sprout: version 0.0.27 (#57 )

chore(deps): bump the actions-updates group with 3 updates (#56 )
Bumps the actions-updates group with 3 updates: [step-security/harden-runner](https://github.com/step-security/harden-runner), [astral-sh/setup-uv](https://github.com/astral-sh/setup-uv) and [actions/upload-artifact](https://github.com/actions/upload-artifact). Updates `step-security/harden-runner` from 2.13.2 to 2.14.0 - [Release notes](https://github.com/step-security/harden-runner/releases) - [Commits](95d9a5deda...20cf305ff2) Updates `astral-sh/setup-uv` from 7.1.2 to 7.1.6 - [Release notes](https://github.com/astral-sh/setup-uv/releases) - [Commits](85856786d1...681c641aba) Updates `actions/upload-artifact` from 5.0.0 to 6.0.0 - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](330a01c490...b7c566a772) --- updated-dependencies: - dependency-name: step-security/harden-runner dependency-version: 2.14.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions-updates - dependency-name: astral-sh/setup-uv dependency-version: 7.1.6 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: actions-updates - dependency-name: actions/upload-artifact dependency-version: 6.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions-updates ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-02-05 05:30:16 +00:00 · 2025-12-23 22:51:26 -08:00 · 2025-12-23 18:54:25 -08:00 · 2025-12-21 14:11:26 -08:00 · 2025-12-21 14:11:10 -08:00 · 2025-12-20 23:00:51 -08:00
51 changed files with 753 additions and 481 deletions
--- a/.github/workflows/ci-actions.yml
+++ b/.github/workflows/ci-actions.yml
@@ -25,17 +25,17 @@ jobs:
      actions: read # Needed to analyze action metadata.
    steps:
    - name: harden runner
-      uses: step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a # v2.13.1
+      uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0
      with:
        egress-policy: audit
    - name: checkout
-      uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+      uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
      with:
        persist-credentials: false
    - name: setup uv
-      uses: astral-sh/setup-uv@2ddd2b9cb38ad8efd50337e8ab201519a34c9f24 # v7.1.1
+      uses: astral-sh/setup-uv@681c641aba71e4a1c380be3ab5e12ad51f415867 # v7.1.6
    - name: zizmor
      run: uvx zizmor --pedantic --format sarif . > results.sarif
@@ -43,7 +43,7 @@ jobs:
        GH_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
    - name: upload
-      uses: github/codeql-action/upload-sarif@4e94bd11f71e507f7f87df81788dff88d1dacbfb # v4.31.0
+      uses: github/codeql-action/upload-sarif@0499de31b99561a6d14a36a5f662c2a54f91beee # v4.31.2
      with:
        sarif_file: results.sarif
        category: zizmor
--- a/.github/workflows/ci-code.yml
+++ b/.github/workflows/ci-code.yml
@@ -21,12 +21,12 @@ jobs:
    runs-on: ubuntu-latest
    steps:
    - name: harden runner
-      uses: step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a # v2.13.1
+      uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0
      with:
        egress-policy: audit
    - name: checkout
-      uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+      uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
      with:
        persist-credentials: false
@@ -51,12 +51,12 @@ jobs:
    name: 'build ${{ matrix.arch }}'
    steps:
    - name: harden runner
-      uses: step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a # v2.13.1
+      uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0
      with:
        egress-policy: audit
    - name: checkout
-      uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+      uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
      with:
        persist-credentials: false
@@ -80,12 +80,12 @@ jobs:
    name: 'clippy ${{ matrix.arch }}'
    steps:
    - name: harden runner
-      uses: step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a # v2.13.1
+      uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0
      with:
        egress-policy: audit
    - name: checkout
-      uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+      uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
      with:
        persist-credentials: false
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@@ -37,23 +37,23 @@ jobs:
          build-mode: none
    steps:
    - name: harden runner
-      uses: step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a # v2.13.1
+      uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0
      with:
        egress-policy: audit
    - name: checkout
-      uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+      uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
      with:
        persist-credentials: false
    - name: initialize codeql
-      uses: github/codeql-action/init@4e94bd11f71e507f7f87df81788dff88d1dacbfb # v4.31.0
+      uses: github/codeql-action/init@0499de31b99561a6d14a36a5f662c2a54f91beee # v4.31.2
      with:
        languages: ${{ matrix.language }}
        build-mode: ${{ matrix.build-mode }}
        config-file: ./.github/codeql/codeql-config.yaml
    - name: perform codeql analysis
-      uses: github/codeql-action/analyze@4e94bd11f71e507f7f87df81788dff88d1dacbfb # v4.31.0
+      uses: github/codeql-action/analyze@0499de31b99561a6d14a36a5f662c2a54f91beee # v4.31.2
      with:
        category: "/language:${{matrix.language}}"
--- a/.github/workflows/publish.yml
+++ b/.github/workflows/publish.yml
@@ -25,12 +25,12 @@ jobs:
    runs-on: ubuntu-latest
    steps:
    - name: harden runner
-      uses: step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a # v2.13.1
+      uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0
      with:
        egress-policy: audit
    - name: checkout
-      uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+      uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
      with:
        persist-credentials: false
@@ -43,7 +43,7 @@ jobs:
    - name: 'upload artifacts'
      id: upload
-      uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
+      uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
      with:
        name: artifacts
        path: target/assemble/*
@@ -53,3 +53,4 @@ jobs:
      with:
        subject-name: artifacts.zip
        subject-digest: "sha256:${{ steps.upload.outputs.artifact-digest }}"
      if: github.event_name != 'pull_request'
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -25,12 +25,12 @@ jobs:
    runs-on: ubuntu-latest
    steps:
    - name: harden runner
-      uses: step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a # v2.13.1
+      uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0
      with:
        egress-policy: audit
    - name: checkout
-      uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+      uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
      with:
        persist-credentials: false
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -46,9 +46,9 @@ dependencies = [
 [[package]]
 name = "crypto-common"
-version = "0.1.6"
+version = "0.1.7"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "1bfb12502f3fc46cca1bb51ac28df9d618d813cdc3d2f25b9fe775a34af26bb3"
+checksum = "78c8292055d1c1df0cce5d180393dc8cce0abec0a7102adb6c7b1eef6016d60a"
 dependencies = [
 "generic-array",
 "typenum",
@@ -66,13 +66,14 @@ dependencies = [
 [[package]]
 name = "edera-sprout-boot"
-version = "0.0.23"
+version = "0.0.27"
 dependencies = [
 "anyhow",
 "edera-sprout-build",
 "edera-sprout-config",
 "edera-sprout-eficore",
 "hex",
 "jaarg",
 "log",
 "sha2",
 "toml",
@@ -82,18 +83,18 @@ dependencies = [
 [[package]]
 name = "edera-sprout-build"
-version = "0.0.23"
+version = "0.0.27"
 [[package]]
 name = "edera-sprout-config"
-version = "0.0.23"
+version = "0.0.27"
 dependencies = [
 "serde",
 ]
 [[package]]
 name = "edera-sprout-eficore"
-version = "0.0.23"
+version = "0.0.27"
 dependencies = [
 "anyhow",
 "bitflags",
@@ -106,9 +107,9 @@ dependencies = [
 [[package]]
 name = "generic-array"
-version = "0.14.9"
+version = "0.14.7"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "4bb6743198531e02858aeaea5398fcc883e71851fcbcb5a2f773e2fb6cb1edf2"
+checksum = "85649ca51fd72272d7821adaf274ad91c288277713d9c18820d8499a7ff69e9a"
 dependencies = [
 "typenum",
 "version_check",
@@ -121,10 +122,16 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "7f24254aa9a54b5c858eaee2f5bccdb46aaf0e486a595ed5fd8f86ba55232a70"
 [[package]]
-name = "libc"
+name = "jaarg"
-version = "0.2.177"
+version = "0.2.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "2874a2af47a2325c2001a6e6fad9b16a53b802102b528163885171cf92b15976"
+checksum = "534d589df1ef528a238f4bc4b1db081a1280f3aedf2695fd8971e9853a7fa4f6"
 [[package]]
 name = "libc"
 version = "0.2.178"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "37c93d8daa9d8a012fd8ab92f088405fb202ea0b6ab73ee2482ae66af4f42091"
 [[package]]
 name = "lock_api"
@@ -137,9 +144,9 @@ dependencies = [
 [[package]]
 name = "log"
-version = "0.4.28"
+version = "0.4.29"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "34080505efa8e45a4b816c349525ebe327ceaa8559756f0356cba97ef3bf7432"
+checksum = "5e5032e24019045c762d3c0f28f5b6b8bbf38563a65908389bf7978758920897"
 [[package]]
 name = "proc-macro2"
@@ -172,9 +179,9 @@ dependencies = [
 [[package]]
 name = "quote"
-version = "1.0.41"
+version = "1.0.42"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "ce25767e7b499d1b604768e7cde645d14cc8584231ea6b295e9c9eb22c02e1d1"
+checksum = "a338cc41d27e6cc6dce6cefc13a0729dfbb81c262b1f519331575dd80ef3067f"
 dependencies = [
 "proc-macro2",
 ]
@@ -217,9 +224,9 @@ dependencies = [
 [[package]]
 name = "serde_spanned"
-version = "1.0.3"
+version = "1.0.4"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "e24345aa0fe688594e73770a5f6d1b216508b4f93484c0026d521acd30134392"
+checksum = "f8bbf91e5a4d6315eee45e704372590b30e260ee83af6639d64557f51b067776"
 dependencies = [
 "serde_core",
 ]
@@ -252,9 +259,9 @@ dependencies = [
 [[package]]
 name = "syn"
-version = "2.0.108"
+version = "2.0.111"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "da58917d35242480a05c2897064da0a80589a2a0476c9a3f2fdc83b53502e917"
+checksum = "390cc9a294ab71bdb1aa2e99d13be9c753cd2d7bd6560c77118597410c4d2e87"
 dependencies = [
 "proc-macro2",
 "quote",
@@ -263,9 +270,9 @@ dependencies = [
 [[package]]
 name = "toml"
-version = "0.9.8"
+version = "0.9.10+spec-1.1.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "f0dc8b1fb61449e27716ec0e1bdf0f6b8f3e8f6b05391e8497b8b6d7804ea6d8"
+checksum = "0825052159284a1a8b4d6c0c86cbc801f2da5afd2b225fa548c72f2e74002f48"
 dependencies = [
 "serde_core",
 "serde_spanned",
@@ -276,18 +283,18 @@ dependencies = [
 [[package]]
 name = "toml_datetime"
-version = "0.7.3"
+version = "0.7.5+spec-1.1.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "f2cdb639ebbc97961c51720f858597f7f24c4fc295327923af55b74c3c724533"
+checksum = "92e1cfed4a3038bc5a127e35a2d360f145e1f4b971b551a2ba5fd7aedf7e1347"
 dependencies = [
 "serde_core",
 ]
 [[package]]
 name = "toml_parser"
-version = "1.0.4"
+version = "1.0.6+spec-1.1.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "c0cbe268d35bdb4bb5a56a2de88d0ad0eb70af5384a99d648cd4b3d04039800e"
+checksum = "a3198b4b0a8e11f09dd03e133c0280504d0801269e9afa46362ffde1cbeebf44"
 dependencies = [
 "winnow",
 ]
@@ -309,9 +316,9 @@ dependencies = [
 [[package]]
 name = "uefi"
-version = "0.36.0"
+version = "0.36.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "f123e69767fc287c44d70ee19af3b39d1bfb735dbaff5090e95b5b13cd656d16"
+checksum = "71fe9058b73ee2b6559524af9e33199c13b2485ddbf3ad1181b68051cdc50c17"
 dependencies = [
 "bitflags",
 "cfg-if",
@@ -336,9 +343,9 @@ dependencies = [
 [[package]]
 name = "uefi-raw"
-version = "0.12.0"
+version = "0.13.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "8aff2f4f2b556a36a201d335a1e0a57754967a96857b1f47a52d5a23825cac84"
+checksum = "7f64fe59e11af447d12fd60a403c74106eb104309f34b4c6dbce6e927d97da9d"
 dependencies = [
 "bitflags",
 "uguid",
@@ -364,6 +371,6 @@ checksum = "0b928f33d975fc6ad9f86c8f283853ad26bdd5b10b7f1542aa2fa15e2289105a"
 [[package]]
 name = "winnow"
-version = "0.7.13"
