Project

General

Profile

Feature #3364

dboot should check boot archive integrity

Added by Keith Wesolowski about 8 years ago. Updated almost 8 years ago.

Status:
Resolved
Priority:
Normal
Category:
kernel
Start date:
2012-11-15
Due date:
% Done:

100%

Estimated time:
Difficulty:
Bite-size
Tags:
Gerrit CR:

Description

For a variety of reasons including machine-specific firmware bugs, bootloader bugs, or simple administrative error, it is possible for the boot archive loaded from boot media to be corrupt or incomplete. It would be useful to have a mechanism by which the integrity of that archive could be quickly checked prior to booting. This mechanism should be opt-in and backward-compatible with existing valid configurations.

If more than one multiboot module is provided by the boot loader, we should treat the last as a file containing a SHA-1 hash in ASCII format on a single line by itself for each previous module in the same order, and verify that the module(s) as loaded matches the hash(es). If not, we should refuse to boot and display an error message (i.e., dboot_panic()). The contents of the hash module are already reclaimed by the kernel when discarding boot memory, so there is no change in memory consumption at runtime. Note that at present the kernel ignores modules beyond the first, and there is no expectation that multiple modules, other than the hash module, will be utilised in the future.

If there is only one multiboot module, nothing changes relative to existing behaviour.

#1

Updated by Rich Lowe almost 8 years ago

  • Status changed from In Progress to Resolved
  • % Done changed from 90 to 100

Resolved in e65d07e

Also available in: Atom PDF