31 lines
1.3 KiB
Plaintext
31 lines
1.3 KiB
Plaintext
digraph boot_chain {
|
|
rankdir=LR;
|
|
node [shape=box style=filled fillcolor="#e3f2fd"];
|
|
|
|
UEFI [label="UEFI Firmware\n(SECURE BOOT)", fillcolor="#90caf9"];
|
|
GRUB [label="grubx64.efi\n(Secure Boot-signed)", fillcolor="#64b5f6"];
|
|
DecryptBoot [label="GRUB decrypts\n/boot (LUKS2)", fillcolor="#4fc3f7"];
|
|
GRUBCFG [label="Load grub.cfg\n(from decrypted /boot)"];
|
|
Kernel [label="Load Kernel:\n/boot/vmlinuz-<ver>"];
|
|
Initrd [label="Load Initrd:\n/boot/initrd.img-<ver>"];
|
|
Initramfs [label="initramfs:\nUnlock Root (/)", fillcolor="#81d4fa"];
|
|
PivotRoot [label="pivot_root/switch_root", fillcolor="#80cbc4"];
|
|
Systemd [label="systemd (PID 1)", fillcolor="#a5d6a7"];
|
|
MountRest [label="Decrypt + Mount:\n/home, /usr, /var, etc."];
|
|
Ephemeral [label="Create ephemeral\nswap & /tmp", fillcolor="#ffe082"];
|
|
Login [label="User login"];
|
|
|
|
UEFI -> GRUB [label="Launch EFI bootloader"];
|
|
GRUB -> DecryptBoot [label="Prompt for /boot passphrase"];
|
|
DecryptBoot -> GRUBCFG [label="Parse GRUB config"];
|
|
GRUBCFG -> Kernel;
|
|
GRUBCFG -> Initrd;
|
|
Kernel -> Initramfs [label="initrd is unpacked\nand executed"];
|
|
Initramfs -> PivotRoot [label="Root unlocked\n(mount /)"];
|
|
PivotRoot -> Systemd;
|
|
Systemd -> MountRest;
|
|
Systemd -> Ephemeral;
|
|
MountRest -> Login;
|
|
Ephemeral -> Login;
|
|
}
|