Hi,
Thanks for taking the time to answer.
On 11/05/2017 03:37 AM, Ladislav Michl wrote:
On Tue, Oct 31, 2017 at 11:01:21AM -0400, Liam Beguin wrote:
Hi everyone,
I'm currently using a UBIFS root file system (stored on SPI-NOR flash)
and would like to perform a full integrity check before booting it.
The rootfs is read-only and until now, I've been computing an md5sum on
the whole mtd device from an initramfs and comparing it to a stored
md5sum. If both md5sums don't match, I need to stop the boot process
completely.
Above doesn't sound right even in theory as UBI layer is free to correct
bit-flips (unlikely on SPI-NOR) and shuffle eraseblocks around even
if read only filesystem is sitting on top of it. See this faq:
http://www.linux-mtd.infradead.org/doc/ubi.html#L_ubiblock>
So, if you are computing md5sum of underlaying mtd device you might get
different checksum even for the same UBI content.
I forgot to mention that the flash I use has a hardware lock which is enabled
after the filesystem is first written (the flash is locked during boot).
I'm quite confident this works as I've been using the md5sum mechanism for
some time now.
As the UBI layer is able to detect/fix bit-flips, what happens if a bit-flip is
detected and UBI cannot write to flash? does it fail to attach?
If possible, I was hoping to drop initramfs and do the integrity check
from U-Boot. I know UBI/UBIFS does a CRC-32 of the data it writes to
flash but the intent here is to prevent booting an image where
even a _single bit_ of flash may have been corrupted.
My question is, does UBI/UBIFS have this kind of complete integrity
check built-in? If not, can I take advantage of these CRC-32, to do
something equivalent to my md5sum check from U-Boot.
Thanks,
There is md5sum command, question is whenever you UBI volume fits
into RAM to do calculation at once.
Liam Beguin
Xiphos Systems Corp.
http://xiphos.com
_______________________________________________
U-Boot mailing list
[email protected]
https://lists.denx.de/listinfo/u-boot
Thanks,
Liam Beguin
Xiphos Systems Corp.
http://xiphos.com
_______________________________________________
U-Boot mailing list
[email protected]
https://lists.denx.de/listinfo/u-boot
