[syslinux] Verify contents before boot?

[Ady Ady]

> 
> Do you mean that you'd type the expected hash in, during every boot?  I 
> ask because without typing it in manually, there's a chronological 
> challenge in which a hash of the whole disc must then be stored on that 
> same disc.  You don't know the hash until the disc is produced, but you 
> can't produce the [automated] disc without knowing the hash.
> 
> Shao Miller
 

Agreed; the ISO9660 image cannot contain a yet-to-be-known hash value 
that would also pass the test later on. It can only be located 
"somewhere outside".

(Slightly off-topic, BTW, and just FYI, some recovery/data integrity 
tools, such as dvdisaster, Parchive and the like, use some form of 
Reed–Solomon codes and can append the recovery info right after the 
original ISO9660 image. Of course, this is beyond the scope of the 
Syslinux mailing list.)

But...

Within the to-be-built ISO image, we can have a checksum file, listing 
filenames (that are located within the ISO9660 filesystem) and the 
corresponding hash values. (This is in addition to the checksum of the 
whole ISO image being published somewhere else.)

Some Linux distributions use some kernel option in order to perform a 
test against such checksum file. In the boot menu, such option is 
listed as "Integrity check" or similar.

(Kind of a shameless plug, but not really:) Better yet, some (Syslinux) 
developer could improve and clean up "hash.c32":

 www.syslinux.org/archives/2017-July/025850.html 

which is faster and better than depending on the kernel's file/options.

For more than 5 years now, I've been waiting (and mildly pushing) for 
"hash.c32" to be improved and then to be included in official Syslinux 
archives, so my hopes are not high.

Regards,
Ady.