[flashrom] [PATCH] add calculating and printing of MD5 hashes of flash and file contents
Carl-Daniel Hailfinger
c-d.hailfinger.devel.2006 at gmx.net
Mon Jun 27 01:44:45 CEST 2011
Am 26.06.2011 03:47 schrieb Stefan Tauner:
> On Sun, 26 Jun 2011 03:02:44 +0200
> Stefan Tauner <stefan.tauner at student.tuwien.ac.at> wrote:
>
>
>> The MD5 hashes of the files and flash contents are computed and printed whenever a file
>> or a whole flash device is read. This can be disabled by setting CONFIG_MD5 to no in the
>> makefile.
>> It uses a simple self-contained MD5 "library" with a permissive license in md5.[hc].
>>
I am not sure if the MD5 code is allowed to be linked against GPLv2
flashrom since neither flashrom nor the MD5 code have any license
exception for linking.
>> Its author is added to the (new) acknowledgments section in the manpage.
>>
> because there seem to be a bit of misunderstanding on the purpose of
> printing md5 hashes: this should not help you when you are using
> flashrom correctly (md5sum et al. are fine) but the poor souls (and the
> ones helping fixing them stuff i.e. you) when they have misused
> flashrom in one or another way. this allows us to verify for every log
> we receive which file has been used (together with the upcoming log
> file patch) without costing much when dealing with untrustworthy third
> parties (== euphemism :).
>
> size of flashrom with md5 (and libftdi linked):
> text data bss dec hex filename
> 309905 1412 9960 321277 4e6fd flashrom
>
> without the patch at all:
> text data bss dec hex filename
> 306613 1412 9960 317985 4da21 flashrom
>
> i.e. ~1% of text size.
>
> the patch does integrate well and obviously i am pro using it, but i am
> not insisting on this at all if the majority objects it. i just thought
> it is a good idea and gave it a try :)
>
If we don't care about cryptographic strength, why not pick a simpler
hash, e.g. FNV? Heck, a standard CRC would probably work as well, _but_
if CRC is used by the BIOS to verify parts of the flash image, there
might be interactions (e.g. collisions) which impact our hashing-
That said, I have trouble seeing the benefit of such hashes.
Regards,
Carl-Daniel
--
http://www.hailfinger.org/
More information about the flashrom
mailing list