On Tue, Oct 31, 2017 at 11:01:21AM -0400, Liam Beguin wrote:
Hi everyone,
I'm currently using a UBIFS root file system (stored on SPI-NOR flash) and would like to perform a full integrity check before booting it. The rootfs is read-only and until now, I've been computing an md5sum on the whole mtd device from an initramfs and comparing it to a stored md5sum. If both md5sums don't match, I need to stop the boot process completely.
Above doesn't sound right even in theory as UBI layer is free to correct bit-flips (unlikely on SPI-NOR) and shuffle eraseblocks around even if read only filesystem is sitting on top of it. See this faq: http://www.linux-mtd.infradead.org/doc/ubi.html#L_ubiblock
So, if you are computing md5sum of underlaying mtd device you might get different checksum even for the same UBI content.
If possible, I was hoping to drop initramfs and do the integrity check from U-Boot. I know UBI/UBIFS does a CRC-32 of the data it writes to flash but the intent here is to prevent booting an image where even a _single bit_ of flash may have been corrupted.
My question is, does UBI/UBIFS have this kind of complete integrity check built-in? If not, can I take advantage of these CRC-32, to do something equivalent to my md5sum check from U-Boot. Thanks,
There is md5sum command, question is whenever you UBI volume fits into RAM to do calculation at once.
Liam Beguin Xiphos Systems Corp. http://xiphos.com _______________________________________________ U-Boot mailing list U-Boot@lists.denx.de https://lists.denx.de/listinfo/u-boot