+version = "0.7.14"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "21a0236b59786fed61e2a80582dd500fe61f18b5dca67a4a067d0bc9039339cf"
+checksum = "5a5364e9d77fcdeeaa6062ced926ee3381faa2ee02d3eb83a5c27a8825540829"
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -9,16 +9,16 @@ resolver = "3"
 [workspace.package]
 license = "Apache-2.0"
-version = "0.0.23"
+version = "0.0.27"
 homepage = "https://sprout.edera.dev"
 repository = "https://github.com/edera-dev/sprout"
 edition = "2024"
 [workspace.dependencies]
 bitflags = "2.10.0"
-log = "0.4.28"
+log = "0.4.29"
 spin = "0.10.0"
-uefi-raw = "0.12.0"
+uefi-raw = "0.13.0"
 [workspace.dependencies.anyhow]
 version = "1.0.100"
@@ -29,6 +29,11 @@ version = "0.4.3"
 default-features = false
 features = ["alloc"]
 [workspace.dependencies.jaarg]
 version = "0.2.2"
 default-features = false
 features = ["alloc"]
 [workspace.dependencies.serde]
 version = "1.0.228"
 default-features = false
@@ -43,12 +48,12 @@ version = "1.3.0"
 default-features = false
 [workspace.dependencies.toml]
-version = "0.9.8"
+version = "0.9.10"
 default-features = false
 features = ["serde", "parse"]
 [workspace.dependencies.uefi]
-version = "0.36.0"
+version = "0.36.1"
 default-features = false
 features = ["alloc", "global_allocator", "panic_handler"]
--- a/2
+++ b/2
@@ -2,7 +2,7 @@
 ARG RUST_PROFILE=release
 ARG RUST_TARGET_SUBDIR=release
-FROM --platform=$BUILDPLATFORM rust:1.91.0-alpine@sha256:a3e3d30122c08c0ed85dcd8867d956f066be23c32ed67a0453bc04ce478ad69b AS build
+FROM --platform=$BUILDPLATFORM rust:1.92.0-alpine@sha256:f6c22e0a256c05d44fca23bf530120b5d4a6249a393734884281ca80782329bc AS build
 RUN apk --no-cache add musl-dev busybox-static
 ARG RUST_PROFILE
 RUN adduser -S -s /bin/sh build
--- a/README.md
+++ b/README.md
@@ -47,8 +47,9 @@ We recommend running Sprout without Secure Boot for development, and with Secure
 | Operating System | Secure Boot Enabled | Link                                                  |
 |------------------|---------------------|-------------------------------------------------------|
-| Ubuntu           | ✅                   | [Setup Guide](./docs/setup/signed/ubuntu.md)          |
+| Fedora           | ✅                   | [Setup Guide](./docs/setup/signed/fedora.md)          |
 | Debian           | ✅                   | [Setup Guide](./docs/setup/signed/debian.md)          |
 | Ubuntu           | ✅                   | [Setup Guide](./docs/setup/signed/ubuntu.md)          |
 | openSUSE         | ✅                   | [Setup Guide](./docs/setup/signed/opensuse.md)        |
 | Fedora           | ❌                   | [Setup Guide](./docs/setup/unsigned/fedora.md)        |
 | Alpine Edge      | ❌                   | [Setup Guide](./docs/setup/unsigned/alpine-edge.md)   |
--- a/crates/boot/Cargo.toml
+++ b/crates/boot/Cargo.toml
@@ -12,6 +12,7 @@ anyhow.workspace = true
 edera-sprout-config.path = "../config"
 edera-sprout-eficore.path = "../eficore"
 hex.workspace = true
 jaarg.workspace = true
 sha2.workspace = true
 toml.workspace = true
 log.workspace = true
--- a/crates/boot/src/actions/chainload.rs
+++ b/crates/boot/src/actions/chainload.rs
@@ -1,14 +1,15 @@
 use crate::context::SproutContext;
 use crate::phases::before_handoff;
 use crate::utils;
 use alloc::boxed::Box;
 use alloc::rc::Rc;
 use anyhow::{Context, Result, bail};
 use edera_sprout_config::actions::chainload::ChainloadConfiguration;
 use eficore::bootloader_interface::BootloaderInterface;
 use eficore::loader::source::ImageSource;
 use eficore::loader::{ImageLoadRequest, ImageLoader};
 use eficore::media_loader::MediaLoaderHandle;
 use eficore::media_loader::constants::linux::LINUX_EFI_INITRD_MEDIA_GUID;
 use eficore::shim::{ShimInput, ShimSupport};
 use log::error;
 use uefi::CString16;
 use uefi::proto::loaded_image::LoadedImage;
@@ -24,12 +25,16 @@ pub fn chainload(context: Rc<SproutContext>, configuration: &ChainloadConfigurat
    )
    .context("unable to resolve chainload path")?;
-    // Load the image to chainload using the shim support integration.
+    // Create a new image load request with the current image and the resolved path.
    let request = ImageLoadRequest::new(sprout_image, ImageSource::ResolvedPath(&resolved));
    // Load the image to chainload using the image loader support module.
    // It will determine if the image needs to be loaded via the shim or can be loaded directly.
-    let image = ShimSupport::load(sprout_image, ShimInput::ResolvedPath(&resolved))?;
+    let image = ImageLoader::load(request)?;
    // Open the LoadedImage protocol of the image to chainload.
-    let mut loaded_image_protocol = uefi::boot::open_protocol_exclusive::<LoadedImage>(image)
+    let mut loaded_image_protocol =
        uefi::boot::open_protocol_exclusive::<LoadedImage>(*image.handle())
            .context("unable to open loaded image protocol")?;
    // Stamp and combine the options to pass to the image.
@@ -83,18 +88,15 @@ pub fn chainload(context: Rc<SproutContext>, configuration: &ChainloadConfigurat
    BootloaderInterface::mark_exec(context.root().timer())
        .context("unable to mark execution of boot entry in bootloader interface")?;
    // Since we are about to hand off control to another image, we need to execute the handoff hook.
    // This will perform operations like clearing the screen.
    before_handoff(&context).context("unable to execute before handoff hook")?;
    // Start the loaded image.
    // This call might return, or it may pass full control to another image that will never return.
    // Capture the result to ensure we can return an error if the image fails to start, but only
    // after the optional initrd has been unregistered.
-    let result = uefi::boot::start_image(image);
+    let result = uefi::boot::start_image(*image.handle());
    // Unregister the initrd if it was registered.
    if let Some(initrd_handle) = initrd_handle
        && let Err(error) = initrd_handle.unregister()
    {
        error!("unable to unregister linux initrd: {}", error);
    }
    // Assert there was no error starting the image.
    result.context("unable to start image")?;
@@ -102,6 +104,9 @@ pub fn chainload(context: Rc<SproutContext>, configuration: &ChainloadConfigurat
    // Explicitly drop the options to clarify the lifetime.
    drop(options);
    // Explicitly drop the initrd handle to clarify when it should be unregistered.
    drop(initrd_handle);
    // Return control to sprout.
    Ok(())
 }
--- a/crates/boot/src/actions/edera.rs
+++ b/crates/boot/src/actions/edera.rs
@@ -15,7 +15,6 @@ use eficore::media_loader::{
        XEN_EFI_CONFIG_MEDIA_GUID, XEN_EFI_KERNEL_MEDIA_GUID, XEN_EFI_RAMDISK_MEDIA_GUID,
    },
 };
 use log::error;
 use uefi::Guid;
 /// Builds a configuration string for the Xen EFI stub using the specified `configuration`.
@@ -105,7 +104,7 @@ pub fn edera(context: Rc<SproutContext>, configuration: &EderaConfiguration) ->
    )
    .context("unable to register kernel media loader")?;
-    // Create a vector of media loaders to unregister on error.
+    // Create a vector of media loaders to drop them only after this function completes.
    let mut media_loaders = vec![config, kernel];
    // Register the initrd if it is provided.
@@ -127,12 +126,8 @@ pub fn edera(context: Rc<SproutContext>, configuration: &EderaConfiguration) ->
    )
    .context("unable to chainload to xen");
-    // Unregister the media loaders when an error happens.
+    // Explicitly drop the media loaders to clarify when they should be unregistered.
-    for media_loader in media_loaders {
+    drop(media_loaders);
        if let Err(error) = media_loader.unregister() {
            error!("unable to unregister media loader: {}", error);
        }
    }
    result
 }
--- a/crates/boot/src/autoconfigure/linux.rs
+++ b/crates/boot/src/autoconfigure/linux.rs
@@ -1,5 +1,4 @@
 use crate::utils;
 use crate::utils::vercmp;
 use alloc::collections::BTreeMap;
 use alloc::string::{String, ToString};
 use alloc::vec::Vec;
@@ -25,7 +24,7 @@ const LINUX_CHAINLOAD_ACTION_PREFIX: &str = "linux-chainload-";
 const SCAN_LOCATIONS: &[&str] = &["\\boot", "\\"];
 /// Prefixes of kernel files to scan for.
-const KERNEL_PREFIXES: &[&str] = &["vmlinuz"];
+const KERNEL_PREFIXES: &[&str] = &["vmlinuz", "Image"];
 /// Prefixes of initramfs files to match to.
 const INITRAMFS_PREFIXES: &[&str] = &["initramfs", "initrd", "initrd.img"];
@@ -37,9 +36,9 @@ const INITRAMFS_PREFIXES: &[&str] = &["initramfs", "initrd", "initrd.img"];
 /// and then uses that code improperly by asserting that the pointer is non-null.
 /// To give a good user experience, we place a placeholder value here to ensure it's non-empty.
 /// For stubble, this code ensures the command line pointer becomes null:
-/// https://github.com/ubuntu/stubble/blob/e56643979addfb98982266018e08921c07424a0c/stub.c#L61-L64
+/// <https://github.com/ubuntu/stubble/blob/e56643979addfb98982266018e08921c07424a0c/stub.c#L61-L64>
 /// Then this code asserts on it, stopping the boot process:
-/// https://github.com/ubuntu/stubble/blob/e56643979addfb98982266018e08921c07424a0c/stub.c#L27
+/// <https://github.com/ubuntu/stubble/blob/e56643979addfb98982266018e08921c07424a0c/stub.c#L27>
 const DEFAULT_LINUX_OPTIONS: &str = "placeholder";
 /// Pair of kernel and initramfs.
@@ -186,17 +185,15 @@ pub fn scan(
        return Ok(false);
    }
    // Sort the kernel pairs by kernel version, if it has one, newer kernels first.
    pairs.sort_by(|a, b| vercmp::compare_versions(&a.kernel, &b.kernel).reverse());
    // Generate a unique name for the linux chainload action.
-    let chainload_action_name = format!("{}{}", LINUX_CHAINLOAD_ACTION_PREFIX, root_unique_hash,);
+    let chainload_action_name = format!("{}{}", LINUX_CHAINLOAD_ACTION_PREFIX, root_unique_hash);
    // Kernel pairs are detected, generate a list configuration for it.
    let generator = ListConfiguration {
        entry: EntryDeclaration {
            title: "Boot Linux $name".to_string(),
            actions: vec![chainload_action_name.clone()],
            sort_key: Some("$kernel".to_string()),
            ..Default::default()
        },
        values: pairs
--- a/crates/boot/src/autoconfigure/windows.rs
+++ b/crates/boot/src/autoconfigure/windows.rs
@@ -51,13 +51,14 @@ pub fn scan(
    let chainload_action_name = format!("{}{}", WINDOWS_CHAINLOAD_ACTION_PREFIX, root_unique_hash,);
    // Generate an entry name for Windows.
-    let entry_name = format!("auto-windows-{}", root_unique_hash,);
+    let entry_name = format!("auto-windows-{}", root_unique_hash);
    // Create an entry for Windows and insert it into the configuration.
    let entry = EntryDeclaration {
        title: "Boot Windows".to_string(),
        actions: vec![chainload_action_name.clone()],
        values: Default::default(),
        sort_key: None, // Use the default sort key.
    };
    config.entries.insert(entry_name, entry);
--- a/crates/boot/src/drivers.rs
+++ b/crates/boot/src/drivers.rs
@@ -5,7 +5,8 @@ use alloc::rc::Rc;
 use alloc::string::String;
 use anyhow::{Context, Result};
 use edera_sprout_config::drivers::DriverDeclaration;
-use eficore::shim::{ShimInput, ShimSupport};
+use eficore::loader::source::ImageSource;
 use eficore::loader::{ImageLoadRequest, ImageLoader};
 use log::info;
 use uefi::boot::SearchType;
@@ -21,14 +22,17 @@ fn load_driver(context: Rc<SproutContext>, driver: &DriverDeclaration) -> Result
    )
    .context("unable to resolve path to driver")?;
-    // Load the driver image using the shim support integration.
+    // Create an image load request with the current image and the resolved path.
    let request = ImageLoadRequest::new(sprout_image, ImageSource::ResolvedPath(&resolved));
    // Load the driver image using the image loader support module.
    // It will determine if the image needs to be loaded via the shim or can be loaded directly.
-    let image = ShimSupport::load(sprout_image, ShimInput::ResolvedPath(&resolved))?;
+    let image = ImageLoader::load(request)?;
    // Start the driver image, this is expected to return control to sprout.
    // There is no guarantee that the driver will actually return control as it is
    // just a standard EFI image.
