SHIPPING NOW
v0.9.0 — April 2026 — Native /boot + Pop!_OS + Trust Chain
Path G landed. The shim 15.8 ShimLock-uninstall gap that previously blocked stock distro /boot-on-ext4 under Secure Boot is closed structurally — not via a workaround.
- ✓Native ext4 read backend (SDS-2) — replaces legacy
ext4_x64.efi; on top of theext4-viewRust crate (read-only by design) - ✓Native PE loader (SDS-3) — own image verification + load, no firmware
LoadImagechainload required - ✓Native trust chain (SDS-4) — covers what shim/firmware can’t see
- ✓BLS multi-FS discovery (SDS-5) — scan BLS Type 1 entries on every mounted volume
- ✓Pop!_OS / systemd-boot-discoverable-EFI auto-discovery — first non-systemd-boot bootloader to pick up Pop!_OS kernels (and Garuda + any custom
<distro>-<uuid>layout) - ✓Append-mode trust log with per-image SHA-256
- ✓EFI Fallback chainload self-loop guard — safe to write LamBoot to the firmware-fallback path repeatedly
- ✓Legacy UEFI FS driver deprecation track started (SDS-6)
- ✓Coordinated
lamboot-toolsv0.3.0 —esp-deploy.shcanonical lib, offlinelamboot-esp deploy, fallback-foreign detection, BootOrder reorder - ✓Test coverage: 137 host tests + 219 bats + verify-claims 84/0/1
NEAR-TERM
v0.9.x — bugfix + polish cadence (~monthly through v1.0)
Items deferred from v0.9.0 plus polish on the trust chain. Each lands in a point release as it’s ready.
- •Fedora SB+MOK Config 3 explicit validation —
virt-fw-vars --add-mokfor headless cert pre-enrollment. - •openSUSE btrfs UKI fixture + test — provision new VM, Tumbleweed default install.
- •Bare metal + ext4 — real hardware acquisition; validate firmware quirks vs OVMF.
- •Policy knob-flip live tests —
[loader].native_pe = "never",[drivers].legacy_uefi_drivers = "always". - •Recovery-screen interactive key tests — F2 / F12 / Power-off via QEMU sendkey.
- •
vmgenidsnapshot-restore live test. - •SDS-2 sha256 polish —
volume_mountedcontent hashing. - •Per-event crypto signing on the trust log — the polish track on top of v0.9.0 append-mode.
v1.0
v1.0 — Trust-baseline expansion + native FS coverage parity
With Path G landed, v1.0’s anchor shifts to broadening the trust baseline and native filesystem coverage parity with what the legacy UEFI drivers used to cover.
- •Path D — Microsoft shim-review submission. First Rust bootloader through
rhboot/shim-review. Removes per-system MOK enrollment; broadens trust baseline to Microsoft-signed level. Estimated 3–4 months calendar (mostly review/coordination, not coding). The single biggest adoption-friction reducer for fleet deployment. - •Native btrfs read backend. Replaces legacy
btrfs_x64.efi; same SDS-2 four-PR cadence. Test fixtures: openSUSE Tumbleweed + Fedora 43 (btrfs root by default). - •Native xfs read backend. Lower priority than btrfs. Test fixtures: CentOS Stream / RHEL workstation.
- •SDS-6 §2.4 — drop legacy
ext4_x64.efifrom dist tarball. - •Honest claim: LamBoot’s code literally cannot modify your
/boot— backed by the read-only Rust crate.
v1.1+
Community-driven expansion
- •On-screen Trust Evidence Panel — in-menu display of live decisions.
- •Policy-file signing (
policy.toml.sig+policy.toml.cert). - •Btrfs-snapshot-aware discovery — openSUSE / Fedora-on-Btrfs snapshot menus.
- •Trust-baseline timeline factor: Microsoft UEFI CA 2011 expires June 2026 — influences when Path D is most valuable to broader fleets.
RESEARCH · v2.x
Longer-horizon
- •Post-quantum signing (dual RSA + Dilithium) — research posture, not a committed timeline.
- •Network boot (UEFI TCP/HTTP stack, signed artefacts).
- •VM lifecycle integration with the broader Lamco RDP / Proxmox VE stack.
NOT ON THE ROADMAP · FIRM
Deliberately not building
- —BIOS legacy mode. UEFI only.
- —Built-in rescue shell. Menu only — diagnostic modules are chainloaded EFI applications.
- —GRUB-style config scripting language. Policy is TOML; boot entries are BLS.