Open jsha opened 10 years ago
davidstrauss
commented
10 years ago I suggest shipping a sha256sum manifest along with the firmware, which the sha256sum utility can use to verify the extracted files. If either the manifest or the actual files get corrupted, there's a near-certainty of discovering the disparity.
Any discovered disparity ought to flash LEDs in a telltale way, in addition to showing an error in the GUI.
Rangak
commented
10 years ago We are lucky, at least routers are nearby .... http://www.zdnet.com/rebooting-on-mars-7000033213/#ftag=RSS510d04f?utm_source=twitterfeed&utm_medium=twitter .
BTW, we do verify the received image file in RAM against the expected sha256sum when flashing a new image. However as this incident points out we need to do this for the image in FLASH every time we boot. A secure boot based mechanism would be the preferred solution. The 3800 does not have secure boot support. Future hardware platform hopefully will. Waiting for successful boot, so we can use sha256sum utility is a partial solution (i.e. corruption could cause boot failure). If someone implements and provides this for 3800 we can include it. I see fixing this for the 3800 as a low priority issue.
I spent some time debugging a problem with @davidstrauss that turned out to be caused by bad flash memory on his router. We should ensure that on first boot we do a sanity check that all the bits match what they should be, and notify the user as best we can if they don't.