Re: barebox hooks in userspace

mail archive of the barebox mailing list
 help / color / mirror / Atom feed

From: Trent Piepho <trent.piepho@igorinstitute.com>
To: Sascha Hauer <sha@pengutronix.de>
Cc: Gerz Burak LCPF-CH <Burak.Gerz@mt.com>,
	 "barebox@lists.infradead.org" <barebox@lists.infradead.org>
Subject: Re: barebox hooks in userspace
Date: Tue, 6 Dec 2022 12:17:10 -0800	[thread overview]
Message-ID: <CAMHeXxM-x7RC0so+cLNruNFU6+MzfFXBuRbFz8QM5wzi6+mM7w@mail.gmail.com> (raw)
In-Reply-To: <20221206071823.GT29728@pengutronix.de>

On Mon, Dec 5, 2022 at 11:19 PM Sascha Hauer <sha@pengutronix.de> wrote:
>
> When do you want to execute the scripts? When you want to execute them
> during booting then I think we'll find a better way for this.

Section in FIT image containing scripts to run at boot?  That way they
are linked to updates to the kernel, which should already be linked to
rootfs if there are any modules.  FIT image already has a way to store
multiple kernels/devicetrees/etc for different hardware variants and
boot types (normal, recovery), which is probably useful.  FIT image
already has a system for hashes and signatures.  If one cares about
security, then this is very important for any scripts run by the
bootloader.  I think most U-Boot style boots with partition switching
done by changing the boot scripts stored in an unsigned environment
sector have a massive security hole here.

There's a problem that can happen when the interface between the
bootloader and the kernel/rootfs change.  E.g., the kernel command
line arguments change for a new kernel.  One needs to update the
scripts that create those arguments in Barebox.  Having RAUC update
Barebox is easy and solves that.  But what if there is a fallback to
the previous A/B partition?  Then one gets a new Barebox + new kernel
command line trying to boot an old kernel.  If one has not been
careful to make the changes to the kernel command line backward
compatible then the old kernel might not boot.

Putting the scripts in the FIT image would be a way to tie them to the
kernel rather than to the bootloader.

     prev parent reply	other threads:[~2022-12-06 20:24 UTC|newest]

Thread overview: 3+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2022-12-05 16:34 Gerz Burak LCPF-CH
2022-12-06  7:18 ` Sascha Hauer
2022-12-06 20:17   ` Trent Piepho [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=CAMHeXxM-x7RC0so+cLNruNFU6+MzfFXBuRbFz8QM5wzi6+mM7w@mail.gmail.com \
    --to=trent.piepho@igorinstitute.com \
    --cc=Burak.Gerz@mt.com \
    --cc=barebox@lists.infradead.org \
    --cc=sha@pengutronix.de \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox