On Mon, Jan 05 2026, Patryk <[email protected]> wrote: > Regarding my question: the more I think about it, the more I am > inclined to implement my own boot method, although I am still not > entirely convinced this is the right approach. If I were to rely on a > boot script, I would most likely need to introduce bootscript-a and > bootscript-b, along with a mechanism to select the appropriate one.
FWIW, what we do is to embed the bootscript in the u-boot binary (actually, in the control dtb via the -u-boot.dtsi mechanism). That way, the script is automatically verified as part of whatever mechanism verifies U-Boot, and it gets updated in tandem with U-Boot, so no need for having it lying around somewhere separately and having to pick the right one and verify it. Running that script is then exactly as trustworthy as running the U-Boot C code. Rasmus
