Standard Boot integration - script validation before execution

Alexander Dahl ada at thorsis.com
Tue Dec 16 15:59:31 CET 2025 

Hello Patryk,

disclaimer: migrating from distro boot to standard boot for our boards
is on my todo list, but I have not looked into standard boot, yet.

Am Tue, Dec 16, 2025 at 03:13:59PM +0100 schrieb Patryk:
> Hi
> I would like to integrate Standard Boot on our custom board based on
> NXP LS1028a, as it currently uses a so-called distro boot.
> Normally I would just follow the instructions in the doc about
> converting from distro boot to standard boot, but things are in fact a
> bit more complicated. My board supports dual rootfs following the A/B
> update scheme, so I need a place where I can check the boot state,
> boot counter and so on, so as to set the final rootfs partition to
> pass to the kernel. That's actually not a problem - I can just use the
> bootmeth script and put all the logic there. The problem is that on a
> production system, the devics will be protected by the Secure Boot
> procedure, so the script to be executed should also be verified before
> the execution. 

Reminds me on the problems I faced when trying to implement Secure
Boot with A/B rootfs.  IIRC there were two things I ended up doing:

1. putting the boot script in a separate volume outside of rootfs and
the A/B scheme.

2. use signed FIT image for the boot script instead of the old
fashioned U-Boot script, enable CONFIG_FIT_SIGNATURE, and disable (!)
CONFIG_LEGACY_IMAGE_FORMAT.

Not sure how this plays together with standard boot, but once you
instruct U-Boot to only accept signed FIT images, that also applies
for scripts put into a FIT image.

Greets
Alex

> In the current solution (distro boot), the boot
> command, first loads the script, then calls esbc_validate over the
> script header and if the validation passes it sources the script so
> the OS can be loaded. In current bootmeth_script there is no place (or
> I'm not aware of) that would allow me to do vendor-specific validation
> over the script. What would you advise in this case? Is there any way
> to "inject" some plugins into the existing boot methods, like  e.g. a
> plugin that would be overriding or adding some functionalities to
> existing bootmeth_script? I can of course patch the existing
> bootmeth_script with a command that would perform the validation but
> this would no longer be a generic boot method. Or perhaps should I
> create my own boot method?
> 
> I would be grateful for any suggestion
> Best regards
> Patryk

More information about the U-Boot mailing list