-    uefi::boot::start_image(image).context("unable to start driver image")?;
+    uefi::boot::start_image(*image.handle()).context("unable to start driver image")?;
    Ok(())
 }
--- a/crates/boot/src/entries.rs
+++ b/crates/boot/src/entries.rs
@@ -12,6 +12,7 @@ pub struct BootableEntry {
    declaration: EntryDeclaration,
    default: bool,
    pin_name: bool,
    sort_key: Option<String>,
 }
 impl BootableEntry {
@@ -29,6 +30,7 @@ impl BootableEntry {
            declaration,
            default: false,
            pin_name: false,
            sort_key: None,
        }
    }
@@ -93,10 +95,36 @@ impl BootableEntry {
    }
    /// Determine if this entry matches `needle` by comparing to the name or title of the entry.
    /// If `needle` ends with *, we will match a partial match.
    pub fn is_match(&self, needle: &str) -> bool {
        // If the needle ends with '*', we will accept a partial match.
        if needle.ends_with("*") {
            // Strip off any '*' at the end.
            let partial = needle.trim_end_matches("*");
            // Check if the name or title start with the partial match.
            return self.name.starts_with(partial) || self.title.starts_with(partial);
        }
        // Standard quality matching rules.
        self.name == needle || self.title == needle
    }
    /// Set the sort key of the entry. This is used to sort entries via version comparison.
    pub fn set_sort_key(&mut self, sort_key: String) {
        self.sort_key = Some(sort_key);
    }
    /// Retrieve a reference to the sort key of the entry. If one is not specified, we will use the
    /// name of the entry.
    pub fn sort_key(&self) -> &str {
        // Use the sort key specified in the bootable entry, or use the declaration sort key,
        // or use the name of the entry.
        self.sort_key
            .as_deref()
            .or(self.declaration.sort_key.as_deref())
            .unwrap_or(&self.name)
    }
    /// Find an entry by `needle` inside the entry iterator `haystack`.
    /// This will search for an entry by name, title, or index.
    pub fn find<'a>(
--- a/crates/boot/src/generators/bls.rs
+++ b/crates/boot/src/generators/bls.rs
@@ -26,7 +26,7 @@ fn quirk_initrd_remove_tuned(input: String) -> String {
 }
 /// Sorts two entries according to the BLS sort system.
-/// Reference: https://uapi-group.org/specifications/specs/boot_loader_specification/#sorting
+/// Reference: <https://uapi-group.org/specifications/specs/boot_loader_specification/#sorting>
 fn sort_entries(a: &(BlsEntry, BootableEntry), b: &(BlsEntry, BootableEntry)) -> Ordering {
    // Grab the components of both entries.
    let (a_bls, a_boot) = a;
@@ -206,6 +206,16 @@ pub fn generate(context: Rc<SproutContext>, bls: &BlsConfiguration) -> Result<Ve
    // Sort all the entries according to the BLS sort system.
    entries.sort_by(sort_entries);
    // Grab the number of entries that we have, so we can calculate a reverse index.
    let entry_count = entries.len();
    // Set the sort keys of all the bootable entries to a semi-unique prefix + the BLS sort order.
    // The final comparison happens using version comparison, so this will sort
    // things properly.
    for (idx, (_bls, boot)) in entries.iter_mut().enumerate() {
        boot.set_sort_key(format!("bls-{}-{}", path, entry_count - idx - 1));
    }
    // Collect all the bootable entries and return them.
    Ok(entries.into_iter().map(|(_, boot)| boot).collect())
 }
--- a/crates/boot/src/main.rs
+++ b/crates/boot/src/main.rs
@@ -6,8 +6,8 @@ extern crate alloc;
 use crate::context::{RootContext, SproutContext};
 use crate::entries::BootableEntry;
 use crate::options::SproutOptions;
 use crate::options::parser::OptionsRepresentable;
 use crate::phases::phase;
 use crate::utils::vercmp::compare_versions;
 use alloc::collections::BTreeMap;
 use alloc::format;
 use alloc::string::ToString;
@@ -258,6 +258,10 @@ fn run() -> Result<()> {
        }
    }
    // Sort the entries by their sort key, finalizing the order to show entries. This happens
    // in reverse order so that entries that would come last show up first in the menu.
    entries.sort_by(|a, b| compare_versions(a.sort_key(), b.sort_key()).reverse());
    // Tell the bootloader interface what entries are available.
    BootloaderInterface::set_entries(entries.iter().map(|entry| entry.name()))
        .context("unable to set entries in bootloader interface")?;
@@ -385,7 +389,7 @@ fn efi_main() -> Status {
    let result = run();
    if let Err(ref error) = result {
        // Print an error trace.
-        error!("sprout encountered an error:");
+        error!("sprout encountered an error: {}", error);
        for (index, stack) in error.chain().enumerate() {
            error!("[{}]: {}", index, stack);
        }
--- a/crates/boot/src/options.rs
+++ b/crates/boot/src/options.rs
@@ -1,10 +1,12 @@
 use crate::options::parser::{OptionDescription, OptionForm, OptionsRepresentable};
 use alloc::collections::BTreeMap;
 use alloc::string::{String, ToString};
-use anyhow::{Context, Result, bail};
+use anyhow::Result;
-
+use core::ptr::null_mut;
-/// The Sprout options parser.
+use jaarg::{
-pub mod parser;
+    ErrorUsageWriter, ErrorUsageWriterContext, HelpWriter, HelpWriterContext, Opt, Opts,
    ParseControl, ParseResult, StandardErrorUsageWriter, StandardFullHelpWriter,
 };
 use log::{error, info};
 use uefi_raw::Status;
 /// Default configuration file path.
 const DEFAULT_CONFIG_PATH: &str = "\\sprout.toml";
@@ -22,6 +24,8 @@ pub struct SproutOptions {
    pub force_menu: bool,
    /// The timeout for the boot menu in seconds.
    pub menu_timeout: Option<u64>,
    /// Retains the boot console before boot.
    pub retain_boot_console: bool,
 }
 /// The default Sprout options.
@@ -33,102 +37,106 @@ impl Default for SproutOptions {
            boot: None,
            force_menu: false,
            menu_timeout: None,
            retain_boot_console: false,
        }
    }
 }
 /// The options parser mechanism for Sprout.
-impl OptionsRepresentable for SproutOptions {
+impl SproutOptions {
-    /// Produce the [SproutOptions] structure.
+    /// Produces [SproutOptions] from the arguments provided by the UEFI core.
-    type Output = Self;
+    /// Internally, we use the `jaarg` argument parser which has excellent no_std support.
-
+    pub fn parse() -> Result<Self> {
-    /// All the Sprout options that are defined.
+        enum ArgID {
-    fn options() -> &'static [(&'static str, OptionDescription<'static>)] {
+            Help,
-        &[
+            AutoConfigure,
-            (
+            Config,
-                "autoconfigure",
+            Boot,
-                OptionDescription {
+            ForceMenu,
-                    description: "Enable Sprout Autoconfiguration",
+            MenuTimeout,
-                    form: OptionForm::Flag,
+            RetainBootConsole,
                },
            ),
            (
                "config",
                OptionDescription {
                    description: "Path to Sprout configuration file",
                    form: OptionForm::Value,
                },
            ),
            (
                "boot",
                OptionDescription {
                    description: "Entry to boot, bypassing the menu",
                    form: OptionForm::Value,
                },
            ),
            (
                "force-menu",
                OptionDescription {
                    description: "Force showing of the boot menu",
                    form: OptionForm::Flag,
                },
            ),
            (
                "menu-timeout",
                OptionDescription {
                    description: "Boot menu timeout, in seconds",
                    form: OptionForm::Value,
                },
            ),
            (
                "help",
                OptionDescription {
                    description: "Display Sprout Help",
                    form: OptionForm::Help,
                },
            ),
        ]
        }
-    /// Produces [SproutOptions] from the parsed raw `options` map.
+        // All the options for the Sprout executable.
-    fn produce(options: BTreeMap<String, Option<String>>) -> Result<Self> {
+        const OPTIONS: Opts<ArgID> = Opts::new(&[
            Opt::help_flag(ArgID::Help, &["--help"]).help_text("Display Sprout Help"),
            Opt::flag(ArgID::AutoConfigure, &["--autoconfigure"])
                .help_text("Enable Sprout autoconfiguration"),
            Opt::value(ArgID::Config, &["--config"], "PATH")
                .help_text("Path to Sprout configuration file"),
            Opt::value(ArgID::Boot, &["--boot"], "ENTRY")
                .help_text("Entry to boot, bypassing the menu"),
            Opt::flag(ArgID::ForceMenu, &["--force-menu"]).help_text("Force showing the boot menu"),
            Opt::value(ArgID::MenuTimeout, &["--menu-timeout"], "TIMEOUT")
                .help_text("Boot menu timeout, in seconds"),
            Opt::flag(ArgID::RetainBootConsole, &["--retain-boot-console"])
                .help_text("Retain boot console before boot"),
        ]);
        // Acquire the arguments as determined by the UEFI core.
        let args = eficore::env::args()?;
        // Use the default value of sprout options and have the raw options be parsed into it.
        let mut result = Self::default();
-        for (key, value) in options {
+        // Parse the OPTIONS into a map using jaarg.
-            match key.as_str() {
+        match OPTIONS.parse(
-                "autoconfigure" => {
+            "sprout",
            args.iter(),
            |program_name, id, _opt, _name, value| {
                match id {
                    ArgID::AutoConfigure => {
                        // Enable autoconfiguration.
                        result.autoconfigure = true;
                    }
-
+                    ArgID::Config => {
                "config" => {
                        // The configuration file to load.
-                    result.config = value.context("--config option requires a value")?;
+                        result.config = value.into();
                    }
-
+                    ArgID::Boot => {
                "boot" => {
                        // The entry to boot.
-                    result.boot = Some(value.context("--boot option requires a value")?);
+                        result.boot = Some(value.into());
                    }
-
+                    ArgID::ForceMenu => {
                "force-menu" => {
                        // Force showing of the boot menu.
                        result.force_menu = true;
                    }
-
+                    ArgID::MenuTimeout => {
                "menu-timeout" => {
                        // The timeout for the boot menu in seconds.
-                    let value = value.context("--menu-timeout option requires a value")?;
+                        result.menu_timeout = Some(value.parse::<u64>()?);
                    let value = value
                        .parse::<u64>()
                        .context("menu-timeout must be a number")?;
                    result.menu_timeout = Some(value);
                    }
                    ArgID::RetainBootConsole => {
                        // Retain the boot console before booting.
                        result.retain_boot_console = true;
                    }
                    ArgID::Help => {
                        let ctx = HelpWriterContext {
                            options: &OPTIONS,
                            program_name,
                        };
                        info!("{}", StandardFullHelpWriter::new(ctx));
                        return Ok(ParseControl::Quit);
                    }
                }
                Ok(ParseControl::Continue)
            },
            |program_name, error| {
                let ctx = ErrorUsageWriterContext {
                    options: &OPTIONS,
                    program_name,
                    error,
                };
                error!("{}", StandardErrorUsageWriter::new(ctx));
            },
        ) {
            ParseResult::ContinueSuccess => Ok(result),
            ParseResult::ExitSuccess => unsafe {
                uefi::boot::exit(uefi::boot::image_handle(), Status::SUCCESS, 0, null_mut());
            },
-                _ => bail!("unknown option: --{key}"),
+            ParseResult::ExitError => unsafe {
                uefi::boot::exit(uefi::boot::image_handle(), Status::ABORTED, 0, null_mut());
            },
        }
    }
        Ok(result)
    }
 }
--- a/crates/boot/src/options/parser.rs
+++ b/crates/boot/src/options/parser.rs
@@ -1,153 +0,0 @@
 use alloc::collections::BTreeMap;
 use alloc::string::{String, ToString};
 use anyhow::{Context, Result, bail};
 use core::ptr::null_mut;
 use eficore::env;
 use log::info;
 use uefi_raw::Status;
 /// The type of option. This disambiguates different behavior
 /// of how options are handled.
 #[derive(Debug, Clone, Ord, PartialOrd, Eq, PartialEq)]
 pub enum OptionForm {
    /// A flag, like --verbose.
    Flag,
    /// A value, in the form --abc 123 or --abc=123.
    Value,
    /// Help flag, like --help.
    Help,
 }
 /// The description of an option, used in the option parser
 /// to make decisions about how to progress.
 #[derive(Debug, Clone)]
 pub struct OptionDescription<'a> {
    /// The description of the option.
    pub description: &'a str,
    /// The type of option to parse as.
    pub form: OptionForm,
 }
 /// Represents a type that can be parsed from command line arguments.
 /// This is a super minimal options parser mechanism just for Sprout.
 pub trait OptionsRepresentable {
    /// The output type that parsing will produce.
    type Output;
    /// The configured options for this type. This should describe all the options
    /// that are valid to produce the type. The left-hand side is the name of the option,
    /// and the right-hand side is the description.
    fn options() -> &'static [(&'static str, OptionDescription<'static>)];
    /// Produces the type by taking the `options` and processing it into the output.
    fn produce(options: BTreeMap<String, Option<String>>) -> Result<Self::Output>;
    /// For minimalism, we don't want a full argument parser. Instead, we use
    /// a simple --xyz = xyz: None and --abc 123 = abc: Some("123") format.
