[U-Boot] Integity validation (checksum) of a squashfs root file system

Pascal Levesque pascl at live.ca
Tue Feb 7 15:24:20 CET 2012


Hi M,

this is very similar to my actual solution with iminfo (see below).
In fact, the main question is: Is it generic enough to be integrated in 
u-boot development tree?
Is it better to modify sha1sum instead?
Or finally, a more generic approach is to offer a command to set an 
environment variable from memory content like:
md [.b, .w, .l] address [# of objects] [environment variable name]
So, when a variable name is specified, "md" sets env. variable with the 
memory content.

Regards,

Pascal

--- a/common/cmd_bootm.c
+++ b/common/cmd_bootm.c
@@ -1097,6 +1097,7 @@
static int image_info(ulong addr)
{
     void *hdr = (void *)addr;
+    char str[80];

     printf("\n## Checking Image at %08lx ...\n", addr);

@@ -1120,6 +1121,16 @@
             puts("   Bad Data CRC\n");
             return 1;
         }
+
+        sprintf(str, "%lx", image_get_data_size(hdr)); /* write data size 
into string */
+        setenv("image_data_size", str);
+        sprintf(str, "%lx", image_get_dcrc(hdr)); /* write data crc into 
string */
+        setenv("image_data_crc", str);
+        sprintf(str, "%lx", image_get_data(hdr)); /* write data start 
address into string */
+        setenv("image_data_addr");
+        sprintf(str, "%lx", image_get_time(hdr)); /* write image timestamp 
into string */
+        setenv("image_timestamp", str);
+
         puts("OK\n");
         return 0;
#if defined(CONFIG_FIT)

-----Original Message----- 
From: Marek Vasut
Sent: Monday, February 06, 2012 1:41 PM
To: Pascal Levesque
Cc: u-boot at lists.denx.de
Subject: Re: [U-Boot] Integity validation (checksum) of a squashfs root file 
system

> Hi M,
>
> sha1sum does provide a console output but nothing that could be used for 
> an
> automated check like crc32 -v...

Make it export an env. variable?

M

>
> Pascal
>
> -----Original Message-----
> From: Marek Vasut
> Sent: Monday, February 06, 2012 11:34 AM
> To: u-boot at lists.denx.de
> Cc: Pascal Levesque
> Subject: Re: [U-Boot] Integity validation (checksum) of a squashfs root
> file system
>
> > Hi,
> >
> > I would like to validate the integrity (checksum) of a squashfs root 
> > file
> > system before starting Linux.
> >
> > Current strategy I am using is:
> > - Wrap squashfs rootfs inside a u-boot image
> > - TFTP download on the target
> > - Download validation using iminfo
> > - Save squashfs rootfs in flash without the image header (Linux failed 
> > to
> > load squashfs rootfs if u-boot image is present)
> >
> > Problems:
> > - I need to hardcode squashfs rootfs offset in u-boot image in order to
> > be able to flash it - U-Boot image header information (size, crc, ...)
> > is lost after a reboot. It is not possible to check the integrity of the
> > flash content.
> >
> > I would like to save some fields of u-boot image header (size, crc, ...)
> > in u-boot environment variables. And then do an integrity check at boot
> > time.
> >
> > I have not find a way to extract those fields and save them without
> > changing u-boot code. I have added some code to “iminfo” command to set
> > environment variables for CRC, size, payload offset, timestamp.
> >
> > Is it an acceptable way of doing it?
> > Is there a better way of doing it?
> >
> > Thanks in advance,
> >
> > Pascal
>
> Use sha1sum integrated into uboot and stick it at the end?
>
> M 



More information about the U-Boot mailing list