Set up System Transparency includes the following steps:
Generate signing keys and for all involved system administrators along with a corresponding root certificate.
Prepare the firmware for the provisioning server. Depending on the scenario this comes in different flavors.
Create a configuration file for the hosts.
Build a reproducible Operating system with every user space program needed to be packed into the kernel and initramfs respectively.
Build the stconfig tool.
Include this initramfs into the host firmware.
stconfig to crate a stboot.ball from the operating system files.
stboot.ball to the provisioning server.
Deploy the firmware to the host or test it with QEMU.
You can discover this workflow with example data with the tooling repository. Refer to the documentation there for further information.
Every of the above step will be performed interactively: