-
Notifications
You must be signed in to change notification settings - Fork 22
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Why is there a "write" to microsd on the very first boot? #37
Comments
Btw: this is repeatable. I can zero my microsd card, then write my custom version of seedsigner onto and even extract the exact hash that matches that file. If I boot once, fully, and do nothing, then yank it... I get a different hash when I check my microsd. I can do this again and again, I always end up with a changed hash that matches the last time I tried this. It is not at all worrisome to me, because after that first boot, it stops changing. I'm just hoping to be able to explain it. |
https://forum.cgsecurity.org/phpBB3/viewtopic.php?t=1791 No idea if this is related, but in this thread, someone is talking about 0x41 not being the same, and that's the same byte before the 0x29 that I'm seeing. Some talk of a "dirty bit" in boot sector to signify that something was not written correctly in the past? |
@jdlcdl Thanks for your research on this. That is probably because of "Dirty bit". We actually remove the MicroSD without umounting it from system... True it adds a single bit, which changes the hash of all MicroSD: But the good news are that the files integrity still in ALL files. They still have the same hash even having the "Dirty bit". This can be probably solved umouting manually, but all users will need to umount it manually and probably isn't that handy for user experience. The best approach I could do, is to verify the files hashes with something like: sha256sum * Here goes mine from https://github.com/SeedSigner/seedsigner/releases/download/0.5.1_EXP/SeedSignerOS_0_5_1_EXP.img:
Ping @newtonick @SeedSigner in case they want to add someting about this. |
This explanation is perfectly reasonable! Thank you! |
Thanks for your time and the enthusiasm with this! :) Please feel free to Close the Issue if you think that it get solved to you. |
Inspired by questions and a convo w/ "Robert Brian" this mornign in the seedsigner telegram group.
I've found that SeedSignerOS appears to write to the microsd during the very first boot after writing the microsd.
tl;dr: I'm trying to use dd to get a checksum of a microsd as a baseline, and then be able to verify it has not changed in the future, after much activity, by comparing my baseline checksum.
My write-up, intended for Mr. Brian...
I'd mentioned that I suspect we can verify that our microsd has not been touched, so here is my hypothesis for how we might do so:
dd if=/dev/zero bs=8M of=/dev/microsd status=progress
this took the better part of an hour for my 32GB microsd, I killed it with
sudo pkill dd
after it ran out of space and wouldn't exit on its own.To make sure I've got all zeros, I compared the first 64M of my microsd to 64M of /dev/zero.
dd if=/dev/zero bs=64M count=1| sha256sum
anddd if=/dev/microsd bs=64M count=1 | sha256sum
both gave me the same outputThis is enough because:
Write SeedSigner OS onto the microsd
sudo dd if=~/Downloads/SeedSignerOS_0_5_1_EXP.img of=/dev/microsd status=progress
gives me output like:OK, Let's see what that checksum looks like, being careful to only look at the blocks written to our microsd.
sudo dd if=/dev/microsd count=69633 | sha256sum
gives me output like:Cool, that happens to be the same hash that our repo says we should have downloaded when installing the 0.5.1 SeedSigner OS image.
Now let's see what the checksum is for the first 64M, assuming that we'll catch any future writes as long as they change existing bits or extend that filesystem.
sudo dd if=/dev/microsd bs=64M count=1| sha256sum
This is close, but it is not yet our baseline.
So, remove the microsd from the computer, insert it into seedsigner, and let seedsigner boot fully, then setup your persistent settings however you like. DO NOT LOAD ANY SEEDS. Just pull power, and remove your microsd card so that we can get a final baseline hash using the steps above.
With the microsd back in your computer, get your new baseline.
sudo dd if=/dev/microsd bs=64M count=1| sha256sum
If what I'm suggesting is sound, it should not change in the future unless we change our persistent settings with the microsd inserted.
Unfortunately, I'm using an old pi2 and a self-built SeedSigner OS w/ version 0.5.2, so my baseline is going to look different than yours (maybe yours will look different than everyone else's because of that un-explained write that happens on the very first boot.). My microsd card is returning the same hash as my baseline after a few reboots, after a few loads of different seeds, and after 1 signed transaction on testnet. I'll reference this message in the future if I notice that my microsd changes after repeated activity.
(for my own future reference), with a self-built seedsigner_0.5.2 for pi2 having hash 8eef773e71751fbba30ccc292d4bde2ca9e8076ed65f3404dddb9013b0e510f8,
my baseline after first boot (and much activity aftewards, never saving persistent settings) looks like:
The text was updated successfully, but these errors were encountered: