[U-Boot] UBI/UBIFS complete integrity check
Ladislav Michl
ladis at linux-mips.org
Sun Nov 5 08:37:41 UTC 2017
On Tue, Oct 31, 2017 at 11:01:21AM -0400, Liam Beguin wrote:
> Hi everyone,
>
> I'm currently using a UBIFS root file system (stored on SPI-NOR flash)
> and would like to perform a full integrity check before booting it.
> The rootfs is read-only and until now, I've been computing an md5sum on
> the whole mtd device from an initramfs and comparing it to a stored
> md5sum. If both md5sums don't match, I need to stop the boot process
> completely.
Above doesn't sound right even in theory as UBI layer is free to correct
bit-flips (unlikely on SPI-NOR) and shuffle eraseblocks around even
if read only filesystem is sitting on top of it. See this faq:
http://www.linux-mtd.infradead.org/doc/ubi.html#L_ubiblock
So, if you are computing md5sum of underlaying mtd device you might get
different checksum even for the same UBI content.
> If possible, I was hoping to drop initramfs and do the integrity check
> from U-Boot. I know UBI/UBIFS does a CRC-32 of the data it writes to
> flash but the intent here is to prevent booting an image where
> even a _single bit_ of flash may have been corrupted.
>
> My question is, does UBI/UBIFS have this kind of complete integrity
> check built-in? If not, can I take advantage of these CRC-32, to do
> something equivalent to my md5sum check from U-Boot.
> Thanks,
There is md5sum command, question is whenever you UBI volume fits
into RAM to do calculation at once.
> Liam Beguin
> Xiphos Systems Corp.
> http://xiphos.com
> _______________________________________________
> U-Boot mailing list
> U-Boot at lists.denx.de
> https://lists.denx.de/listinfo/u-boot
More information about the U-Boot
mailing list