Hi Liam,
Hi everyone,
I'm currently using a UBIFS root file system (stored on SPI-NOR flash) and would like to perform a full integrity check before booting it. The rootfs is read-only and until now, I've been computing an md5sum on the whole mtd device from an initramfs and comparing it to a stored md5sum. If both md5sums don't match, I need to stop the boot process completely.
If possible, I was hoping to drop initramfs and do the integrity check from U-Boot.
U-boot has support for crc32 and sha1 (256). It should be possible to do the integrity checking in it.
If you have more SDRAM than SPI-NOR, then you can calculate sha1/crc32 of the whole memory.
I know UBI/UBIFS does a CRC-32 of the data it writes to flash but the intent here is to prevent booting an image where even a _single bit_ of flash may have been corrupted.
Ok. I see.
My question is, does UBI/UBIFS have this kind of complete integrity check built-in?
As fair as I'm aware - not. The only recent improvement was the "encryption/decryption" support.
If not, can I take advantage of these CRC-32,
It may be hard to access UBI metadata (from PEB/LEB).
to do something equivalent to my md5sum check from U-Boot.
It may be possible to read the whole SPI-NOR Memory content to RAM, calculate crc32/sha1 and compare with some stored value (e.g. in u-boot envs). This all should be done with u-boot prompt.
Thanks,
Liam Beguin Xiphos Systems Corp. http://xiphos.com _______________________________________________ U-Boot mailing list U-Boot@lists.denx.de https://lists.denx.de/listinfo/u-boot
Best regards,
Lukasz Majewski
--
DENX Software Engineering GmbH, Managing Director: Wolfgang Denk HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany Phone: (+49)-8142-66989-10 Fax: (+49)-8142-66989-80 Email: wd@denx.de