[syslinux] Verify contents before boot?
Ady Ady
ady-sf at hotmail.com
Sat Aug 5 00:41:44 PDT 2017
>
> Do you mean that you'd type the expected hash in, during every boot? I
> ask because without typing it in manually, there's a chronological
> challenge in which a hash of the whole disc must then be stored on that
> same disc. You don't know the hash until the disc is produced, but you
> can't produce the [automated] disc without knowing the hash.
>
> Shao Miller
Agreed; the ISO9660 image cannot contain a yet-to-be-known hash value
that would also pass the test later on. It can only be located
"somewhere outside".
(Slightly off-topic, BTW, and just FYI, some recovery/data integrity
tools, such as dvdisaster, Parchive and the like, use some form of
Reed–Solomon codes and can append the recovery info right after the
original ISO9660 image. Of course, this is beyond the scope of the
Syslinux mailing list.)
But...
Within the to-be-built ISO image, we can have a checksum file, listing
filenames (that are located within the ISO9660 filesystem) and the
corresponding hash values. (This is in addition to the checksum of the
whole ISO image being published somewhere else.)
Some Linux distributions use some kernel option in order to perform a
test against such checksum file. In the boot menu, such option is
listed as "Integrity check" or similar.
(Kind of a shameless plug, but not really:) Better yet, some (Syslinux)
developer could improve and clean up "hash.c32":
www.syslinux.org/archives/2017-July/025850.html
which is faster and better than depending on the kernel's file/options.
For more than 5 years now, I've been waiting (and mildly pushing) for
"hash.c32" to be improved and then to be included in official Syslinux
archives, so my hopes are not high.
Regards,
Ady.
More information about the Syslinux
mailing list