Hi Liam,
Hi Lukasz,
Thanks for taking the time to answer.
On 11/04/2017 05:17 PM, Lukasz Majewski wrote:
Hi Liam,
Hi everyone,
I'm currently using a UBIFS root file system (stored on SPI-NOR flash) and would like to perform a full integrity check before booting it. The rootfs is read-only and until now, I've been computing an md5sum on the whole mtd device from an initramfs and comparing it to a stored md5sum. If both md5sums don't match, I need to stop the boot process completely.
If possible, I was hoping to drop initramfs and do the integrity check from U-Boot.
U-boot has support for crc32 and sha1 (256). It should be possible to do the integrity checking in it.
If you have more SDRAM than SPI-NOR, then you can calculate sha1/crc32 of the whole memory.
I know UBI/UBIFS does a CRC-32 of the data it writes to flash but the intent here is to prevent booting an image where even a _single bit_ of flash may have been corrupted.
Ok. I see.
My question is, does UBI/UBIFS have this kind of complete integrity check built-in?
As fair as I'm aware - not. The only recent improvement was the "encryption/decryption" support
I don't think I have enough time right now but would this integrity check be an interesting feature to add?
It depends how "secure" your project needs to be...
It is just one of the options to consider.
If not, can I take advantage of these CRC-32,
It may be hard to access UBI metadata (from PEB/LEB).
to do something equivalent to my md5sum check from U-Boot.
It may be possible to read the whole SPI-NOR Memory content to RAM, calculate crc32/sha1 and compare with some stored value (e.g. in u-boot envs). This all should be done with u-boot prompt.
This was my backup plan. I should have enough RAM to do it.
Ok. Good.
Thanks,
Liam Beguin Xiphos Systems Corp. http://xiphos.com _______________________________________________ U-Boot mailing list U-Boot@lists.denx.de https://lists.denx.de/listinfo/u-boot
Best regards,
Lukasz Majewski
--
DENX Software Engineering GmbH, Managing Director: Wolfgang Denk HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany Phone: (+49)-8142-66989-10 Fax: (+49)-8142-66989-80 Email: wd@denx.de
Thanks,
Liam Beguin Xiphos Systems Corp. http://xiphos.com
Best regards,
Lukasz Majewski
--
DENX Software Engineering GmbH, Managing Director: Wolfgang Denk HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany Phone: (+49)-8142-66989-10 Fax: (+49)-8142-66989-80 Email: wd@denx.de