Checksum against truncated / corrupted avm files

atomvm / AtomVM

Tiny Erlang VM

https://www.atomvm.net

Apache License 2.0

1.47k stars 102 forks source link

Checksum against truncated / corrupted avm files #1260

Open bettio opened 1 month ago

bettio commented 1 month ago

There is no easy way to know if a .avm file is truncated or overwritten with other data. When this kind of issues happen they might be really annoying to debug. So .avm structure and content should be checked for integrity.

There are 2 possible options:

iterate all .avm sections checking for consistency (and maybe for an end-of-avm section)
add a checksum at the end of the AVM pack and verify it

UncleGrumpy commented 1 month ago

I love the idea of adding a checksum for verification. This will make verifying updates over OTA much more reliable.

pguyot commented 1 month ago

Something that popped out at work (not that we're using AtomVM, though) is the ability to cryptographically verify firmware signatures before applying OTA updates.