Standard Boot integration - script validation before execution
Rasmus Villemoes
ravi at prevas.dk
Tue Jan 6 09:40:28 CET 2026
On Mon, Jan 05 2026, Patryk <pbiel7 at gmail.com> wrote:
> Regarding my question: the more I think about it, the more I am
> inclined to implement my own boot method, although I am still not
> entirely convinced this is the right approach. If I were to rely on a
> boot script, I would most likely need to introduce bootscript-a and
> bootscript-b, along with a mechanism to select the appropriate one.
FWIW, what we do is to embed the bootscript in the u-boot binary
(actually, in the control dtb via the -u-boot.dtsi mechanism). That way,
the script is automatically verified as part of whatever mechanism
verifies U-Boot, and it gets updated in tandem with U-Boot, so no need
for having it lying around somewhere separately and having to pick the
right one and verify it. Running that script is then exactly as
trustworthy as running the U-Boot C code.
Rasmus
More information about the U-Boot
mailing list