    /// We also support the format: --abc=123
    fn parse_raw() -> Result<BTreeMap<String, Option<String>>> {
        // Access the configured options for this type.
        let configured: BTreeMap<_, _> = BTreeMap::from_iter(Self::options().to_vec());
        // Collect all the arguments to Sprout.
        // Skip the first argument, which is the path to our executable.
        let args = env::args()?;
        // Represent options as key-value pairs.
        let mut options = BTreeMap::new();
        // Iterators makes this way easier.
        let mut iterator = args.into_iter().peekable();
        loop {
            // Consume the next option, if any.
            let Some(option) = iterator.next() else {
                break;
            };
            // If the option doesn't start with --, that is invalid.
            if !option.starts_with("--") {
                bail!("invalid option: {option}");
            }
            // Strip the -- prefix off.
            let mut option = option["--".len()..].trim().to_string();
            // An optional value.
            let mut value = None;
            // Check if the option is of the form --abc=123
            if let Some((part_key, part_value)) = option.split_once('=') {
                let part_key = part_key.to_string();
                let part_value = part_value.to_string();
                option = part_key;
                value = Some(part_value);
            }
            // Error on empty option names.
            if option.is_empty() {
                bail!("invalid empty option");
            }
            // Find the description of the configured option, if any.
            let Some(description) = configured.get(option.as_str()) else {
                bail!("invalid option: --{option}");
            };
            // Check if the option requires a value and error if none was provided.
            if description.form == OptionForm::Value && value.is_none() {
                // Check for the next value.
                let maybe_next = iterator.peek();
                // If the next value isn't another option, set the value to the next value.
                // Otherwise, it is None.
                value = if let Some(next) = maybe_next
                    && !next.starts_with("--")
                {
                    iterator.next()
                } else {
                    None
                };
            }
            // If the option form does not support a value and there is a value, error.
            if description.form != OptionForm::Value && value.is_some() {
                bail!("option --{} does not take a value", option);
            }
            // Handle the --help flag case.
            if description.form == OptionForm::Help {
                // Generic configured options output.
                info!("Configured Options:");
                for (name, description) in &configured {
                    info!(
                        "  --{}{}: {}",
                        name,
                        if description.form == OptionForm::Value {
                            " <value>"
                        } else {
                            ""
                        },
                        description.description
                    );
                }
                // Exit because the help has been displayed.
                unsafe {
                    uefi::boot::exit(uefi::boot::image_handle(), Status::SUCCESS, 0, null_mut());
                };
            }
            // Insert the option and the value into the map.
            options.insert(option, value);
        }
        Ok(options)
    }
    /// Parses the program arguments as a [Self::Output], calling [Self::parse_raw] and [Self::produce].
    fn parse() -> Result<Self::Output> {
        // Parse the program arguments into a raw map.
        let options = Self::parse_raw().context("unable to parse options")?;
        // Produce the options from the map.
        Self::produce(options)
    }
 }
--- a/crates/boot/src/phases.rs
+++ b/crates/boot/src/phases.rs
@@ -6,7 +6,7 @@ use anyhow::{Context, Result};
 use edera_sprout_config::phases::PhaseConfiguration;
 /// Executes the specified [phase] of the boot process.
-/// The value [phase] should be a reference of a specific phase in the [PhasesConfiguration].
+/// The value [phase] should be a reference of a specific phase in the `PhasesConfiguration`.
 /// Any error from the actions is propagated into the [Result] and will interrupt further
 /// execution of phase actions.
 pub fn phase(context: Rc<SproutContext>, phase: &[PhaseConfiguration]) -> Result<()> {
@@ -24,3 +24,18 @@ pub fn phase(context: Rc<SproutContext>, phase: &[PhaseConfiguration]) -> Result
    }
    Ok(())
 }
 /// Manual hook called by code in the bootloader that hands off to another image.
 /// This is used to perform actions like clearing the screen.
 pub fn before_handoff(context: &SproutContext) -> Result<()> {
    // If we have not been asked to retain the boot console, then we should clear the screen.
    if !context.root().options().retain_boot_console {
        // Clear the screen. We use clear here instead of reset because some firmware,
        // particularly Dell firmware, does not clear the screen on reset.
        // We clear both stdout and stderr because it's not guaranteed that they are the same
        // text output.
        uefi::system::with_stdout(|stdout| stdout.clear()).context("unable to clear screen")?;
        uefi::system::with_stderr(|stderr| stderr.clear()).context("unable to clear screen")?;
    }
    Ok(())
 }
--- a/crates/boot/src/utils/vercmp.rs
+++ b/crates/boot/src/utils/vercmp.rs
@@ -33,7 +33,7 @@ pub fn compare_versions_optional(a: Option<&str>, b: Option<&str>) -> Ordering {
 }
 /// Compares two strings using the BLS version comparison specification.
-/// See: https://uapi-group.org/specifications/specs/version_format_specification/
+/// See: <https://uapi-group.org/specifications/specs/version_format_specification/>
 pub fn compare_versions(a: &str, b: &str) -> Ordering {
    // Acquire a peekable iterator for each string.
    let mut a_chars = a.chars().peekable();
--- a/crates/build/src/sbat.template.rs
+++ b/crates/build/src/sbat.template.rs
@@ -1,5 +1,5 @@
 /// Define the SBAT attestation by including the sbat.csv file.
-/// See this document for more details: https://github.com/rhboot/shim/blob/main/SBAT.md
+/// See this document for more details: <https://github.com/rhboot/shim/blob/main/SBAT.md>
 /// NOTE: This data must be aligned by 512 bytes.
 #[used]
 #[unsafe(link_section = ".sbat")]
--- a/crates/config/src/actions/chainload.rs
+++ b/crates/config/src/actions/chainload.rs
@@ -13,7 +13,7 @@ pub struct ChainloadConfiguration {
    #[serde(default)]
    pub options: Vec<String>,
    /// An optional path to a Linux initrd.
-    /// This uses the [LINUX_EFI_INITRD_MEDIA_GUID] mechanism to load the initrd into the EFI stack.
+    /// This uses the `LINUX_EFI_INITRD_MEDIA_GUID` mechanism to load the initrd into the EFI stack.
    /// For Linux, you can also use initrd=\path\to\initrd as an option, but this option is
    /// generally better and safer as it can support additional load options in the future.
    #[serde(default, rename = "linux-initrd")]
--- a/crates/config/src/entries.rs
+++ b/crates/config/src/entries.rs
@@ -18,4 +18,7 @@ pub struct EntryDeclaration {
    /// The values to insert into the context when the entry is selected.
    #[serde(default)]
    pub values: BTreeMap<String, String>,
    /// The key to sort entries, via version comparison.
    #[serde(default, rename = "sort-key")]
    pub sort_key: Option<String>,
 }
--- a/crates/config/src/lib.rs
+++ b/crates/config/src/lib.rs
@@ -78,8 +78,7 @@ pub struct RootConfiguration {
 /// Options configuration for Sprout, used when the corresponding options are not specified.
 #[derive(Serialize, Deserialize, Debug, Default, Clone)]
 pub struct OptionsConfiguration {
-    /// The entry to boot without showing the boot menu.
+    /// The entry to mark as the default entry, instead of the first entry.
    /// If not specified, a boot menu is shown.
    #[serde(rename = "default-entry", default)]
    pub default_entry: Option<String>,
    /// The timeout of the boot menu.
--- a/crates/eficore/src/lib.rs
+++ b/crates/eficore/src/lib.rs
@@ -1,11 +1,17 @@
-//! Sprout EFI Core.
+//! Sprout EFI core.
-//! This crate provides tools for working with the EFI environment.
+//! This crate provides core EFI functionality for Sprout.
 // For some reason this triggers, and I can't figure out why.
 #![allow(rustdoc::bare_urls)]
 #![no_std]
 extern crate alloc;
 /// EFI handle helpers.
 pub mod handle;
 /// Load and start EFI images.
 pub mod loader;
 /// Logging support for EFI applications.
 pub mod logger;
--- a/crates/eficore/src/loader.rs
+++ b/crates/eficore/src/loader.rs
@@ -0,0 +1,141 @@
 use crate::loader::source::ImageSource;
 use crate::secure::SecureBoot;
 use crate::shim::hook::SecurityHook;
 use crate::shim::{ShimInput, ShimSupport};
 use anyhow::{Context, Result, bail};
 use log::warn;
 use uefi::Handle;
 use uefi::boot::LoadImageSource;
 /// Represents EFI image sources generically.
 pub mod source;
 /// Handle to a loaded EFI image.
 pub struct ImageHandle {
    /// Handle to the loaded image.
    handle: Handle,
 }
 impl ImageHandle {
    /// Create a new image handle based on a handle from the UEFI stack.
    pub fn new(handle: Handle) -> Self {
        Self { handle }
    }
    /// Retrieve the underlying handle.
    pub fn handle(&self) -> &Handle {
        &self.handle
    }
 }
 /// Request to load an image from a source, with support for additional validation features.
 pub struct ImageLoadRequest<'source> {
    /// Handle to the current image.
    current_image: Handle,
    /// Source of the image to load.
    source: ImageSource<'source>,
 }
 impl<'source> ImageLoadRequest<'source> {
    /// Create a new image load request with a current image and a source.
    pub fn new(current_image: Handle, source: ImageSource<'source>) -> Self {
        Self {
            current_image,
            source,
        }
    }
    /// Retrieve the current image.
    pub fn current_image(&self) -> &Handle {
        &self.current_image
    }
    /// Retrieve the source of the image to load.
    pub fn source(&'source self) -> &'source ImageSource<'source> {
        &self.source
    }
    /// Convert the request into a source.
    pub fn into_source(self) -> ImageSource<'source> {
        self.source
    }
 }
 /// EFI image loader.
 pub struct ImageLoader;
 impl ImageLoader {
    /// Load an image using the image `request` which allows
    pub fn load(request: ImageLoadRequest) -> Result<ImageHandle> {
        // Determine whether Secure Boot is enabled.
        let secure_boot =
            SecureBoot::enabled().context("unable to determine if secure boot is enabled")?;
        // Determine whether the shim is loaded.
        let shim_loaded = ShimSupport::loaded().context("unable to determine if shim is loaded")?;
        // Determine whether the shim loader is available.
        let shim_loader_available = ShimSupport::loader_available()
            .context("unable to determine if shim loader is available")?;
        // Determines whether LoadImage in Boot Services must be patched.
        // Version 16 of the shim doesn't require extra effort to load Secure Boot binaries.
        // If the image loader is installed, we can skip over the security hook.
        let requires_security_hook = secure_boot && shim_loaded && !shim_loader_available;
        // If the security hook is required, we will bail for now.
        if requires_security_hook {
            // Install the security hook, if possible. If it's not, this is necessary to continue,
            // so we should bail.
            let installed = SecurityHook::install().context("unable to install security hook")?;
            if !installed {
                bail!("unable to install security hook required for this platform");
            }
        }
        // If the shim is loaded, we will need to retain the shim protocol to allow
        // loading multiple images.
        if shim_loaded {
            // Retain the shim protocol after loading the image.
            ShimSupport::retain()?;
        }
        // Clone the current image handle to use for loading the image.
        let current_image = *request.current_image();
        // Converts the source to a shim input with an owned data buffer.
        let input = ShimInput::from(request.into_source())
            .into_owned_data_buffer()
            .context("unable to convert input to loaded data buffer")?;
        // Constructs a LoadImageSource from the input.
        let source = LoadImageSource::FromBuffer {
            buffer: input.buffer().context("unable to get buffer from input")?,
            file_path: input.file_path(),
        };
        // Loads the image using Boot Services LoadImage function.
        let result = uefi::boot::load_image(current_image, source).context("unable to load image");
        // If the security override is required, we will uninstall the security hook.
        if requires_security_hook {
            let uninstall_result = crate::shim::hook::SecurityHook::uninstall();
            // Ensure we don't mask load image errors if uninstalling fails.
            if result.is_err()
                && let Err(uninstall_error) = &uninstall_result
            {
                // Warn on the error since the load image error is more important.
                warn!("unable to uninstall security hook: {}", uninstall_error);
            } else {
                // Otherwise, ensure we handle the original uninstallation result.
                uninstall_result?;
            }
        }
        // Assert the result and grab the handle.
        let handle = result?;
        // Retrieve the handle from the result and make a new image handle.
        Ok(ImageHandle::new(handle))
    }
 }
--- a/crates/eficore/src/loader/source.rs
+++ b/crates/eficore/src/loader/source.rs
@@ -0,0 +1,25 @@
 use crate::path::ResolvedPath;
 use crate::shim::ShimInput;
 /// Represents a source of an EFI image.
 pub enum ImageSource<'source> {
    /// The image is located at the specified path that has been resolved.
    ResolvedPath(&'source ResolvedPath),
    /// The image is located in a buffer.
    DataBuffer {
        /// Optional path to the image.
        path: Option<&'source ResolvedPath>,
        /// Buffer containing the image.
        buffer: &'source [u8],
    },
 }
 /// Implement conversion from `ImageSource` to `ShimInput`, which is used by the shim support code.
 impl<'source> From<ImageSource<'source>> for ShimInput<'source> {
    fn from(value: ImageSource<'source>) -> Self {
        match value {
            ImageSource::ResolvedPath(path) => ShimInput::ResolvedPath(path),
            ImageSource::DataBuffer { path, buffer } => ShimInput::DataBuffer(path, buffer),
        }
    }
 }
--- a/crates/eficore/src/media_loader.rs
+++ b/crates/eficore/src/media_loader.rs
@@ -3,6 +3,7 @@ use alloc::vec::Vec;
 use anyhow::{Context, Result, bail};
 use core::ffi::c_void;
 use core::ptr;
 use log::error;
 use uefi::proto::device_path::DevicePath;
 use uefi::proto::device_path::build::DevicePathBuilder;
 use uefi::proto::device_path::build::media::Vendor;
@@ -33,8 +34,7 @@ struct MediaLoaderProtocol {
 }
 /// Represents a media loader which has been registered in the UEFI stack.
-/// You MUST call [MediaLoaderHandle::unregister] when ready to unregister.
+/// Calling `drop` on this handle will unregister the media loader.
 /// [Drop] is not implemented for this type.
 pub struct MediaLoaderHandle {
    /// The handle of the media loader in the UEFI stack.
    handle: Handle,
@@ -161,14 +161,31 @@ impl MediaLoaderHandle {
        // Install a protocol interface for the device path.
        // This ensures it can be located by other EFI programs.
-        let primary_handle = unsafe {
+        let primary_handle = match unsafe {
            uefi::boot::install_protocol_interface(
                None,
                &DevicePathProtocol::GUID,
                path.as_ffi_ptr() as *mut c_void,
            )
        }
-        .context("unable to install media loader device path handle")?;
+        .context("unable to install media loader device path handle")
        {
            // Acquiring the primary handle succeeded, so we can return the handle.
            Ok(handle) => handle,
            // If acquiring the primary handle failed, we free the device path and return the error.
            Err(error) => {
                // SAFETY: We know that the device path is leaked,
                // so we can safely take a reference to it again.
                // The UEFI stack failed to install the protocol interface
                // if we reach here, so the path is no longer in use.
                let path = unsafe { Box::from_raw(path) };
                // Explicitly drop the path to clarify the lifetime.
                drop(path);
                // Return the original error.
                return Err(error);
            }
        };
        // Leak the data we need to pass to the UEFI stack.
        let data = Box::leak(data);
@@ -238,7 +255,7 @@ impl MediaLoaderHandle {
    /// Unregisters a media loader from the UEFI stack.
    /// This will free the memory allocated by the passed data.
-    pub fn unregister(self) -> Result<()> {
+    fn unregister(&self) -> Result<()> {
        // SAFETY: We know that the media loader is registered if the handle is valid,
        // so we can safely uninstall it.
        // We should have allocated the pointers involved, so we can safely free them.
@@ -276,3 +293,14 @@ impl MediaLoaderHandle {
        Ok(())
    }
 }
 /// Implement drop for the handle to automatically unregister the media loader.
 impl Drop for MediaLoaderHandle {
    fn drop(&mut self) {
        // If unregister fails, print an error to the log.
        // This may leak stuff, but the only other option is to panic.
        if let Err(error) = self.unregister() {
            error!("unable to unregister media loader: {}", error);
        }
    }
 }
--- a/crates/eficore/src/shim.rs
+++ b/crates/eficore/src/shim.rs
@@ -1,6 +1,4 @@
 use crate::path::ResolvedPath;
 use crate::secure::SecureBoot;
 use crate::shim::hook::SecurityHook;
 use crate::variables::{VariableClass, VariableController};
 use alloc::boxed::Box;
 use alloc::string::ToString;
@@ -8,9 +6,6 @@ use alloc::vec::Vec;
 use anyhow::{Context, Result, anyhow, bail};
 use core::ffi::c_void;
 use core::pin::Pin;
 use log::warn;
 use uefi::Handle;
 use uefi::boot::LoadImageSource;
 use uefi::proto::device_path::text::{AllowShortcuts, DisplayOnly};
 use uefi::proto::device_path::{DevicePath, FfiDevicePath};
 use uefi::proto::unsafe_protocol;
@@ -18,7 +13,7 @@ use uefi_raw::table::runtime::VariableVendor;
 use uefi_raw::{Guid, Status, guid};
 /// Security hook support.
-mod hook;
+pub mod hook;
 /// Support for the shim loader application for Secure Boot.
 pub struct ShimSupport;
@@ -237,72 +232,6 @@ impl ShimSupport {
            .unwrap_or(ShimVerificationOutput::VerifiedDataNotLoaded))
    }
    /// Load the image specified by the `input` and returns an image handle.
    pub fn load(current_image: Handle, input: ShimInput) -> Result<Handle> {
        // Determine whether Secure Boot is enabled.
        let secure_boot =
            SecureBoot::enabled().context("unable to determine if secure boot is enabled")?;
        // Determine whether the shim is loaded.
        let shim_loaded = Self::loaded().context("unable to determine if shim is loaded")?;
        // Determine whether the shim loader is available.
        let shim_loader_available =
            Self::loader_available().context("unable to determine if shim loader is available")?;
        // Determines whether LoadImage in Boot Services must be patched.
        // Version 16 of the shim doesn't require extra effort to load Secure Boot binaries.
        // If the image loader is installed, we can skip over the security hook.
        let requires_security_hook = secure_boot && shim_loaded && !shim_loader_available;
        // If the security hook is required, we will bail for now.
        if requires_security_hook {
            // Install the security hook, if possible. If it's not, this is necessary to continue,
            // so we should bail.
            let installed = SecurityHook::install().context("unable to install security hook")?;
            if !installed {
                bail!("unable to install security hook required for this platform");
            }
        }
        // If the shim is loaded, we will need to retain the shim protocol to allow
        // loading multiple images.
        if shim_loaded {
            // Retain the shim protocol after loading the image.
            Self::retain()?;
        }
        // Converts the shim input to an owned data buffer.
        let input = input
            .into_owned_data_buffer()
            .context("unable to convert input to loaded data buffer")?;
        // Constructs a LoadImageSource from the input.
        let source = LoadImageSource::FromBuffer {
            buffer: input.buffer().context("unable to get buffer from input")?,
            file_path: input.file_path(),
        };
        // Loads the image using Boot Services LoadImage function.
        let result = uefi::boot::load_image(current_image, source).context("unable to load image");
        // If the security override is required, we will uninstall the security hook.
        if requires_security_hook {
            let uninstall_result = SecurityHook::uninstall();
            // Ensure we don't mask load image errors if uninstalling fails.
            if result.is_err()
                && let Err(uninstall_error) = &uninstall_result
            {
                // Warn on the error since the load image error is more important.
                warn!("unable to uninstall security hook: {}", uninstall_error);
            } else {
                // Otherwise, ensure we handle the original uninstallation result.
                uninstall_result?;
            }
        }
        result
    }
    /// Set the ShimRetainProtocol variable to indicate that shim should retain the protocols
    /// for the full lifetime of boot services.
    pub fn retain() -> Result<()> {
--- a/docs/setup/signed/debian.md
+++ b/docs/setup/signed/debian.md
@@ -60,7 +60,7 @@ Copy the downloaded `sprout.efi` file to `/boot/efi/EFI/sprout/sprout.unsigned.e
 ## Step 4: Sign Sprout for Secure Boot
 ```bash
-# For x86_64, sign the unsigned Sprout artifact and name it grubaa64.efi which is what the shim will call.
+# For x86_64, sign the unsigned Sprout artifact and name it grubx64.efi which is what the shim will call.
 $ sbsign \
    --key /etc/sprout/secure-boot/mok.key \
    --cert /etc/sprout/secure-boot/mok.crt \
@@ -120,8 +120,8 @@ path = "\\EFI\\sprout\\ext4.efi"
 # global options.
 [options]
-# enable autoconfiguration by detecting bls enabled
+# enable autoconfiguration by detecting installed kernels
-# filesystems and generating boot entries for them.
+# generating boot entries for them.
 autoconfigure = true
 ```
@@ -130,14 +130,16 @@ If you do not have any drivers, exclude the drivers section entirely.
 ## Step 7: Configure Sprout Boot Entry
-In the following commands, replace /dev/ESP_PARTITION with the actual path to the ESP partition block device.
+In the following commands, replace /dev/BLOCK_DEVICE with the device that houses your GPT partition table,
 and PARTITION_NUMBER with the partition number of the EFI System Partition. For example, if your EFI System Partition is
 `/dev/sda1`, the BLOCK_DEVICE would be `/dev/sda` and the PARTITION_NUMBER would be `1`
 ```bash
 # For x86_64, run this command to add Sprout as the default boot entry.
-$ efibootmgr -d /dev/ESP_PARTITION -c -L 'Sprout' -l '\EFI\sprout\shimx64.efi'
+$ efibootmgr -d /dev/BLOCK_DEVICE -p PARTITION_NUMBER -c -L 'Sprout' -l '\EFI\sprout\shimx64.efi'
 # For aarch64, run this command to add Sprout as the default boot entry.
-$ efibootmgr -d /dev/ESP_PARTITION -c -L 'Sprout' -l '\EFI\sprout\shimaa64.efi'
+$ efibootmgr -d /dev/BLOCK_DEVICE -p PARTITION_NUMBER -c -L 'Sprout' -l '\EFI\sprout\shimaa64.efi'
 ```
 Reboot your machine and it should boot into Sprout.
--- a/docs/setup/signed/fedora.md
+++ b/docs/setup/signed/fedora.md
@@ -0,0 +1,172 @@
 # Setup Sprout for Fedora with Secure Boot
 ## Prerequisites
 - Modern Fedora release: tested on Fedora 43 x86_64.
 - EFI System Partition mounted on `/boot/efi` (the default)
 - You will need the following packages installed: `openssl`, `mokutil`, `sbsigntools`, `efibootmgr`
 **NOTE**: Fedora on ARM64 itself does not support Secure Boot consistently.
 ## Step 1: Generate and Install Secure Boot Key
 ```bash
 # Create a directory to store the Secure Boot MOK key and certificates.
 $ mkdir -p /etc/sprout/secure-boot
 # Change to the created directory.
 $ cd /etc/sprout/secure-boot
 # Generate a MOK key and certificate.
 $ openssl req \
    -newkey rsa:4096 -nodes -keyout mok.key \
    -new -x509 -sha256 -days 3650 -subj '/CN=Sprout Secure Boot/' \
    -out mok.crt
 # Generate a DER encoded certificate for enrollment.
 $ openssl x509 -outform DER -in mok.crt -out mok.cer
 # Import the certificate into the Secure Boot environment.
 # This will ask you to make a password that will be used during enrollment.
 $ mokutil --import mok.cer
 # Reboot your machine.
 # During boot, MOK enrollment should appear. If it doesn't, ensure you are booting into the shim.
 # Press any key to begin MOK management. Select "Enroll MOK".
 # Select "View key 0", and ensure the subject says "CN=Sprout Secure Boot".
 # If the subject does not match, something has gone wrong with MOK enrollment.
 # Press Enter to continue, then select the "Continue" option.
 # When it asks to enroll the key, select the "Yes" option.
 # Enter the password that you created during the mokutil --import step.
 # Select "Reboot" to boot back into your Operating System.
 ```
 ## Step 2: Prepare the Secure Boot Environment
 ```bash
 # Create a directory for Sprout EFI artifacts.
 $ mkdir -p /boot/efi/EFI/sprout
 # For x86_64, copy the following artifacts to the Sprout EFI directory.
 $ cp /boot/efi/EFI/fedora/shimx64.efi /boot/efi/EFI/sprout/shimx64.efi
 $ cp /boot/efi/EFI/fedora/mmx64.efi /boot/efi/EFI/sprout/mmx64.efi
 # For aarch64, copy the following artifacts to the Sprout EFI directory.
 $ cp /boot/efi/EFI/fedora/shimaa64.efi /boot/efi/EFI/sprout/shimaa64.efi
 $ cp /boot/efi/EFI/fedora/mmaa64.efi /boot/efi/EFI/sprout/mmaa64.efi
 ```
 ## Step 3: Install Unsigned Sprout
 Download the latest sprout.efi release from the [GitHub releases page](https://github.com/edera-dev/sprout/releases).
 For x86_64 systems, download the `sprout-x86_64.efi` file, and for ARM64 systems, download the `sprout-aarch64.efi` file.
 Copy the downloaded `sprout.efi` file to `/boot/efi/EFI/sprout/sprout.unsigned.efi` on your EFI System Partition.
