New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 734968 link

Starred by 1 user

Issue metadata

Status: Available
Owner: ----
Cc:
Components:
EstimatedDays: ----
NextAction: ----
OS: Chrome
Pri: 3
Type: Feature



Sign in to add a comment

Upgrade recovery kernel hash validation to SHA256

Project Member Reported by mnissler@chromium.org, Jun 20 2017

Issue description

The recovery images check official kernels by comparing a SHA1 digest of the actual kern-b image with a kernel command line option baked into the recovery kernel.

We should upgrade this to use SHA256.

Alternatively (as suggested by a comment in the recovery script) we might get rid of the baked-in good kernel hash and do proper validation the same was as firmware does. On the other hand, there might be a case for binding the recovery kernel to a specific image to install.
 
Project Member

Comment 1 by sheriffbot@chromium.org, Jun 20 2018

Labels: Hotlist-Recharge-Cold
Status: Untriaged (was: Available)
This issue has been Available for over a year. If it's no longer important or seems unlikely to be fixed, please consider closing it out. If it is important, please re-triage the issue.

Sorry for the inconvenience if the bug really should have been left as Available.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
Labels: -Hotlist-Recharge-Cold
Status: Available (was: Untriaged)
I think we still want to do this.
Cc: allenwebb@chromium.org

Sign in to add a comment