New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 734968 link

Starred by 1 user
Status: Available
Owner: ----
Cc:
wad@chromium.org
allenwebb@chromium.org
jorgelo@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Chrome
Pri: 3
Type: Feature



Sign in to add a comment

Upgrade recovery kernel hash validation to SHA256

Project Member Reported by mnissler@chromium.org, Jun 20 2017 
The recovery images check official kernels by comparing a SHA1 digest of the actual kern-b image with a kernel command line option baked into the recovery kernel.

We should upgrade this to use SHA256.

Alternatively (as suggested by a comment in the recovery script) we might get rid of the baked-in good kernel hash and do proper validation the same was as firmware does. On the other hand, there might be a case for binding the recovery kernel to a specific image to install.
Project Member

Comment 1 by sheriffbot@chromium.org, Jun 20 2018

Labels: Hotlist-Recharge-Cold
Status: Untriaged (was: Available)
This issue has been Available for over a year. If it's no longer important or seems unlikely to be fixed, please consider closing it out. If it is important, please re-triage the issue.

Sorry for the inconvenience if the bug really should have been left as Available.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Comment 2 by jorgelo@chromium.org, Jun 20 2018

Labels: -Hotlist-Recharge-Cold
Status: Available (was: Untriaged)
I think we still want to do this.

Comment 3 by allenwebb@google.com, Aug 30

Cc: allenwebb@chromium.org

Sign in to add a comment