Hello Patryk, disclaimer: migrating from distro boot to standard boot for our boards is on my todo list, but I have not looked into standard boot, yet.
Am Tue, Dec 16, 2025 at 03:13:59PM +0100 schrieb Patryk: > Hi > I would like to integrate Standard Boot on our custom board based on > NXP LS1028a, as it currently uses a so-called distro boot. > Normally I would just follow the instructions in the doc about > converting from distro boot to standard boot, but things are in fact a > bit more complicated. My board supports dual rootfs following the A/B > update scheme, so I need a place where I can check the boot state, > boot counter and so on, so as to set the final rootfs partition to > pass to the kernel. That's actually not a problem - I can just use the > bootmeth script and put all the logic there. The problem is that on a > production system, the devics will be protected by the Secure Boot > procedure, so the script to be executed should also be verified before > the execution. Reminds me on the problems I faced when trying to implement Secure Boot with A/B rootfs. IIRC there were two things I ended up doing: 1. putting the boot script in a separate volume outside of rootfs and the A/B scheme. 2. use signed FIT image for the boot script instead of the old fashioned U-Boot script, enable CONFIG_FIT_SIGNATURE, and disable (!) CONFIG_LEGACY_IMAGE_FORMAT. Not sure how this plays together with standard boot, but once you instruct U-Boot to only accept signed FIT images, that also applies for scripts put into a FIT image. Greets Alex > In the current solution (distro boot), the boot > command, first loads the script, then calls esbc_validate over the > script header and if the validation passes it sources the script so > the OS can be loaded. In current bootmeth_script there is no place (or > I'm not aware of) that would allow me to do vendor-specific validation > over the script. What would you advise in this case? Is there any way > to "inject" some plugins into the existing boot methods, like e.g. a > plugin that would be overriding or adding some functionalities to > existing bootmeth_script? I can of course patch the existing > bootmeth_script with a command that would perform the validation but > this would no longer be a generic boot method. Or perhaps should I > create my own boot method? > > I would be grateful for any suggestion > Best regards > Patryk
