Re: [flashrom] [PATCH] add calculating and printing of MD5 hashes of flash and file contents
On Sun, 26 Jun 2011 03:02:44 +0200 Stefan Tauner stefan.tauner@student.tuwien.ac.at wrote:
The MD5 hashes of the files and flash contents are computed and printed whenever a file or a whole flash device is read. This can be disabled by setting CONFIG_MD5 to no in the makefile. It uses a simple self-contained MD5 "library" with a permissive license in md5.[hc]. Its author is added to the (new) acknowledgments section in the manpage.
because there seem to be a bit of misunderstanding on the purpose of printing md5 hashes: this should not help you when you are using flashrom correctly (md5sum et al. are fine) but the poor souls (and the ones helping fixing them stuff i.e. you) when they have misused flashrom in one or another way. this allows us to verify for every log we receive which file has been used (together with the upcoming log file patch) without costing much when dealing with untrustworthy third parties (== euphemism :).
size of flashrom with md5 (and libftdi linked): text data bss dec hex filename 309905 1412 9960 321277 4e6fd flashrom
without the patch at all: text data bss dec hex filename 306613 1412 9960 317985 4da21 flashrom
i.e. ~1% of text size.
the patch does integrate well and obviously i am pro using it, but i am not insisting on this at all if the majority objects it. i just thought it is a good idea and gave it a try :)
Am 26.06.2011 03:47 schrieb Stefan Tauner:
On Sun, 26 Jun 2011 03:02:44 +0200 Stefan Tauner stefan.tauner@student.tuwien.ac.at wrote:
The MD5 hashes of the files and flash contents are computed and printed whenever a file or a whole flash device is read. This can be disabled by setting CONFIG_MD5 to no in the makefile. It uses a simple self-contained MD5 "library" with a permissive license in md5.[hc].
I am not sure if the MD5 code is allowed to be linked against GPLv2 flashrom since neither flashrom nor the MD5 code have any license exception for linking.
Its author is added to the (new) acknowledgments section in the manpage.
because there seem to be a bit of misunderstanding on the purpose of printing md5 hashes: this should not help you when you are using flashrom correctly (md5sum et al. are fine) but the poor souls (and the ones helping fixing them stuff i.e. you) when they have misused flashrom in one or another way. this allows us to verify for every log we receive which file has been used (together with the upcoming log file patch) without costing much when dealing with untrustworthy third parties (== euphemism :).
size of flashrom with md5 (and libftdi linked): text data bss dec hex filename 309905 1412 9960 321277 4e6fd flashrom
without the patch at all: text data bss dec hex filename 306613 1412 9960 317985 4da21 flashrom
i.e. ~1% of text size.
the patch does integrate well and obviously i am pro using it, but i am not insisting on this at all if the majority objects it. i just thought it is a good idea and gave it a try :)
If we don't care about cryptographic strength, why not pick a simpler hash, e.g. FNV? Heck, a standard CRC would probably work as well, _but_ if CRC is used by the BIOS to verify parts of the flash image, there might be interactions (e.g. collisions) which impact our hashing-
That said, I have trouble seeing the benefit of such hashes.
Regards, Carl-Daniel
On Mon, 27 Jun 2011 01:44:45 +0200 Carl-Daniel Hailfinger c-d.hailfinger.devel.2006@gmx.net wrote:
Am 26.06.2011 03:47 schrieb Stefan Tauner:
On Sun, 26 Jun 2011 03:02:44 +0200 Stefan Tauner stefan.tauner@student.tuwien.ac.at wrote:
The MD5 hashes of the files and flash contents are computed and printed whenever a file or a whole flash device is read. This can be disabled by setting CONFIG_MD5 to no in the makefile. It uses a simple self-contained MD5 "library" with a permissive license in md5.[hc].
I am not sure if the MD5 code is allowed to be linked against GPLv2 flashrom since neither flashrom nor the MD5 code have any license exception for linking.
imho it is ok... it is similar to MIT, but don't quote me on that.
Its author is added to the (new) acknowledgments section in the manpage.
because there seem to be a bit of misunderstanding on the purpose of printing md5 hashes: this should not help you when you are using flashrom correctly (md5sum et al. are fine) but the poor souls (and the ones helping fixing them stuff i.e. you) when they have misused flashrom in one or another way. this allows us to verify for every log we receive which file has been used (together with the upcoming log file patch) without costing much when dealing with untrustworthy third parties (== euphemism :).
size of flashrom with md5 (and libftdi linked): text data bss dec hex filename 309905 1412 9960 321277 4e6fd flashrom
without the patch at all: text data bss dec hex filename 306613 1412 9960 317985 4da21 flashrom
i.e. ~1% of text size.
the patch does integrate well and obviously i am pro using it, but i am not insisting on this at all if the majority objects it. i just thought it is a good idea and gave it a try :)
If we don't care about cryptographic strength, why not pick a simpler hash, e.g. FNV? Heck, a standard CRC would probably work as well, _but_ if CRC is used by the BIOS to verify parts of the flash image, there might be interactions (e.g. collisions) which impact our hashing-
there should be an easy way to compare the checksum with existing files. md5sum is installed almost everywhere.
That said, I have trouble seeing the benefit of such hashes.
point taken. should i mark it as rejected on pw?
-
Carl-Daniel Hailfinger -
Stefan Tauner