00			It supports `x86_64` and `ARM64` EFI-capable systems. It is designed to require UEFI and can be chainloaded from an
readme improvements 2025-10-19 00:25:11 -07:00			`existing UEFI bootloader or booted by the hardware directly.`

improve readme even more 2025-10-19 00:38:36 -07:00			`Sprout is licensed under Apache 2.0 and is open to modifications and contributions.`

chore(docs): reorganize setup guides 2025-11-02 19:26:02 -05:00			`NOTE: Sprout is still in beta. Some features may not work as expected.`
			`Please [report any bugs you find](https://github.com/edera-dev/sprout/issues/new/choose).`

update README with background section 2025-10-24 14:49:11 -07:00			`## Background`

			`At [Edera] we make compute isolation technology for a wide variety of environments, often ones we do not fully control.`
chore(doc): update readme 2025-11-01 02:04:52 -04:00			`Our technology uses a hypervisor to boot the host system to provide a new isolation mechanism that works`
			`with or without hardware virtualization support. To do this, we need to inject our hypervisor at boot time.`
update README with background section 2025-10-24 14:49:11 -07:00
chore(doc): update readme 2025-11-01 02:04:52 -04:00			`Unfortunately, GRUB, the most common bootloader on Linux systems today, uses a shell-script like`
update README with background section 2025-10-24 14:49:11 -07:00			`configuration system. Both the code that runs to generate a GRUB config and the GRUB config`
			`itself is fully turing complete. This makes modifying boot configuration difficult and error-prone.`

			`Sprout was designed to take in a machine-readable, writable, and modifiable configuration that treats boot information`
			`like data plus configuration, and can be chained from both UEFI firmware and GRUB alike.`

			`Sprout aims to be flexible, secure, and modern. Written in Rust, it handles data safely and uses unsafe code as little`
			`as possible. It also critically must be easy to install into all common distributions, relying on simple principles to`
			`simplify installation and usage.`

add fedora setup guide 2025-10-20 10:34:55 -07:00			`## Documentation`

chore(docs): reorganize setup guides 2025-11-02 19:26:02 -05:00			`### Setup Guides`

			`Some guides support Secure Boot and some do not.`
			`We recommend running Sprout without Secure Boot for development, and with Secure Boot for production.`

			`\| Operating System \| Secure Boot Enabled \| Link \|`
			`\|------------------\|---------------------\|-------------------------------------------------------\|`
chore(doc): add fedora setup guide and tweak existing guides 2025-11-06 23:51:57 -05:00			`\| Fedora \| ✅ \| [Setup Guide](./docs/setup/signed/fedora.md) \|`
chore(docs): add debian setup guide 2025-11-02 19:52:25 -05:00			`\| Debian \| ✅ \| [Setup Guide](./docs/setup/signed/debian.md) \|`
chore(doc): add fedora setup guide and tweak existing guides 2025-11-06 23:51:57 -05:00			`\| Ubuntu \| ✅ \| [Setup Guide](./docs/setup/signed/ubuntu.md) \|`
chore(docs): add openSUSE Secure Boot guide 2025-11-03 04:49:55 -05:00			`\| openSUSE \| ✅ \| [Setup Guide](./docs/setup/signed/opensuse.md) \|`
chore(docs): reorganize setup guides 2025-11-02 19:26:02 -05:00			`\| Fedora \| ❌ \| [Setup Guide](./docs/setup/unsigned/fedora.md) \|`
			`\| Alpine Edge \| ❌ \| [Setup Guide](./docs/setup/unsigned/alpine-edge.md) \|`
			`\| Generic Linux \| ❌ \| [Setup Guide](./docs/setup/unsigned/generic-linux.md) \|`
			`\| Windows \| ❌ \| [Setup Guide](./docs/setup/unsigned/windows.md) \|`

			`### Project Documentation`

add fedora setup guide 2025-10-20 10:34:55 -07:00			`- [Development Guide]`
			`- [Contributing Guide]`
			`- [Sprout License]`
			`- [Code of Conduct]`
			`- [Security Policy]`

improve readme even more 2025-10-19 00:38:36 -07:00			`## Features`

			`### Current`

			`- [x] Loadable driver support`
chore(docs): update readme with secure boot notes and roadmap items 2025-10-28 01:43:07 -04:00			`- [x] Basic [Bootloader specification (BLS)](https://uapi-group.org/specifications/specs/boot_loader_specification/) support`
improve readme even more 2025-10-19 00:38:36 -07:00			`- [x] Chainload support`
			`- [x] Linux boot support via EFI stub`
booting windows is supported! 2025-10-20 20:35:13 -07:00			`- [x] Windows boot support via chainload`
improve readme even more 2025-10-19 00:38:36 -07:00			`- [x] Load Linux initrd from disk`
chore(doc): document the basic boot menu as a supported feature 2025-10-27 00:01:05 -04:00			`- [x] Basic boot menu`
chore(docs): mention autoconfiguration support for bls and use it in the docs 2025-10-27 03:52:39 -04:00			`- [x] BLS autoconfiguration support`
chore(docs): add ubuntu secure boot setup guide 2025-11-02 18:08:57 -05:00			`- [x] [Secure Boot support](https://github.com/edera-dev/sprout/issues/20): beta`
			`- [x] [Bootloader interface support](https://github.com/edera-dev/sprout/issues/21): beta`
			`- [x] [BLS specification conformance](https://github.com/edera-dev/sprout/issues/2): beta`
improve readme even more 2025-10-19 00:38:36 -07:00
			`### Roadmap`

