[U-Boot] Integity validation (checksum) of a squashfs root file system

[U-Boot] Integity validation (checksum) of a squashfs root file system

[Pascal Levesque]

Hi,

I would like to validate the integrity (checksum) of a squashfs root file system before starting Linux.

Current strategy I am using is:
- Wrap squashfs rootfs inside a u-boot image
- TFTP download on the target
- Download validation using iminfo
- Save squashfs rootfs in flash without the image header (Linux failed to load squashfs rootfs if u-boot image is present)

Problems:
- I need to hardcode squashfs rootfs offset in u-boot image in order to be able to flash it
- U-Boot image header information (size, crc, ...) is lost after a reboot. It is not possible to check the integrity of the flash content.

I would like to save some fields of u-boot image header (size, crc, ...)  in u-boot environment variables. And then do an integrity check at boot time.

I have not find a way to extract those fields and save them without changing u-boot code. 
I have added some code to ?iminfo? command to set environment variables for CRC, size, payload offset, timestamp.

Is it an acceptable way of doing it?
Is there a better way of doing it?

Thanks in advance,

Pascal

[U-Boot] Integity validation (checksum) of a squashfs root file system

[Pascal Levesque]

Hi,

I would like to validate the integrity (checksum) of a squashfs root file system before starting Linux.

Current strategy I am using is:
- Wrap squashfs rootfs inside a u-boot image
- TFTP download on the target
- Download validation using iminfo
- Save squashfs rootfs in flash without the image header (Linux failed to load squashfs rootfs if u-boot image is present)

Problems:
- I need to hardcode squashfs rootfs offset in u-boot image in order to be able to flash it
- U-Boot image header information (size, crc, ...) is lost after a reboot. It is not possible to check the integrity of the flash content.

I would like to save some fields of u-boot image header (size, crc, ...)  in u-boot environment variables. And then do an integrity check at boot time.

I have not find a way to extract those fields and save them without changing u-boot code. 
I have added some code to ?iminfo? command to set environment variables for CRC, size, payload offset, timestamp.

Is it an acceptable way of doing it?
Is there a better way of doing it?

Thanks in advance,

Pascal

[U-Boot] Integity validation (checksum) of a squashfs root file system

[Marek Vasut]

> Hi,
> 
> I would like to validate the integrity (checksum) of a squashfs root file
> system before starting Linux.
> 
> Current strategy I am using is:
> - Wrap squashfs rootfs inside a u-boot image
> - TFTP download on the target
> - Download validation using iminfo
> - Save squashfs rootfs in flash without the image header (Linux failed to
> load squashfs rootfs if u-boot image is present)
> 
> Problems:
> - I need to hardcode squashfs rootfs offset in u-boot image in order to be
> able to flash it - U-Boot image header information (size, crc, ...) is
> lost after a reboot. It is not possible to check the integrity of the
> flash content.
> 
> I would like to save some fields of u-boot image header (size, crc, ...) 
> in u-boot environment variables. And then do an integrity check at boot
> time.
> 
> I have not find a way to extract those fields and save them without
> changing u-boot code. I have added some code to ?iminfo? command to set
> environment variables for CRC, size, payload offset, timestamp.
> 
> Is it an acceptable way of doing it?
> Is there a better way of doing it?
> 
> Thanks in advance,
> 
> Pascal

Use sha1sum integrated into uboot and stick it at the end?

M

[U-Boot] Integity validation (checksum) of a squashfs root file system

[Pascal Levesque]

Hi M,

sha1sum does provide a console output but nothing that could be used for an 
automated check like crc32 -v...

Pascal

-----Original Message----- 
From: Marek Vasut
Sent: Monday, February 06, 2012 11:34 AM
To: u-boot at lists.denx.de
Cc: Pascal Levesque
Subject: Re: [U-Boot] Integity validation (checksum) of a squashfs root file 
system

> Hi,
>
> I would like to validate the integrity (checksum) of a squashfs root file
> system before starting Linux.
>
> Current strategy I am using is:
> - Wrap squashfs rootfs inside a u-boot image
> - TFTP download on the target
> - Download validation using iminfo
> - Save squashfs rootfs in flash without the image header (Linux failed to
> load squashfs rootfs if u-boot image is present)
>
> Problems:
> - I need to hardcode squashfs rootfs offset in u-boot image in order to be
> able to flash it - U-Boot image header information (size, crc, ...) is
> lost after a reboot. It is not possible to check the integrity of the
> flash content.
>
> I would like to save some fields of u-boot image header (size, crc, ...)
> in u-boot environment variables. And then do an integrity check at boot
> time.
>
> I have not find a way to extract those fields and save them without
> changing u-boot code. I have added some code to ?iminfo? command to set
> environment variables for CRC, size, payload offset, timestamp.
>
> Is it an acceptable way of doing it?
> Is there a better way of doing it?
>
> Thanks in advance,
>
> Pascal

Use sha1sum integrated into uboot and stick it at the end?

M 

[U-Boot] Integity validation (checksum) of a squashfs root file system

[Marek Vasut]

> Hi M,
> 
> sha1sum does provide a console output but nothing that could be used for an
> automated check like crc32 -v...

Make it export an env. variable?

M

> 
> Pascal
> 
> -----Original Message-----
> From: Marek Vasut
> Sent: Monday, February 06, 2012 11:34 AM
> To: u-boot at lists.denx.de
> Cc: Pascal Levesque
> Subject: Re: [U-Boot] Integity validation (checksum) of a squashfs root
> file system
> 
> > Hi,
> > 
> > I would like to validate the integrity (checksum) of a squashfs root file
> > system before starting Linux.
> > 
> > Current strategy I am using is:
> > - Wrap squashfs rootfs inside a u-boot image
> > - TFTP download on the target
> > - Download validation using iminfo
> > - Save squashfs rootfs in flash without the image header (Linux failed to
> > load squashfs rootfs if u-boot image is present)
> > 
> > Problems:
> > - I need to hardcode squashfs rootfs offset in u-boot image in order to
> > be able to flash it - U-Boot image header information (size, crc, ...)
> > is lost after a reboot. It is not possible to check the integrity of the
> > flash content.
> > 
> > I would like to save some fields of u-boot image header (size, crc, ...)
> > in u-boot environment variables. And then do an integrity check at boot
> > time.
> > 
> > I have not find a way to extract those fields and save them without
> > changing u-boot code. I have added some code to ?iminfo? command to set
> > environment variables for CRC, size, payload offset, timestamp.
> > 
> > Is it an acceptable way of doing it?
> > Is there a better way of doing it?
> > 
> > Thanks in advance,
> > 
> > Pascal
> 
> Use sha1sum integrated into uboot and stick it at the end?
> 
> M

[U-Boot] Integity validation (checksum) of a squashfs root file system

[Pascal Levesque]

Hi M,

this is very similar to my actual solution with iminfo (see below).
In fact, the main question is: Is it generic enough to be integrated in 
u-boot development tree?
Is it better to modify sha1sum instead?
Or finally, a more generic approach is to offer a command to set an 
environment variable from memory content like:
md [.b, .w, .l] address [# of objects] [environment variable name]
So, when a variable name is specified, "md" sets env. variable with the 
memory content.

Regards,

Pascal

--- a/common/cmd_bootm.c
+++ b/common/cmd_bootm.c
@@ -1097,6 +1097,7 @@
static int image_info(ulong addr)
{
     void *hdr = (void *)addr;
+    char str[80];

     printf("\n## Checking Image at %08lx ...\n", addr);

@@ -1120,6 +1121,16 @@
             puts("   Bad Data CRC\n");
             return 1;
         }
+
+        sprintf(str, "%lx", image_get_data_size(hdr)); /* write data size 
into string */
+        setenv("image_data_size", str);
+        sprintf(str, "%lx", image_get_dcrc(hdr)); /* write data crc into 
string */
+        setenv("image_data_crc", str);
+        sprintf(str, "%lx", image_get_data(hdr)); /* write data start 
address into string */
+        setenv("image_data_addr");
+        sprintf(str, "%lx", image_get_time(hdr)); /* write image timestamp 
into string */
+        setenv("image_timestamp", str);
+
         puts("OK\n");
         return 0;
#if defined(CONFIG_FIT)

-----Original Message----- 
From: Marek Vasut
Sent: Monday, February 06, 2012 1:41 PM
To: Pascal Levesque
Cc: u-boot at lists.denx.de
Subject: Re: [U-Boot] Integity validation (checksum) of a squashfs root file 
system

> Hi M,
>
> sha1sum does provide a console output but nothing that could be used for 
> an
> automated check like crc32 -v...

Make it export an env. variable?

M

>
> Pascal
>
> -----Original Message-----
> From: Marek Vasut
> Sent: Monday, February 06, 2012 11:34 AM
> To: u-boot at lists.denx.de
> Cc: Pascal Levesque
> Subject: Re: [U-Boot] Integity validation (checksum) of a squashfs root
> file system
>
> > Hi,
> >
> > I would like to validate the integrity (checksum) of a squashfs root 
> > file
> > system before starting Linux.
> >
> > Current strategy I am using is:
> > - Wrap squashfs rootfs inside a u-boot image
> > - TFTP download on the target
> > - Download validation using iminfo
> > - Save squashfs rootfs in flash without the image header (Linux failed 
> > to
> > load squashfs rootfs if u-boot image is present)
> >
> > Problems:
> > - I need to hardcode squashfs rootfs offset in u-boot image in order to
> > be able to flash it - U-Boot image header information (size, crc, ...)
> > is lost after a reboot. It is not possible to check the integrity of the
> > flash content.
> >
> > I would like to save some fields of u-boot image header (size, crc, ...)
> > in u-boot environment variables. And then do an integrity check at boot
> > time.
> >
> > I have not find a way to extract those fields and save them without
> > changing u-boot code. I have added some code to ?iminfo? command to set
> > environment variables for CRC, size, payload offset, timestamp.
> >
> > Is it an acceptable way of doing it?
> > Is there a better way of doing it?
> >
> > Thanks in advance,
> >
> > Pascal
>
> Use sha1sum integrated into uboot and stick it at the end?
>
> M 

[U-Boot] Integity validation (checksum) of a squashfs root file system

[Wolfgang Denk]

Dear "Pascal Levesque",

p[lease stop top-posting / full quoting.

In message <SNT129-DS22380D89FACBB7D7D8C8AAD740@phx.gbl> you wrote:
> 
> sha1sum does provide a console output but nothing that could be used for an 
> automated check like crc32 -v...

Please feel free to submit a patch that allows to add a third argument
to the sha1sum command similar to what we do with "crc".

Best regards,

Wolfgang Denk

-- 
DENX Software Engineering GmbH,     MD: Wolfgang Denk & Detlev Zundel
HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany
Phone: (+49)-8142-66989-10 Fax: (+49)-8142-66989-80 Email: wd at denx.de
Computers are not intelligent. They only think they are.