lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Tue, 20 Jul 2021 11:47:49 +0530
From:   Pintu Agarwal <pintu.ping@...il.com>
To:     Richard Weinberger <richard@....at>
Cc:     Greg KH <greg@...ah.com>,
        linux-kernel <linux-kernel@...r.kernel.org>,
        linux-mtd <linux-mtd@...ts.infradead.org>,
        linux-fsdevel <linux-fsdevel@...r.kernel.org>,
        Phillip Lougher <phillip@...ashfs.org.uk>,
        Sean Nyekjaer <sean@...nix.com>,
        Kernelnewbies <kernelnewbies@...nelnewbies.org>
Subject: Re: MTD: How to get actual image size from MTD partition

On Mon, 19 Jul 2021 at 14:58, Richard Weinberger <richard@....at> wrote:
>
> ----- Ursprüngliche Mail -----
> > Von: "Pintu Agarwal" <pintu.ping@...il.com>
> > An: "richard" <richard@....at>
> > CC: "Greg KH" <greg@...ah.com>, "linux-kernel" <linux-kernel@...r.kernel.org>, "linux-mtd"
> > <linux-mtd@...ts.infradead.org>, "linux-fsdevel" <linux-fsdevel@...r.kernel.org>, "Phillip Lougher"
> > <phillip@...ashfs.org.uk>, "Sean Nyekjaer" <sean@...nix.com>, "Kernelnewbies" <kernelnewbies@...nelnewbies.org>
> > Gesendet: Montag, 19. Juli 2021 11:09:46
> > Betreff: Re: MTD: How to get actual image size from MTD partition
>
> > On Fri, 16 Jul 2021 at 21:56, Richard Weinberger <richard@....at> wrote:
> >
> >> >> My requirement:
> >> >> To find the checksum of a real image in runtime which is flashed in an
> >> >> MTD partition.
> >> >
> >> > Try using the dm-verity module for ensuring that a block device really
> >> > is properly signed before mounting it.  That's what it was designed for
> >> > and is independent of the block device type.
> >>
> >> MTDs are not block devices. :-)
> >>
> > Is it possible to use dm-verity with squashfs ?
> > We are using squashfs for our rootfs which is an MTD block /dev/mtdblock44
>
> Well, if you emulate a block device using mtdblock, you can use dm-verity and friends.
> Also consider using ubiblock. It offers better performance and wear leveling support.
>
Okay thank you.
We have tried dm-verity with squashfs (for our rootfs) but we are
facing some mounting issues.
[...]
[    4.697757] device-mapper: init: adding target '0 96160 verity 1
/dev/mtdblock34 /dev/mtdblock39 4096 4096 12020 8 sha256
d7b8a7d0c01b9aec888930841313a81603a50a2a7be44631c4c813197a50d681
aee087a5be3b982978c923f566a94613496b417f2af592639bc80d141e34dfe7'
[    4.704771] device-mapper: verity: sha256 using implementation
"sha256-generic"
[...]
[    4.727366] device-mapper: init: dm-0 is ready
[    4.912558] VFS: Cannot open root device "dm-0" or
unknown-block(253,0): error -5

The same works with ext4 emulation.
So, not sure if there are any changes missing w.r.t. squashfs on 4.14 kernel ?

Anyways, I will create a separate thread for dm-verity issue and keep
this thread still open for UBI image size issue.
We may use dm-verify for rootfs during booting, but still we need to
perform integrity check for other nand partitions and UBI volumes.

So, instead of calculating the checksum for the entire partition, is
it possible to perform checksum only based on the image size ?
Right now, we are still exploring what are the best possible
mechanisms available for this.

Thanks,
Pintu

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