Signature files missing for most netboot images
Most Alpine netboot images cannot be verified by alpine-ipxe because the corresponding .sig files (e.g., vmlinuz-vanilla.sig) are missing for most versions.
There are signatures available for some versions (see https://boot.alpinelinux.org/sig/), so the code signing verification in https://boot.alpinelinux.org/boot.ipxe may or may not work, depending on what version you try.
I understand that it's sometimes recommended to re-sign these images ourselves, and to use a custom-compiled version of iPXE with the corresponding root certificate, however this may not always be feasible or desired.
As a first step, I suggest to automatically include these .sig files upon releasing a version and deploy them to all mirror servers (e.g., http://dl-cdn.alpinelinux.org/) and the netboot tarballs on the website. This may also allow other uses of verification, outside the iPXE use case.