Message ID | 1478884419-22717-1-git-send-email-matthew.weber@rockwellcollins.com |
---|---|
State | Rejected |
Headers | show |
Hello, On Fri, 11 Nov 2016 11:13:39 -0600, Matt Weber wrote: > From: Paresh Chaudhary <paresh.chaudhary@rockwellcollins.com> > > Generate md5 checksum for all files of boot directory > to allow runtime validation of boot images. > > Signed-off-by: Paresh Chaudhary <paresh.chaudhary@rockwellcollins.com> > Signed-off-by: Matt Weber <matthew.weber@rockwellcollins.com> Why specifically for those images, and not all files of the filesystem? This really looks like a very use-case specific problem, we certainly can't handle it in generic code like this the patch you're proposing. Best regards, Thomas
Thomas, On Fri, Nov 11, 2016 at 2:24 PM, Thomas Petazzoni < thomas.petazzoni@free-electrons.com> wrote: > Hello, > > On Fri, 11 Nov 2016 11:13:39 -0600, Matt Weber wrote: > > From: Paresh Chaudhary <paresh.chaudhary@rockwellcollins.com> > > > > Generate md5 checksum for all files of boot directory > > to allow runtime validation of boot images. > > > > Signed-off-by: Paresh Chaudhary <paresh.chaudhary@rockwellcollins.com> > > Signed-off-by: Matt Weber <matthew.weber@rockwellcollins.com> > > Why specifically for those images, and not all files of the filesystem? > > We thought for a iso9600 formatted iso, this was a way to add a quick integrity check capability to the images used for kernel/rootfs. Since the bzimage and initrd are both present in this boot folder. This allows a product's install process to check the integrity of a disk after flashing the iso to a bare drive (mount the new boot partition and run md5sum -c). It also opens up the option for runtime verifying the images you booted from if you add scripting in your rootfs.
Hello, On Fri, 11 Nov 2016 14:54:06 -0600, Matthew Weber wrote: > We thought for a iso9600 formatted iso, this was a way to add a quick > integrity check capability to the images used for kernel/rootfs. Since the > bzimage and initrd are both present in this boot folder. This allows a > product's install process to check the integrity of a disk after flashing > the iso to a bare drive (mount the new boot partition and run md5sum -c). > It also opens up the option for runtime verifying the images you booted > from if you add scripting in your rootfs. This all seems interesting, but if we want to solve this problem, we want to solve it globally for all filesystems, and the entire contents of the filesystem, not just the specific /boot directory of the specific iso9660 filesystem. Thomas
diff --git a/fs/iso9660/iso9660.mk b/fs/iso9660/iso9660.mk index d1d9cbf..d805465 100644 --- a/fs/iso9660/iso9660.mk +++ b/fs/iso9660/iso9660.mk @@ -144,6 +144,8 @@ endif # ROOTFS_ISO9660_USE_INITRD define ROOTFS_ISO9660_CMD + $(RM) -rf $(ROOTFS_ISO9660_TARGET_DIR)/boot/checksums.md5 + cd $(ROOTFS_ISO9660_TARGET_DIR)/boot/ && md5sum * > $(ROOTFS_ISO9660_TARGET_DIR)/boot/checksums.md5 $(HOST_DIR)/usr/bin/genisoimage -J -R -b $(ROOTFS_ISO9660_BOOT_IMAGE) \ -no-emul-boot -boot-load-size 4 -boot-info-table \ -o $@ $(ROOTFS_ISO9660_TARGET_DIR)