[flashrom] [PATCH] add calculating and printing of MD5 hashes of flash and file contents

Stefan Tauner stefan.tauner at student.tuwien.ac.at
Mon Jun 27 02:16:06 CEST 2011


On Mon, 27 Jun 2011 01:44:45 +0200
Carl-Daniel Hailfinger <c-d.hailfinger.devel.2006 at gmx.net> wrote:

> Am 26.06.2011 03:47 schrieb Stefan Tauner:
> > On Sun, 26 Jun 2011 03:02:44 +0200
> > Stefan Tauner <stefan.tauner at student.tuwien.ac.at> wrote:
> >
> >   
> >> The MD5 hashes of the files and flash contents are computed and printed whenever a file
> >> or a whole flash device is read. This can be disabled by setting CONFIG_MD5 to no in the
> >> makefile.
> >> It uses a simple self-contained MD5 "library" with a permissive license in md5.[hc].
> >>     
> 
> I am not sure if the MD5 code is allowed to be linked against GPLv2
> flashrom since neither flashrom nor the MD5 code have any license
> exception for linking.

imho it is ok... it is similar to MIT, but don't quote me on that.

> >> Its author is added to the (new) acknowledgments section in the manpage.
> >>     
> > because there seem to be a bit of misunderstanding on the purpose of
> > printing md5 hashes: this should not help you when you are using
> > flashrom correctly (md5sum et al. are fine) but the poor souls (and the
> > ones helping fixing them stuff i.e. you) when they have misused
> > flashrom in one or another way. this allows us to verify for every log
> > we receive which file has been used (together with the upcoming log
> > file patch) without costing much when dealing with untrustworthy third
> > parties (== euphemism :).
> >
> > size of flashrom with md5 (and libftdi linked):
> >    text	   data	    bss	    dec	    hex	filename
> >  309905	   1412	   9960	 321277	  4e6fd	flashrom
> >
> > without the patch at all:
> >    text	   data	    bss	    dec	    hex	filename
> >  306613	   1412	   9960	 317985	  4da21	flashrom
> >
> > i.e. ~1% of text size.
> >
> > the patch does integrate well and obviously i am pro using it, but i am
> > not insisting on this at all if the majority objects it. i just thought
> > it is a good idea and gave it a try :)
> >   
> 
> If we don't care about cryptographic strength, why not pick a simpler
> hash, e.g. FNV? Heck, a standard CRC would probably work as well, _but_
> if CRC is used by the BIOS to verify parts of the flash image, there
> might be interactions (e.g. collisions) which impact our hashing-

there should be an easy way to compare the checksum with existing
files. md5sum is installed almost everywhere.

> That said, I have trouble seeing the benefit of such hashes.

point taken. should i mark it as rejected on pw?
-- 
Kind regards/Mit freundlichen Grüßen, Stefan Tauner




More information about the flashrom mailing list