Linux File System Hierarchy # Description # This page describes the layout of a modern Linux system. This hierarchy is an evolution of the historical UNIX layout, and includes concepts described in the File System Hierarchy specification and hier(7) man page, and various extensions documented in the XDG Base Directory Specification and XDG User Directories. In some areas this document is stricter than those older documents. In particular it makes additional restrictions and recommendations to...| uapi-group.org
File Hierarchy for the Verification of OS Artifacts (VOA) # Motivation # Cryptographic validation of artifacts with the help of digital signatures is a use-case of most Linux distributions. Different cryptographic technologies exist and can be used for this purpose. Currently, OpenPGP and X.509 are widely adopted. As of this writing, no technology-agnostic, standardized location for the distribution of cryptograpic material that serves as verifier for digital signatures exists. This leaves co...| uapi-group.org
The Boot Loader Specification # This document defines a set of file formats and naming conventions that allow the boot loader menu entries to be shared between multiple operating systems and boot loaders installed on one device. Operating systems cooperatively manage boot loader menu entry directories that contain drop-in files, making multi-boot scenarios easy to support. Boot menu entries are defined via two simple formats that can be understood by different boot loader implementations, ope...| uapi-group.org
Configuration Files Specification # Introduction # Various specifications attempt to define configuration files and file formats. This specification establishes where these files should be looked for, in which order, and how precedence, masking, extensions and overrides work. The purpose of the rules defined here is to allow OS vendors to implement the hermetic-usr pattern, where all vendor files are shipped in the vendor tree itself (/usr/), including configuration files with system defaults...| uapi-group.org
Discoverable Disk Image (DDI) # DDIs (Discoverable Disk Images) are self-describing file system images that follow the DPS ( Discoverable Partitions Specification), wrapped in a GPT partition table, that may contain root (or /usr/) filesystems for bootable OS images, system extensions, configuration extensions, portable services, containers and more, and shall be protected by signed dm-verity all combined into one. They are designed to be composable and stackable, and provide security by defa...| uapi-group.org
The Discoverable Partitions Specification (DPS) # TL;DR: Let’s automatically discover, mount and enable the root partition, /home/, /srv/, /var/ and /var/tmp/ and the swap partitions based on GUID Partition Tables (GPT)! This specification describes the use of GUID Partition Table (GPT) UUIDs to enable automatic discovery of partitions and their intended mountpoints. Traditionally Linux has made little use of partition types, mostly just defining one UUID for file system/data partitions and...| uapi-group.org
Extension Images # Extension Images are DDIs ( Discoverable Disk Images) that are built to extend a base system via an overlay. A base system or a root DDI can be extended by several extension DDIs via, usually, a read-only OverlayFS. The defining characteristic of an Extension Image is that it contains an extension-release. file that identifies itself and the base system or root DDI it applies to, and must not contain an os-release file.| uapi-group.org
Unified Kernel Image (UKI) # A Unified Kernel Image (UKI) is a combination of an UEFI boot stub program, a Linux kernel image, an initrd, and further resources in a single UEFI PE file. This file can either be directly invoked by the UEFI firmware (which is useful in particular in some cloud/Confidential Computing environments) or through a boot loader (which is generally useful to allow multiple kernel versions with interactive or automatic selection of version to boot into).| uapi-group.org
Version Format Specification # This specification defines the format of version strings and their ordering. Various documents that are part of the uapi-group specification suite, as well as other projects like systemd, rely on this specification to have a sort order for strings that include version components, and use it for various purposes, such as choosing the default boot entry in the Boot Loader Specification. Version Format # The version string is a sequence of zero or more characters.| uapi-group.org
🔏 Linux TPM PCR Registry 🗒️ # TPM PCRs are a scarce resource, there are only 24 of them in typical standards compliant TPMs. According to the TCG PC Client Specific Platform Firmware Profile Specification | Trusted Computing Group the OS can make use of PCRs 8…15. This document lists which component is using which PCR on a Linux platform in order to minimize conflicts. PCRs owned by the firmware, i.| uapi-group.org