 ## Step 4: Sign Sprout for Secure Boot
 ```bash
 # For x86_64, sign the unsigned Sprout artifact and name it grubx64.efi which is what the shim will call.
 $ sbsign \
    --key /etc/sprout/secure-boot/mok.key \
    --cert /etc/sprout/secure-boot/mok.crt \
    --output /boot/efi/EFI/sprout/grubx64.efi \
    /boot/efi/EFI/sprout/sprout.unsigned.efi
 # For aarch64, sign the unsigned Sprout artifact and name it grubaa64.efi which is what the shim will call.
 $ sbsign \
    --key /etc/sprout/secure-boot/mok.key \
    --cert /etc/sprout/secure-boot/mok.crt \
    --output /boot/efi/EFI/sprout/grubaa64.efi \
    /boot/efi/EFI/sprout/sprout.unsigned.efi
 ```
 ## Step 5: Install and Sign EFI Drivers
 You will need a filesystem EFI driver if `/boot` is not FAT32 or ExFAT.
 ### ext4
 Most Fedora systems use an ext4 filesystem for `/boot`, if that is the case, use the ext4 instructions here:
 Install the necessary `edk2-ext4` package:
 ```bash
 # Install the ext4 driver from the package manager.
 $ dnf install edk2-ext4
 ```
 Copy the ext4 driver to `/boot/efi/EFI/sprout/ext4.unsigned.efi`:
 ```bash
 # For x86_64, copy the ext4x64.efi driver to the Sprout EFI directory.
 $ cp /usr/share/edk2/drivers/ext4x64.efi /boot/efi/EFI/sprout/ext4.unsigned.efi
 # For aarch64, copy the ext4aa64.efi driver to the Sprout EFI directory.
 $ cp /usr/share/edk2/drivers/ext4aa64.efi /boot/efi/EFI/sprout/ext4.unsigned.efi
 ```
 ```bash
 # Sign the ext4 driver at ext4.unsigned.efi, placing it at ext4.efi, which will be used in the configuration.
 $ sbsign \
    --key /etc/sprout/secure-boot/mok.key \
    --cert /etc/sprout/secure-boot/mok.crt \
    --output /boot/efi/EFI/sprout/ext4.efi \
    /boot/efi/EFI/sprout/ext4.unsigned.efi
 ```
 ### Other Filesystems
 If you need another driver, you can download EFI filesystem drivers from [EfiFs releases](https://github.com/pbatard/EfiFs/releases).
 Copy the driver to `/boot/efi/EFI/sprout/DRIVER_NAME.unsigned.efi` for signing, then sign it like this:
 ```bash
 # Sign your driver, placing it at DRIVER_NAME.efi, which will be used in the configuration.
 $ sbsign \
    --key /etc/sprout/secure-boot/mok.key \
    --cert /etc/sprout/secure-boot/mok.crt \
    --output /boot/efi/EFI/sprout/DRIVER_NAME.efi \
    /boot/efi/EFI/sprout/DRIVER_NAME.unsigned.efi
 ```
 You will add the driver in your Sprout configuration below, like this:
 ```toml
 [drivers.DRIVER_NAME]
 path = "\\EFI\\sprout\\DRIVER_NAME.efi"
 ```
 ## Step 6: Create Sprout Configuration
 Write the following to the file `/boot/efi/sprout.toml`:
 ```toml
 # sprout configuration: version 1
 version = 1
 # load an ext4 EFI driver.
 # skip this if you do not have a filesystem driver.
 # if your filesystem driver is not named ext4, change accordingly.
 [drivers.ext4]
 path = "\\EFI\\sprout\\ext4.efi"
 # global options.
 [options]
 # enable autoconfiguration by detecting bls enabled
 # filesystems and generating boot entries for them.
 autoconfigure = true
 ```
 Ensure you add the signed driver paths to the configuration, not the unsigned ones.
 If you do not have any drivers, exclude the drivers section entirely.
 ## Step 7: Configure Sprout Boot Entry
 In the following commands, replace /dev/BLOCK_DEVICE with the device that houses your GPT partition table,
 and PARTITION_NUMBER with the partition number of the EFI System Partition. For example, if your EFI System Partition is
 `/dev/sda1`, the BLOCK_DEVICE would be `/dev/sda` and the PARTITION_NUMBER would be `1`
 ```bash
 # For x86_64, run this command to add Sprout as the default boot entry.
 $ efibootmgr -d /dev/BLOCK_DEVICE -p PARTITION_NUMBER -c -L 'Sprout' -l '\EFI\sprout\shimx64.efi'
 # For aarch64, run this command to add Sprout as the default boot entry.
 $ efibootmgr -d /dev/BLOCK_DEVICE -p PARTITION_NUMBER -c -L 'Sprout' -l '\EFI\sprout\shimaa64.efi'
 ```
 Reboot your machine and it should boot into Sprout.
 If Sprout fails to boot, it should boot into the original bootloader.
--- a/docs/setup/signed/opensuse.md
+++ b/docs/setup/signed/opensuse.md
@@ -128,11 +128,13 @@ If you do not have any drivers, exclude the drivers section entirely.
 ## Step 7: Configure Sprout Boot Entry
-In the following commands, replace /dev/ESP_PARTITION with the actual path to the ESP partition block device.
+In the following commands, replace /dev/BLOCK_DEVICE with the device that houses your GPT partition table,
 and PARTITION_NUMBER with the partition number of the EFI System Partition. For example, if your EFI System Partition is
 `/dev/sda1`, the BLOCK_DEVICE would be `/dev/sda` and the PARTITION_NUMBER would be `1`
 ```bash
 # Run this command to add Sprout as the default boot entry.
-$ efibootmgr -d /dev/ESP_PARTITION -c -L 'Sprout' -l '\EFI\sprout\shim.efi'
+$ efibootmgr -d /dev/BLOCK_DEVICE -p PARTITION_NUMBER -c -L 'Sprout' -l '\EFI\sprout\shim.efi'
 ```
 Reboot your machine and it should boot into Sprout.
--- a/docs/setup/signed/ubuntu.md
+++ b/docs/setup/signed/ubuntu.md
@@ -59,7 +59,7 @@ Copy the downloaded `sprout.efi` file to `/boot/efi/EFI/sprout/sprout.unsigned.e
 ## Step 4: Sign Sprout for Secure Boot
 ```bash
-# For x86_64, sign the unsigned Sprout artifact and name it grubaa64.efi which is what the shim will call.
+# For x86_64, sign the unsigned Sprout artifact and name it grubx64.efi which is what the shim will call.
 $ sbsign \
    --key /etc/sprout/secure-boot/mok.key \
    --cert /etc/sprout/secure-boot/mok.crt \
@@ -119,8 +119,8 @@ path = "\\EFI\\sprout\\ext4.efi"
 # global options.
 [options]
-# enable autoconfiguration by detecting bls enabled
+# enable autoconfiguration by detecting installed kernels
-# filesystems and generating boot entries for them.
+# generating boot entries for them.
 autoconfigure = true
 ```
@@ -129,14 +129,18 @@ If you do not have any drivers, exclude the drivers section entirely.
 ## Step 7: Configure Sprout Boot Entry
-In the following commands, replace /dev/ESP_PARTITION with the actual path to the ESP partition block device.
+## Step 7: Configure Sprout Boot Entry
 In the following commands, replace /dev/BLOCK_DEVICE with the device that houses your GPT partition table,
 and PARTITION_NUMBER with the partition number of the EFI System Partition. For example, if your EFI System Partition is
 `/dev/sda1`, the BLOCK_DEVICE would be `/dev/sda` and the PARTITION_NUMBER would be `1`
 ```bash
 # For x86_64, run this command to add Sprout as the default boot entry.
-$ efibootmgr -d /dev/ESP_PARTITION -c -L 'Sprout' -l '\EFI\sprout\shimx64.efi'
+$ efibootmgr -d /dev/BLOCK_DEVICE -p PARTITION_NUMBER -c -L 'Sprout' -l '\EFI\sprout\shimx64.efi'
 # For aarch64, run this command to add Sprout as the default boot entry.
-$ efibootmgr -d /dev/ESP_PARTITION -c -L 'Sprout' -l '\EFI\sprout\shimaa64.efi'
+$ efibootmgr -d /dev/BLOCK_DEVICE -p PARTITION_NUMBER -c -L 'Sprout' -l '\EFI\sprout\shimaa64.efi'
 ```
 Reboot your machine and it should boot into Sprout.
--- a/hack/dev/boot.sh
+++ b/hack/dev/boot.sh
@@ -30,9 +30,9 @@ if [ "${QEMU_GDB_WAIT}" = "1" ]; then
 	set -- "${@}" "-S"
 fi
-set -- "${@}" -smp 2 -m 4096
+set -- "${@}" -nodefaults -smp 2 -m 4096
-if [ "${NO_GRAPHICAL_BOOT}" = "1" ]; then
+if [ "${NO_GRAPHICAL}" = "1" ]; then
 	set -- "${@}" -nographic
 else
 	if [ "${GRAPHICAL_ONLY}" != "1" ]; then
@@ -40,9 +40,9 @@ else
 			set -- "${@}" -serial stdio
 		else
 			set -- "${@}" \
-				-device virtio-serial-pci,id=vs0 \
+				-device 'virtio-serial-pci,id=vs0' \
-				-chardev stdio,id=stdio0 \
+				-chardev 'stdio,id=stdio0,signal=off' \
-				-device virtconsole,chardev=stdio0,id=console0
+				-device 'virtconsole,chardev=stdio0,id=console0,name=alpine'
 		fi
 	fi
@@ -62,6 +62,12 @@ if [ "${NO_INPUT}" != "1" ]; then
 		-device usb-mouse
 fi
 if [ "${NO_NETWORK}" != "1" ]; then
 	set -- "${@}" \
 		-netdev 'user,id=network0' \
 		-device 'virtio-net-pci,netdev=network0'
 fi
 rm -f "${FINAL_DIR}/ovmf-boot.fd"
 cp "${FINAL_DIR}/ovmf.fd" "${FINAL_DIR}/ovmf-boot.fd"
 if [ "${TARGET_ARCH}" = "aarch64" ]; then
@@ -70,7 +76,7 @@ fi
 # shellcheck disable=SC2086
 set -- "${@}" \
 	-drive "if=pflash,file=${FINAL_DIR}/ovmf-boot.fd,format=raw,readonly=on" \
-	-device nvme,drive=disk1,serial=cafebabe
+	-device 'nvme,drive=disk1,serial=cafebabe'
 set -- "${@}" \
 	-drive "if=none,file=${FINAL_DIR}/sprout.img,format=raw,id=disk1,readonly=on"
--- a/hack/dev/boot/Dockerfile
+++ b/hack/dev/boot/Dockerfile
@@ -1,4 +1,4 @@
-FROM --platform=$BUILDPLATFORM debian:trixie@sha256:fd8f5a1df07b5195613e4b9a0b6a947d3772a151b81975db27d47f093f60c6e6 AS build
+FROM --platform=$BUILDPLATFORM debian:trixie@sha256:0d01188e8dd0ac63bf155900fad49279131a876a1ea7fac917c62e87ccb2732d AS build
 ARG BUILDPLATFORM
 ARG EFI_NAME
 RUN export DEBIAN_FRONTEND=noninteractive && apt-get update && apt-get install -y \
--- a/hack/dev/build.sh
+++ b/hack/dev/build.sh
@@ -48,7 +48,7 @@ copy_from_image_polyfill() {
 	SOURCE="${2}"
 	TARGET="${3}"
-	docker build -t "${IMAGE}-copy-polyfill:${DOCKER_TAG}" --build-arg "TARGET_IMAGE=${IMAGE}:${DOCKER_TAG}" \
+	docker build --platform="${DOCKER_TARGET}" -t "${IMAGE}-copy-polyfill:${DOCKER_TAG}" --build-arg "TARGET_IMAGE=${IMAGE}:${DOCKER_TAG}" \
 		-f hack/dev/utils/Dockerfile.copy-polyfill hack
 	# note: the -w '//' is a workaround for Git Bash where / is magically rewritten.
 	docker run --rm -i -w '//' "${IMAGE}-copy-polyfill:${DOCKER_TAG}" cat "image/${SOURCE}" >"${TARGET}"
@@ -72,6 +72,7 @@ if [ "${SKIP_KERNEL_BUILD}" != "1" ]; then
 	fi
 	copy_from_image "${DOCKER_PREFIX}/sprout-kernel-${TARGET_ARCH}" "kernel.efi" "${FINAL_DIR}/kernel.efi"
 	copy_from_image "${DOCKER_PREFIX}/sprout-kernel-${TARGET_ARCH}" "kernel.modules.tgz" "${FINAL_DIR}/kernel.modules.tgz"
 fi
 if [ "${SKIP_VM_BUILD}" != "1" ]; then
@@ -80,8 +81,12 @@ if [ "${SKIP_VM_BUILD}" != "1" ]; then
 		-f hack/dev/vm/Dockerfile.ovmf "${FINAL_DIR}"
 	copy_from_image "${DOCKER_PREFIX}/sprout-ovmf-${TARGET_ARCH}" "ovmf.fd" "${FINAL_DIR}/ovmf.fd"
 	copy_from_image "${DOCKER_PREFIX}/sprout-ovmf-${TARGET_ARCH}" "shell.efi" "${FINAL_DIR}/shell.efi"
 	rm -rf "${FINAL_DIR}/initramfs.build"
 	mkdir -p "${FINAL_DIR}/initramfs.build"
 	cp -r "hack/dev/vm/files" "${FINAL_DIR}/initramfs.build/files"
 	cp "${FINAL_DIR}/kernel.modules.tgz" "${FINAL_DIR}/initramfs.build/kernel.modules.tgz"
 	docker build --platform="${DOCKER_TARGET}" -t "${DOCKER_PREFIX}/sprout-initramfs-${TARGET_ARCH}:${DOCKER_TAG}" \
-		-f hack/dev/vm/Dockerfile.initramfs "${FINAL_DIR}"
+		-f hack/dev/vm/Dockerfile.initramfs "${FINAL_DIR}/initramfs.build"
 	copy_from_image "${DOCKER_PREFIX}/sprout-initramfs-${TARGET_ARCH}" "initramfs" "${FINAL_DIR}/initramfs"
 	if [ -n "${SPROUT_XEN_EFI_OVERRIDE}" ]; then
@@ -108,23 +113,6 @@ if [ "${SKIP_SPROUT_BUILD}" != "1" ]; then
 	cp "hack/dev/configs/${SPROUT_CONFIG_NAME}.sprout.toml" "${FINAL_DIR}/sprout.toml"
 	cp "hack/dev/configs/xen.cfg" "${FINAL_DIR}/xen.cfg"
 	cp "hack/dev/configs/bls.conf" "${FINAL_DIR}/bls.conf"
 	mkdir -p "${FINAL_DIR}/efi/EFI/BOOT"
 	cp "${FINAL_DIR}/sprout.efi" "${FINAL_DIR}/efi/EFI/BOOT/${EFI_NAME}.EFI"
 	if [ -f "${FINAL_DIR}/kernel.efi" ]; then
 		cp "${FINAL_DIR}/kernel.efi" "${FINAL_DIR}/efi/EFI/BOOT/KERNEL.EFI"
 	fi
 	if [ -f "${FINAL_DIR}/shell.efi" ]; then
 		cp "${FINAL_DIR}/shell.efi" "${FINAL_DIR}/efi/EFI/BOOT/SHELL.EFI"
 	fi
 	if [ -f "${FINAL_DIR}/xen.efi" ]; then
 		cp "${FINAL_DIR}/xen.efi" "${FINAL_DIR}/efi/EFI/BOOT/XEN.EFI"
 	fi
 	if [ -f "${FINAL_DIR}/xen.cfg" ]; then
 		cp "${FINAL_DIR}/xen.cfg" "${FINAL_DIR}/efi/EFI/BOOT/XEN.CFG"
 	fi
 	cp "${FINAL_DIR}/sprout.toml" "${FINAL_DIR}/efi/SPROUT.TOML"
 	cp "${FINAL_DIR}/initramfs" "${FINAL_DIR}/efi/INITRAMFS"
 fi
 if [ "${SKIP_BOOT_BUILD}" != "1" ]; then
--- a/hack/dev/configs/all.sprout.toml
+++ b/hack/dev/configs/all.sprout.toml
@@ -8,7 +8,7 @@ has-item = "\\vmlinuz"
 [actions.chainload-kernel]
 chainload.path = "$boot\\vmlinuz"
-chainload.options = ["console=hvc0"]
+chainload.options = ["console=hvc0", "overlaytmpfs=yes"]
 chainload.linux-initrd = "$boot\\initramfs"
 [entries.kernel]
--- a/hack/dev/configs/kernel.sprout.toml
+++ b/hack/dev/configs/kernel.sprout.toml
@@ -9,7 +9,7 @@ has-item = "\\vmlinuz"
 [actions.chainload-kernel]
 chainload.path = "$boot\\vmlinuz"
-chainload.options = ["console=hvc0"]
+chainload.options = ["console=hvc0", "overlaytmpfs=yes"]
 chainload.linux-initrd = "$boot\\initramfs"
 [entries.kernel]
--- a/hack/dev/configs/xen.cfg
+++ b/hack/dev/configs/xen.cfg
@@ -3,5 +3,5 @@ default=sprout
 [sprout]
 options=clocksource=tsc smp=on smt=on ioapic_ack=new dom0_vcpus_pin=on spec-ctrl=gds-mit=no noreboot console=com1
-kernel=\EFI\BOOT\KERNEL.EFI console=hvc0
+kernel=\VMLINUZ console=hvc0
-ramdisk=\initramfs
+ramdisk=\INITRAMFS
--- a/hack/dev/kernel/Dockerfile
+++ b/hack/dev/kernel/Dockerfile
@@ -1,7 +1,7 @@
-ARG KERNEL_SOURCE_URL=https://cdn.kernel.org/pub/linux/kernel/v6.x/linux-6.17.2.tar.xz
+ARG KERNEL_SOURCE_URL=https://cdn.kernel.org/pub/linux/kernel/v6.x/linux-6.18.2.tar.xz
-ARG KERNEL_CHECKSUM=sha256:fdebcb065065f5c1b8dc68a6fb59cda50cdddbf9103d207c2196d55ea764f57f
+ARG KERNEL_CHECKSUM=sha256:558c6bbab749492b34f99827fe807b0039a744693c21d3a7e03b3a48edaab96a
-FROM --platform=$BUILDPLATFORM debian:trixie@sha256:fd8f5a1df07b5195613e4b9a0b6a947d3772a151b81975db27d47f093f60c6e6 AS buildenv
+FROM --platform=$BUILDPLATFORM debian:trixie@sha256:0d01188e8dd0ac63bf155900fad49279131a876a1ea7fac917c62e87ccb2732d AS buildenv
 RUN export DEBIAN_FRONTEND=noninteractive && apt-get update && apt-get install -y \
      build-essential squashfs-tools python3-yaml \
      patch diffutils sed mawk findutils zstd \
@@ -32,6 +32,9 @@ ENV BUILDPLATFORM=${BUILDPLATFORM}
 ENV TARGETPLATFORM=${TARGETPLATFORM}
 WORKDIR /build/src
 RUN /build/docker-build.sh
 COPY --chown=build:build docker-install.sh /build/docker-install.sh
 RUN /build/docker-install.sh
 FROM scratch AS final
 COPY --from=build /build/src/kernel.image /kernel.efi
 COPY --from=build /build/src/kernel.modules.tgz /kernel.modules.tgz
--- a/hack/dev/kernel/docker-build.sh
+++ b/hack/dev/kernel/docker-build.sh
@@ -28,21 +28,39 @@ else
 	exit 1
 fi
 echo "CROSS_COMPILE=${MAYBE_CROSS_COMPILE}" > kernel.buildenv
 echo "TARGET_KARCH=${TARGET_KARCH}" >> kernel.buildenv
 make CROSS_COMPILE="${MAYBE_CROSS_COMPILE}" ARCH="${TARGET_KARCH}" defconfig
 if [ "${TARGET_KARCH}" = "x86_64" ]; then
 	make CROSS_COMPILE="${MAYBE_CROSS_COMPILE}" ARCH="${TARGET_KARCH}" xen.config
 	./scripts/config -e XEN_PV
 	./scripts/config -e XEN_PV_DOM0
 fi
-make CROSS_COMPILE="${MAYBE_CROSS_COMPILE}" ARCH="${TARGET_KARCH}" mod2yesconfig
+
 ./scripts/config -e IPV6
 ./scripts/config -e BPF_SYSCALL
 ./scripts/config -e UEVENT_HELPER
 ./scripts/config --set-str UEVENT_HELPER_PATH "/sbin/hotplug"
 ./scripts/config -e SYN_COOKIES
 ./scripts/config -d DEBUG_STACK_USAGE
 ./scripts/config -e DRM_VIRTIO_GPU
 ./scripts/config -e FRAMEBUFFER_CONSOLE
 ./scripts/config -e FRAMEBUFFER_CONSOLE_DETECT_PRIMARY
 ./scripts/config -e LOGO
 ./scripts/config -e XEN_DOM0
 make CROSS_COMPILE="${MAYBE_CROSS_COMPILE}" ARCH="${TARGET_KARCH}" mod2noconfig
 make "-j$(nproc)" CROSS_COMPILE="${MAYBE_CROSS_COMPILE}" ARCH="${TARGET_KARCH}"
 [ -f "arch/x86/boot/bzImage" ] && cp "arch/x86/boot/bzImage" kernel.image
 [ -f "arch/arm64/boot/Image.gz" ] && gzip -d <"arch/arm64/boot/Image.gz" >kernel.image
 exit 0
--- a/hack/dev/kernel/docker-install.sh
+++ b/hack/dev/kernel/docker-install.sh
@@ -0,0 +1,11 @@
 #!/bin/sh
 set -e
 . /build/src/kernel.buildenv
 [ -f "arch/x86/boot/bzImage" ] && cp "arch/x86/boot/bzImage" kernel.image
 [ -f "arch/arm64/boot/Image.gz" ] && gzip -d <"arch/arm64/boot/Image.gz" >kernel.image
 make CROSS_COMPILE="${MAYBE_CROSS_COMPILE}" ARCH="${TARGET_KARCH}" INSTALL_MOD_PATH="/build/install" modules_install
 cd /build/install
 tar czpf /build/src/kernel.modules.tgz .
