New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
wip: POC of checksums using bindesc #63350
Conversation
548393a
to
b10a53b
Compare
Extra feature: added the option to make the descriptors space of constant size, giving the descriptors room to change their sizes without affecting the checksum. For example, these two images have the same checksum, even though the
|
Signed-off-by: Yonatan Schachter <yonatan.schachter@gmail.com>
b10a53b
to
2250154
Compare
if segment.section_in_segment(section): | ||
if not (section.name == "rom_start" and segment.section_in_segment(section)): | ||
# Don't include rom_start in the checksum calculation | ||
image_data += section.data() |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
You'd probably want to include the load address of the chunk in the hash somehow?
As you suggest, objcopy
could be a good approach, and hashing an ihex file would give you an equivalent - where the hash operates on a "sparse but gaps are still encoded" basis.
... and possibly sort the chunks by their load address? (unless they are presented in-order already / is that guaranteed)
|
||
def set_checksums(filename): | ||
with open(filename, 'rb+') as file_stream: | ||
elffile = ELFFile(file_stream) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Not so sure this is really that useful, if the image is for MCUboot then the hex and bin files will have headers and footers added, so an MD5 hash (not a checksum) is not useful here. And if an elf file is split up, e.g. into different memory regions, this also does not have much use because the MCU would not ever really be able to verify that hash.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is not intended as a cryptographic hash for the MCU to verify (although it can be). It's a method for creating a "build ID". The use case, as phrased by @JordanYates is:
The GNU build ID tells you, without any doubt, the binary running on this device is the same as the binary I am inspecting on my computer.
It's harder to do with the hash given by imgtool: that only associates the binary running on a device with a binary on your computer, not an ELF, and it only works if your image is signed - it won't work on the bootloader itself or on a native_posix image. Also, if the image includes a build time, you will get a different hash for different builds.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ah I see what you are trying to do here, in that case let's remove "checksum" from this because it is not a checksum. Build ID is a good way to refer to it.
This pull request has been marked as stale because it has been open (more than) 60 days with no activity. Remove the stale label or add a comment saying that you would like to have the label removed otherwise this pull request will automatically be closed in 14 days. Note, that you can always re-open a closed pull request at any time. |
This pull request has been marked as stale because it has been open (more than) 60 days with no activity. Remove the stale label or add a comment saying that you would like to have the label removed otherwise this pull request will automatically be closed in 14 days. Note, that you can always re-open a closed pull request at any time. |
This is a proof of concept demonstrating how binary descriptors could be used to store a checksum/build-id of the executable.
This was first requested here: #51532.
Essentially the steps taken are:
Another important note is that the
rom_start
section is not included in the checksum calculation, because that section contains the binary descriptors. This ensures that the build time is not included in the calculation, producing consistent checksums on consecutive builds.This was tested on
native_posix
andrpi_pico
.I'm submitting this as a draft, as there are still some questions to be answered:
west sign
?Example output: