Precursorupdater checks signature version and kernel length, but not signature?

[asharp]

Hi,

Sorry if i'm missing something here and thanks for the pretty damn awesome project. It looks like the updater is pulling from the jenkins build bot (via https), checking the signature version and kernel size (but not the signature itself) and then flashing the precursor with whatever it was given.

There is encrypt_to_efuse, but that looks like it's encrypting the bitstream it was given, not checking it.

There is secboot.rs in loader, which seems to do a signature check, but if the loader itself is being reflashed from an untrusted source that doesn't seem helpful.

There is the source repo to build from source, but aside from the github gpg key (B5690EEEBB952194) i don't see signed tags from committers, so I'm not sure how i'd verify the repository. And then the updater doesn't seem to have an option to flash from the local repository. That seems to be in betrusted-scripts, but that's via JTAG not usb.

This doesn't make much sense. Is this expected? Is this a bug? Is this part still a work in progress?

Thanks