--- a/hack/dev/utils/Dockerfile.copy-direct
+++ b/hack/dev/utils/Dockerfile.copy-direct
@@ -1 +1 @@
-FROM --platform=$BUILDPLATFORM debian:trixie@sha256:fd8f5a1df07b5195613e4b9a0b6a947d3772a151b81975db27d47f093f60c6e6
+FROM --platform=$BUILDPLATFORM debian:trixie@sha256:0d01188e8dd0ac63bf155900fad49279131a876a1ea7fac917c62e87ccb2732d
--- a/hack/dev/utils/Dockerfile.copy-polyfill
+++ b/hack/dev/utils/Dockerfile.copy-polyfill
@@ -1,4 +1,4 @@
 ARG TARGET_IMAGE=scratch
 FROM ${TARGET_IMAGE} AS image
-FROM --platform=$BUILDPLATFORM debian:trixie@sha256:fd8f5a1df07b5195613e4b9a0b6a947d3772a151b81975db27d47f093f60c6e6 AS final
+FROM --platform=$BUILDPLATFORM debian:trixie@sha256:0d01188e8dd0ac63bf155900fad49279131a876a1ea7fac917c62e87ccb2732d AS final
 COPY --from=image / /image
--- a/hack/dev/vm/Dockerfile.initramfs
+++ b/hack/dev/vm/Dockerfile.initramfs
@@ -1,5 +1,5 @@
-FROM alpine:3.22@sha256:4bcff63911fcb4448bd4fdacec207030997caf25e9bea4045fa6c8c44de311d1 AS rootfs
+FROM alpine:3.23@sha256:865b95f46d98cf867a156fe4a135ad3fe50d2056aa3f25ed31662dff6da4eb62 AS rootfs
-RUN apk --no-cache add alpine-base tzdata
+RUN apk --no-cache add alpine-base tzdata wireless-regdb ifupdown-ng agetty
 RUN rc-update add devfs sysinit && \
    rc-update add dmesg sysinit && \
    rc-update add mdev sysinit && \
@@ -7,6 +7,7 @@ RUN rc-update add devfs sysinit && \
    rc-update add sysctl boot && \
    rc-update add hostname boot && \
    rc-update add bootmisc boot && \
    rc-update add networking boot && \
    rc-update add syslog boot && \
    rc-update add mount-ro shutdown && \
    rc-update add killprocs shutdown && \
@@ -14,11 +15,13 @@ RUN rc-update add devfs sysinit && \
    ln -s /sbin/init /init && \
    echo 'root:root' | chpasswd && \
    echo 'sprout' > /etc/hostname && \
-    echo '' > /etc/motd && \
+    rm /etc/motd && \
    ln -s /usr/share/zoneinfo/UTC /etc/localtime && \
-    echo 'hvc0::respawn:/sbin/getty -L hvc0 115200 vt100' >> /etc/inittab
+    echo 'hvc0::respawn:/sbin/agetty --autologin root -L hvc0 115200 vt100' >> /etc/inittab
 ADD kernel.modules.tgz /
 COPY files/interfaces /etc/network/interfaces
-FROM alpine:3.22@sha256:4bcff63911fcb4448bd4fdacec207030997caf25e9bea4045fa6c8c44de311d1 AS build
+FROM alpine:3.23@sha256:865b95f46d98cf867a156fe4a135ad3fe50d2056aa3f25ed31662dff6da4eb62 AS build
 COPY --from=rootfs / /rootfs
 WORKDIR /rootfs
 RUN find . | cpio -R 0:0 --ignore-devno --renumber-inodes -o -H newc --quiet > /initramfs
--- a/hack/dev/vm/Dockerfile.ovmf
+++ b/hack/dev/vm/Dockerfile.ovmf
@@ -1,4 +1,4 @@
-FROM alpine:3.22@sha256:4bcff63911fcb4448bd4fdacec207030997caf25e9bea4045fa6c8c44de311d1 AS build
+FROM alpine:3.23@sha256:865b95f46d98cf867a156fe4a135ad3fe50d2056aa3f25ed31662dff6da4eb62 AS build
 ARG TARGETPLATFORM
 RUN if [ "${TARGETPLATFORM}" = "linux/amd64" ] || [ "${TARGETPLATFORM}" = "linux/x86_64" ]; then \
      apk --no-cache add ovmf edk2-shell; cp /usr/share/ovmf/bios.bin /ovmf.fd; fi
--- a/hack/dev/vm/Dockerfile.xen
+++ b/hack/dev/vm/Dockerfile.xen
@@ -1,4 +1,4 @@
-FROM alpine:3.22@sha256:4bcff63911fcb4448bd4fdacec207030997caf25e9bea4045fa6c8c44de311d1 AS build
+FROM alpine:3.23@sha256:865b95f46d98cf867a156fe4a135ad3fe50d2056aa3f25ed31662dff6da4eb62 AS build
 ARG TARGETPLATFORM
 RUN apk add --no-cache xen-hypervisor && cp /usr/lib/efi/xen.efi /xen.efi
--- a/hack/dev/vm/files/interfaces
+++ b/hack/dev/vm/files/interfaces
@@ -0,0 +1,3 @@
 auto eth0
 iface eth0
    use dhcp
--- a/rust-toolchain.toml
+++ b/rust-toolchain.toml
@@ -1,4 +1,4 @@
 [toolchain]
-channel = "1.91.0"
+channel = "1.92.0"
 components = ["rustfmt", "clippy"]
 targets = ["x86_64-unknown-uefi", "aarch64-unknown-uefi"]
Author	SHA1	Message	Date
Alex Zenla	b60c345958	sprout: version 0.0.27 (#57 )	2025-12-23 22:51:26 -08:00
dependabot[bot]	45270d3bf3	chore(deps): bump the actions-updates group with 3 updates (#56 ) Bumps the actions-updates group with 3 updates: [step-security/harden-runner](https://github.com/step-security/harden-runner), [astral-sh/setup-uv](https://github.com/astral-sh/setup-uv) and [actions/upload-artifact](https://github.com/actions/upload-artifact). Updates `step-security/harden-runner` from 2.13.2 to 2.14.0 - [Release notes](https://github.com/step-security/harden-runner/releases) - [Commits](`95d9a5deda...20cf305ff2`) Updates `astral-sh/setup-uv` from 7.1.2 to 7.1.6 - [Release notes](https://github.com/astral-sh/setup-uv/releases) - [Commits](`85856786d1...681c641aba`) Updates `actions/upload-artifact` from 5.0.0 to 6.0.0 - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](`330a01c490...b7c566a772`) --- updated-dependencies: - dependency-name: step-security/harden-runner dependency-version: 2.14.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions-updates - dependency-name: astral-sh/setup-uv dependency-version: 7.1.6 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: actions-updates - dependency-name: actions/upload-artifact dependency-version: 6.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions-updates ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2025-12-23 18:54:25 -08:00
Alex Zenla	6a57c72869	feat(boot): introduce sort keys, which are sorted in reverse order, to make boot order more configurable (#55 )	2025-12-21 14:11:26 -08:00
Alex Zenla	d50f22a386	chore(docs): fix all rustdoc warnings (#54 )	2025-12-21 14:11:10 -08:00
Alex Zenla	a8a3774c35	chore(upgrade): upgrade dependencies, rust => 1.92.0, dev kernel => 6.18.2, alpine => v3.23 (#53 )	2025-12-20 23:00:51 -08:00
Alex Zenla	81c8217ee0	fix(boot): on boot handoff, clear the screen using clear rather than reset (#52 ) On some Dell firmware, the reset operation doesn't actually clear the screen. This change uses clear instead of reset to ensure the screen is properly cleared.	2025-12-20 22:29:44 -08:00
Alex Zenla	17e729d068	fix(eficore): unregister media loader on drop to prevent more opportunities for leaks (#50 )	2025-12-20 22:01:04 -08:00
Alex Zenla	2da457ee7c	feat(boot): clear screen before boot handoff, if --retain-boot-console is not specified on the command-line (#51 )	2025-12-20 21:45:35 -08:00
dependabot[bot]	fafabe234e	chore(deps): bump log from 0.4.28 to 0.4.29 in the cargo-updates group (#48 ) Bumps the cargo-updates group with 1 update: [log](https://github.com/rust-lang/log). Updates `log` from 0.4.28 to 0.4.29 - [Release notes](https://github.com/rust-lang/log/releases) - [Changelog](https://github.com/rust-lang/log/blob/master/CHANGELOG.md) - [Commits](https://github.com/rust-lang/log/compare/0.4.28...0.4.29) --- updated-dependencies: - dependency-name: log dependency-version: 0.4.29 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: cargo-updates ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2025-12-20 19:55:23 -08:00
dependabot[bot]	c2cafe6c20	chore(deps): bump rust in the docker-updates group (#46 ) Bumps the docker-updates group with 1 update: rust. Updates `rust` from `fbcca3e` to `8efbfb7` --- updated-dependencies: - dependency-name: rust dependency-version: 1.91.1-alpine dependency-type: direct:production update-type: version-update:semver-patch dependency-group: docker-updates ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2025-12-19 10:53:01 -08:00
dependabot[bot]	bf28558a83	chore(deps): bump actions/checkout in the actions-updates group (#49 ) Bumps the actions-updates group with 1 update: [actions/checkout](https://github.com/actions/checkout). Updates `actions/checkout` from 5.0.0 to 6.0.1 - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](`08c6903cd8...8e8c483db8`) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: 6.0.1 dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions-updates ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2025-12-18 11:39:56 -08:00
Ariadne Conill	0b75e547f7	Merge pull request #43 from edera-dev/chore/dev-alpine-clean chore(dev): make alpine boot fully clean with kernel module infra	2025-11-27 20:33:10 -08:00
Alex Zenla	5605056c82	chore(dev): make alpine boot fully clean with kernel module infra	2025-11-26 23:05:01 -08:00
Alex Zenla	d4fcba18c0	Merge pull request #39 from edera-dev/dependabot/github_actions/actions-updates-c5043b94ad chore(deps): bump step-security/harden-runner from 2.13.1 to 2.13.2 in the actions-updates group	2025-11-25 21:35:22 -08:00
a dinosaur	5dcd763db9	chore(options):use jaarg alloc-less api, removing map middleman (#41 )	2025-11-25 21:34:18 -08:00
Alex Zenla	4f8abadb3a	Merge pull request #42 from edera-dev/fix/pr-workflow-attest fix(workflows): disable artifact publish attestation for pull requests	2025-11-25 20:43:24 -08:00
Alex Zenla	57e90a4623	fix(workflows): disable artifact publish attestation for pull requests	2025-11-25 20:38:49 -08:00
dependabot[bot]	136b899844	chore(deps): bump step-security/harden-runner Bumps the actions-updates group with 1 update: [step-security/harden-runner](https://github.com/step-security/harden-runner). Updates `step-security/harden-runner` from 2.13.1 to 2.13.2 - [Release notes](https://github.com/step-security/harden-runner/releases) - [Commits](`f4a75cfd61...95d9a5deda`) --- updated-dependencies: - dependency-name: step-security/harden-runner dependency-version: 2.13.2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: actions-updates ... Signed-off-by: dependabot[bot] <support@github.com>	2025-11-24 11:01:47 +00:00
Alex Zenla	0dbd011648	Merge pull request #40 from edera-dev/chore/release-v0.0.26 chore(release): sprout: version 0.0.26	2025-11-17 10:18:11 -08:00
Alex Zenla	65c392944b	chore(release): sprout: version 0.0.26	2025-11-17 10:14:58 -08:00
Ariadne Conill	2683229bd3	Merge pull request #35 from edera-dev/chore/dev-improve-alpine chore(dev): autologin to alpine and writable rootfs	2025-11-17 10:01:17 -08:00
Alex Zenla	a7a9554875	Merge pull request #38 from edera-dev/feat/partial-match-default feat(entries): support '*' suffix as a partial match to an entry	2025-11-15 21:25:59 -08:00
Alex Zenla	5ad617c54f	feat(entries): support '*' suffix as a partial match to an entry	2025-11-15 20:36:31 -08:00
Alex Zenla	0aa7a46808	Merge pull request #27 from edera-dev/feat/jaarg feat(options): replace options parser with jaarg	2025-11-15 18:02:46 -08:00
Alex Zenla	8711c54074	feat(boot): utilize jaarg for options parsing	2025-11-15 17:31:46 -08:00
Ariadne Conill	c21c140039	Merge pull request #37 from edera-dev/fix/linux-auto-detect-aarch64-images fix(autoconfigure/linux): detect Image as a kernel, which openSUSE uses	2025-11-15 14:50:18 -08:00
Alex Zenla	c053f62b88	fix(autoconfigure/linux): detect Image as a kernel, which openSUSE uses	2025-11-15 13:41:07 -08:00
Alex Zenla	e0bd703511	chore(dev): autologin to alpine and writable rootfs	2025-11-15 13:37:50 -08:00
Alex Zenla	2a9c9f6907	Merge pull request #34 from edera-dev/chore/release-0.0.25 chore(release): sprout: version 0.0.25	2025-11-14 10:49:09 -05:00
Alex Zenla	16755acdfe	chore(release): sprout: version 0.0.25	2025-11-14 10:45:16 -05:00
Alex Zenla	ebb1f0bb44	Merge pull request #33 from edera-dev/chore/upgrade-deps chore(deps): upgrade rust to 1.91.1 and bump cargo and docker deps	2025-11-14 00:30:48 -05:00
Alex Zenla	ecba8a5e02	chore(deps): upgrade rust to 1.91.1 and bump cargo and docker deps	2025-11-14 00:24:09 -05:00
Alex Zenla	0028e3eefc	Merge pull request #32 from rkratky/typo	2025-11-12 10:15:49 -05:00
Robert Krátký	8603794c44	Fix a typo: grubaa64.efi -> grubx64.efi	2025-11-12 16:11:13 +01:00
Alex Zenla	4fae4080a2	Merge pull request #29 from edera-dev/dependabot/github_actions/actions-updates-1be5372544 chore(deps): bump the actions-updates group with 2 updates	2025-11-10 10:09:58 -05:00
dependabot[bot]	da5e0daa51	chore(deps): bump the actions-updates group with 2 updates Bumps the actions-updates group with 2 updates: [astral-sh/setup-uv](https://github.com/astral-sh/setup-uv) and [github/codeql-action](https://github.com/github/codeql-action). Updates `astral-sh/setup-uv` from 7.1.1 to 7.1.2 - [Release notes](https://github.com/astral-sh/setup-uv/releases) - [Commits](`2ddd2b9cb3...85856786d1`) Updates `github/codeql-action` from 4.31.0 to 4.31.2 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](`4e94bd11f7...0499de31b9`) --- updated-dependencies: - dependency-name: astral-sh/setup-uv dependency-version: 7.1.2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: actions-updates - dependency-name: github/codeql-action dependency-version: 4.31.2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: actions-updates ... Signed-off-by: dependabot[bot] <support@github.com>	2025-11-10 12:27:22 +00:00
Alex Zenla	0fb54a948b	chore(doc): add fedora setup guide and tweak existing guides	2025-11-06 23:51:57 -05:00
Alex Zenla	c4475ad42d	fix(boot): ensure top-level error is printed	2025-11-06 13:04:05 -05:00
Alex Zenla	5e4e86857c	sprout: version 0.0.24	2025-11-06 12:03:46 -05:00
Alex Zenla	d3cad25749	chore(deps): upgrade uefi dependencies	2025-11-06 12:03:19 -05:00
Alex Zenla	22780e6102	chore(eficore): decouple the shim support from the image load callsites	2025-11-06 11:52:00 -05:00
Alex Zenla	c52d61b07f	fix(eficore): handle possible leak when the first install protocol interface fails	2025-11-04 14:32:32 -05:00
`@@ -1 +1 @@`
	`FROM --platform=$BUILDPLATFORM debian:trixie@sha256:fd8f5a1df07b5195613e4b9a0b6a947d3772a151b81975db27d47f093f60c6e6`	`FROM --platform=$BUILDPLATFORM debian:trixie@sha256:0d01188e8dd0ac63bf155900fad49279131a876a1ea7fac917c62e87ccb2732d`