I have recently been working on a better and more robust netboot setup. One change is that booting via netboot needs to be secure, i.e. all files need to be verified.
One crucial step in this setup is that the squashfs image is verified before the archiso initramfs tries to mount it. This patchset adds a new verify=y option that forces archiso to verify the signature of the squashfs image. In order to build an image with squashfs signatures: 1) Make sure gpg-agent is running for your user before starting the build process. 2) Run su -c "GNUPGHOME=/home/youruser/.gnupg /path/to/build.sh -g yourkeyid"
