Re: Standard Boot integration - script validation before execution

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Rasmus Villemoes <ravi@prevas.dk>
To: Patryk <pbiel7@gmail.com>
Cc: Simon Glass <sjg@chromium.org>,  u-boot@lists.denx.de
Subject: Re: Standard Boot integration - script validation before execution
Date: Tue, 06 Jan 2026 09:40:28 +0100	[thread overview]
Message-ID: <87ldibrv5v.fsf@prevas.dk> (raw)
In-Reply-To: <CA+DkFDZxC=i-wQqY6OV2rLO5CPFeXLWCKUYRNcDJz_AMt8eZVw@mail.gmail.com> (Patryk's message of "Mon, 5 Jan 2026 10:46:41 +0100")

On Mon, Jan 05 2026, Patryk <pbiel7@gmail.com> wrote:

> Regarding my question: the more I think about it, the more I am
> inclined to implement my own boot method, although I am still not
> entirely convinced this is the right approach. If I were to rely on a
> boot script, I would most likely need to introduce bootscript-a and
> bootscript-b, along with a mechanism to select the appropriate one.

FWIW, what we do is to embed the bootscript in the u-boot binary
(actually, in the control dtb via the -u-boot.dtsi mechanism). That way,
the script is automatically verified as part of whatever mechanism
verifies U-Boot, and it gets updated in tandem with U-Boot, so no need
for having it lying around somewhere separately and having to pick the
right one and verify it. Running that script is then exactly as
trustworthy as running the U-Boot C code.

Rasmus

     prev parent reply	other threads:[~2026-01-06  8:40 UTC|newest]

Thread overview: 7+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2025-12-16 14:13 Standard Boot integration - script validation before execution Patryk
2025-12-16 14:31 ` Tom Rini
2025-12-16 14:59 ` Alexander Dahl
2025-12-31 14:46   ` Patryk
2025-12-31 15:08     ` Simon Glass
2026-01-05  9:46       ` Patryk
2026-01-06  8:40         ` Rasmus Villemoes [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=87ldibrv5v.fsf@prevas.dk \
    --to=ravi@prevas.dk \
    --cc=pbiel7@gmail.com \
    --cc=sjg@chromium.org \
    --cc=u-boot@lists.denx.de \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.