tech-kern: Re: Kernel CRC

Subject: Re: Kernel CRC
To: None <M.Drochner@fz-juelich.de>
From: Chris G. Demetriou <cgd@netbsd.org>
List: tech-kern
Date: 09/19/1999 10:33:52
Matthias Drochner <drochner@zel459.zel.kfa-juelich.de> writes:
> An automatic check is not the right thing imho. We'd have
> to wire the checksum into the bootloader every time the
> kernel is changed (or perhaps put it into a separate file) -
> a simple "cp netbsd /; reboot" wouldn't work anymore.

I don't think so.  I don't think i heard a call for anything nearly
that robust, or a guarantee that you were running a specific kernel.

for a simple checksum, you could do something simple and which has the
right properties:

	* checksum 0 in kernel ("where's it located?") == no checksum,
	  so don't bother checking it.

	* otherwise, kernel checksums to a known value.

(like UDP checksums...)  i.e. if you want extra sanity you get it,
otherwise you don't.

if you want to make it more robust, it'd be harder but still not too
hard to have the kernel contain e.g. an md5 of the kernel, then
have the boot block md5 the _rest_ of the kernel (again the pesky
'where is it?' problem 8-) and compare the hashes...


Those don't guarantee that you're running your One True Kernel, but do
guarantee to some level of certainty that the kernel you're running is
a valid kernel.

If you don't care, you don't run the extra program.  If you do, you
do.

Further, i'd say that:

> a simple "cp netbsd /; reboot" wouldn't work anymore.

unless you want to embed the checksum into the boot block (which i'd
say you don't want to do 8-), then you can just run the checksum as
part of the kernel build...


> Since we have md5 in libkern, it could be used as well.
> It is quite big, on i386 we get trouble if it is used
> together with libz and other space consuming code.
> (There is a 64k limit for text+data+bss+stack because
> we need to support real mode BIOS calls.)

I think something like this is inherently machine-dependent.  I mean,
the hardest part of it is probably figuring out _where_ to put the
checksum (and how to keep that out of the way of the checksum code
8-).  Further, for some machines it doesn't even make any sense,
because the kernel is loaded directly by the firmware, which doesn't
do any such check...


cgd
-- 
Chris Demetriou - cgd@netbsd.org - http://www.netbsd.org/People/Pages/cgd.html
Disclaimer: Not speaking for NetBSD, just expressing my own opinion.