Hi Lukasz,
Thanks for taking the time to answer.
On 11/04/2017 05:17 PM, Lukasz Majewski wrote:
Hi Liam,
Hi everyone,
I'm currently using a UBIFS root file system (stored on SPI-NOR flash)
and would like to perform a full integrity check before booting it.
The rootfs is read-only and until now, I've been computing an md5sum
on the whole mtd device from an initramfs and comparing it to a stored
md5sum. If both md5sums don't match, I need to stop the boot process
completely.
If possible, I was hoping to drop initramfs and do the integrity check
from U-Boot.
U-boot has support for crc32 and sha1 (256). It should be possible to
do the integrity checking in it.
If you have more SDRAM than SPI-NOR, then you can calculate sha1/crc32
of the whole memory.
I know UBI/UBIFS does a CRC-32 of the data it writes to
flash but the intent here is to prevent booting an image where
even a _single bit_ of flash may have been corrupted.
Ok. I see.
My question is, does UBI/UBIFS have this kind of complete integrity
check built-in?
As fair as I'm aware - not. The only recent improvement was the
"encryption/decryption" support
I don't think I have enough time right now but would this integrity check
be an interesting feature to add?
If not, can I take advantage of these CRC-32,
It may be hard to access UBI metadata (from PEB/LEB).
to do
something equivalent to my md5sum check from U-Boot.
It may be possible to read the whole SPI-NOR Memory content to RAM,
calculate crc32/sha1 and compare with some stored value (e.g. in u-boot
envs). This all should be done with u-boot prompt.
This was my backup plan. I should have enough RAM to do it.
Thanks,
Liam Beguin
Xiphos Systems Corp.
http://xiphos.com
_______________________________________________
U-Boot mailing list
U-Boot@lists.denx.de
https://lists.denx.de/listinfo/u-boot
Best regards,
Lukasz Majewski
--
DENX Software Engineering GmbH, Managing Director: Wolfgang Denk
HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany
Phone: (+49)-8142-66989-10 Fax: (+49)-8142-66989-80 Email: w...@denx.de
Thanks,
Liam Beguin
Xiphos Systems Corp.
http://xiphos.com
_______________________________________________
U-Boot mailing list
U-Boot@lists.denx.de
https://lists.denx.de/listinfo/u-boot
