[LinuxBIOS] ROM image integrity

Eric W. Biederman ebiederman at lnxi.com
Sat Nov 12 22:27:04 CET 2005


Stefan Reinauer <stepan at openbios.org> writes:

> Hi,
>
> Some suggestions:
>
> 1) We could put a checksum in the LinuxBIOS rom image so it can be 
>    checked for integrity during boot time. Usually safety relevant 
>    embedded devices require such a checksum and use CRC16 or CRC32 
>    for that.

That sounds sane, at least in principle.

> 2) Is there any distinct way of finding out whether a flash image 
>    is a LinuxBIOS image? One thing that can be read from an image 
>    is the mainboard vendor and id, but the code looks somewhat ugly:
>       
>       void show_id(unsigned char *bios, int size)
>       {
>               unsigned char *manuf, *id;
>       
>               id=bios+size-0x1d;
>               while (*id==0) id--; 
>               while (*id)    id--;
>       
>               manuf=id-1; id++;
>               while (*manuf && *manuf!=0xff) manuf--;
>               manuf++;
>       
>               printf("MANUFACTURER: %s\n", manuf);
>               printf("MAINBOARD ID: %s\n", id);
>       }

We have on most boards id.lds  That places that information at a magic location.
Unfortunately that conflicts with nvidia chipset requirements.   And I think
in the general case and fixed location will be a problem.
       
> 3) There should be a flash description map in the rom file that allows 
>    a program accessing the flash to automatically exclude certain 
>    flashing areas such as the onboard option rom space or the fallback 
>    image.

Again in principle I agree.  

My basic concern is that I don't think we can do this inline across
variations in architecture.  Although I don't have a problem exporting
such information from the linuxbios table which should work universally
but it won't work for the first we flash something.

Please checkout our latest version of lbflash
ftp://ftp.lnxi.com/pub/linuxbios/utilities/lbflash/

We have a working map.  The code works well enough that we can deal
with multiple flash chips and other weird cases automatically.

Things like not flashing the fallback image by default we have been doing
for a long time.  Being able to just flash the bootloader/payload we are
just starting to do but the structure is there.

The ideal case is if we could start converging flash_and_burn and lbflash.
At least with respect to user interface.

The case that isn't currently covered is a checksum and that is only because
it keeps slipping my mind.  We do perform a full byte for byte
comparison against the source file though.  Which is good to ensure
you have flashed successfully but it doesn't detect if your romimage
got damaged in transport.

Eric




More information about the coreboot mailing list