07:49 <lvrp16> i have discovered a phantom in my u-boot. splash_locations get updated automatically with the boot device without me setting splashdevpart. XD, traced it for 6 hours and cannot figure out how or what is changing the .devpart field. I only have 1 location with devpart "0:auto" but it magically changes to "1:auto" depending on the boot device. if I set devpart to "0:abcd", then the phantom disappears. some crazy stuff.

07:51 <lvrp16> I'm starting to wonder if it's LTO doing it

12:33 <sfo[m]> Is it possible to store the bootdev detected by bootflow scan -b in the u-boot env, so that it can be referenced from extlinux.conf later?

18:30 <CounterPillow> What are my network boot options in u-boot if PXE's lack of authentication is too insecure for me? Do I have to hand-roll something myself that downloads kernel + initrd from a thing and checks a signature?

18:34 <Sout_> tftp boot + imi on the fit image + kernel and initrid should do that?

18:36 <CounterPillow> What's imi in this context?

18:38 <Sout_> let me triple check, but i thought it was to verify the .fit images

18:40 <CounterPillow> If it's something where I can throw a cryptographic key into u-boot's configuration and then check whatever I got over TFTP has a valid signature then that would be perfect

18:41 <Sout_> er imi is just crc checks. But yeah from my understanding that is exactly what signatures in fit images do.

18:41 <Sout_> https://github.com/ARM-software/u-boot/blob/master/doc/uImage.FIT/signature.txt

18:42 <CounterPillow> thanks, I'll have a read of that

18:46 <CounterPillow> Hmmm, this assumes that the user *only* wants to boot signed images regardless of where they're from, which is fine for most instances but I basically want to boot whatever locally but only boot signed stuff over the network

18:48 <CounterPillow> I think I'll already need a custom bootflow, maybe I can somehow hack this in there

18:51 <CounterPillow> Also this only seems to sign the kernel image, not initrd :(

18:53 <Sout_> well it sign's the fit image which can be any set of images.

18:57 <Sout_> https://github.com/ARM-software/u-boot/blob/master/doc/uImage.FIT/multi.its shows how to use ramdisks.

19:02 <CounterPillow> ah, thanks

19:11 <Sout_> yeah that is what i do. + throw in a dm-verity in your initramfs. if you want to make sure any other file system is correct.