chore(docs): update readme with secure boot notes and roadmap items 2025-10-28 01:43:07 -04:00			`- [ ] [Full-featured boot menu](https://github.com/edera-dev/sprout/issues/1)`
			`- [ ] [UKI support](https://github.com/edera-dev/sprout/issues/6): partial`
			`- [ ] [multiboot2 support](https://github.com/edera-dev/sprout/issues/7)`
			`- [ ] [Linux boot protocol (boot without EFI stub)](https://github.com/edera-dev/sprout/issues/7)`
improve readme even more 2025-10-19 00:38:36 -07:00
			`## Concepts`

			`- drivers: loadable EFI modules that can add functionality to the EFI system.`
chore(docs): update readme with secure boot notes and roadmap items 2025-10-28 01:43:07 -04:00			`- autoconfiguration: code that can automatically generate sprout.toml based on the EFI environment.`
improve readme even more 2025-10-19 00:38:36 -07:00			`- actions: executable code with a configuration that can be run by various other sprout concepts.`
			`- generators: code that can generate boot entries based on inputs or runtime code.`
			`- extractors: code that can extract values from the EFI environment.`
			`- values: key-value pairs that can be specified in the configuration or provided by extractors or generators.`
			`- entries: boot entries that will be displayed to the user.`
			`- phases: stages of the bootloader that can be hooked to run actions at specific points.`

readme improvements 2025-10-19 00:25:11 -07:00			`## Usage`

			Sprout is provided as a single EFI binary called `sprout.efi`.
			`It can be chainloaded from GRUB or other UEFI bootloaders or booted into directly.`
			`Sprout will look for \sprout.toml in the root of the EFI partition it was loaded from.`
			`See [Configuration](#configuration) for how to configure sprout.`

			`## Configuration`

			Sprout is configured using a TOML file at `\sprout.toml` on the root of the EFI partition sprout was booted from.

add readme information about sprout command line arguments 2025-10-20 18:21:41 -07:00			`### Command Line Options`

			`Sprout supports some command line options that can be combined to modify behavior without the configuration file.`

			```bash
			`# Boot Sprout with a specific configuration file.`
			`$ sprout.efi --config=\path\to\config.toml`
			`# Boot a specific entry, bypassing the menu.`
			`$ sprout.efi --boot="Boot Xen"`
chore(docs): mention autoconfiguration support for bls and use it in the docs 2025-10-27 03:52:39 -04:00			`# Autoconfigure Sprout, without loading a configuration file.`
			`$ sprout.efi --autoconfigure`
add readme information about sprout command line arguments 2025-10-20 18:21:41 -07:00			```

readme improvements 2025-10-19 00:25:11 -07:00			`### Boot Linux from ESP`

			```toml
			`# sprout configuration: version 1`
			`version = 1`

			`# add a boot entry for booting linux`
			`# which will run the boot-linux action.`
			`[entries.boot-linux]`
			`title = "Boot Linux"`
			`actions = ["boot-linux"]`

			`# use the chainload action to boot linux via the efi stub.`
			`# the options below are passed to the efi stub as the`
			`# kernel command line. the initrd is loaded using the efi stub`
			`# initrd loader mechanism.`
			`[actions.boot-linux]`
			`chainload.path = "\\vmlinuz"`
			`chainload.options = ["root=/dev/sda1"]`
			`chainload.linux-initrd = "\\initrd"`
			```

			`### Bootloader Specification (BLS) Support`

			```toml
			`# sprout configuration: version 1`
			`version = 1`

			`# load an EFI driver for ext4.`
			`[drivers.ext4]`
			`path = "\\sprout\\drivers\\ext4.efi"`

chore(docs): mention autoconfiguration support for bls and use it in the docs 2025-10-27 03:52:39 -04:00			`# global options.`
feat(config): rename [defaults] to [options] 2025-10-27 17:56:38 -04:00			`[options]`
chore(docs): mention autoconfiguration support for bls and use it in the docs 2025-10-27 03:52:39 -04:00			`# enable autoconfiguration by detecting bls enabled`
			`# filesystems and generating boot entries for them.`
			`autoconfigure = true`
readme improvements 2025-10-19 00:25:11 -07:00			```
add fedora setup guide 2025-10-20 10:34:55 -07:00
update README with background section 2025-10-24 14:49:11 -07:00			`[Edera]: https://edera.dev`
add fedora setup guide 2025-10-20 10:34:55 -07:00			`[Development Guide]: ./DEVELOPMENT.md`
			`[Contributing Guide]: ./CONTRIBUTING.md`
			`[Sprout License]: ./LICENSE`
			`[Code of Conduct]: ./CODE_OF_CONDUCT.md`
			`[Security Policy]: ./SECURITY.md`