Consider adding a troubleshooting mode
stboot currently has two modes: normal (loading the ospkg specified in the host config) and provisioning (loading an ospkg from initramfs).
How about adding a third mode for troubleshooting, loading an alternative ospkg from an URL based on what's specified in the host config but altered in some predictable way?
The motivation for this is that many hosting providers ask for a root shell on the systems they're hosting, for troubleshooting issues with the machine, network or other things. With a way of interrupting normal boot and enter troubleshooting mode, the hosting provider could be given access to a generic troubleshooting system.
The security implications of making it possible to interrupt normal boot and get access to the system through an alternative OS must be taken into account. This feature should be disabled by default and possibly require configuration in the trust policy. The modification of the ordinary ospkg URL could be based on something like a machine id, making it easier for the operator to allow and disallow troubleshooting mode per machine.