[flashrom] [PATCH] add calculating and printing of MD5 hashes of flash and file contents

Carl-Daniel Hailfinger c-d.hailfinger.devel.2006 at gmx.net
Mon Jun 27 01:44:45 CEST 2011 

Am 26.06.2011 03:47 schrieb Stefan Tauner:
> On Sun, 26 Jun 2011 03:02:44 +0200
> Stefan Tauner <stefan.tauner at student.tuwien.ac.at> wrote:
>
>   
>> The MD5 hashes of the files and flash contents are computed and printed whenever a file
>> or a whole flash device is read. This can be disabled by setting CONFIG_MD5 to no in the
>> makefile.
>> It uses a simple self-contained MD5 "library" with a permissive license in md5.[hc].
>>     

I am not sure if the MD5 code is allowed to be linked against GPLv2
flashrom since neither flashrom nor the MD5 code have any license
exception for linking.


>> Its author is added to the (new) acknowledgments section in the manpage.
>>     
> because there seem to be a bit of misunderstanding on the purpose of
> printing md5 hashes: this should not help you when you are using
> flashrom correctly (md5sum et al. are fine) but the poor souls (and the
> ones helping fixing them stuff i.e. you) when they have misused
> flashrom in one or another way. this allows us to verify for every log
> we receive which file has been used (together with the upcoming log
> file patch) without costing much when dealing with untrustworthy third
> parties (== euphemism :).
>
> size of flashrom with md5 (and libftdi linked):
>    text	   data	    bss	    dec	    hex	filename
>  309905	   1412	   9960	 321277	  4e6fd	flashrom
>
> without the patch at all:
>    text	   data	    bss	    dec	    hex	filename
>  306613	   1412	   9960	 317985	  4da21	flashrom
>
> i.e. ~1% of text size.
>
> the patch does integrate well and obviously i am pro using it, but i am
> not insisting on this at all if the majority objects it. i just thought
> it is a good idea and gave it a try :)
>   

If we don't care about cryptographic strength, why not pick a simpler
hash, e.g. FNV? Heck, a standard CRC would probably work as well, _but_
if CRC is used by the BIOS to verify parts of the flash image, there
might be interactions (e.g. collisions) which impact our hashing-

That said, I have trouble seeing the benefit of such hashes.

Regards,
Carl-Daniel

-- 
http://www.hailfinger.org/

More information about the flashrom mailing list