[ipxe-devel] [ipxe/ipxe] [digest] add sha1verify command (#57)

Discussion:

Bernhard M. Wiedemann

2016-10-10 14:39:17 UTC

This allows to get a trusted image with known digest value
that is embedded in the ipxe script

example usage:
imgtrust
kernel http://boot.ipxe.org/memtest.0
sha1verify memtest.0 5d78d4c7e97c99bca3d3dff602b84dde5b70c5bf
boot

an md5verify cmd could easily be added,
but would not be recommended to use
because of known weaknesses with MD5 digests
You can view, comment on, or merge this pull request online at:

https://github.com/ipxe/ipxe/pull/57

-- Commit Summary --

* [digest] split out hashing part
* [digest] add sha1verify command

-- File Changes --

M src/hci/commands/digest_cmd.c (124)

-- Patch Links --

https://github.com/ipxe/ipxe/pull/57.patch
https://github.com/ipxe/ipxe/pull/57.diff

--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/ipxe/ipxe/pull/57

Bernhard M. Wiedemann

2016-10-12 13:25:14 UTC

Permalink

@bmwiedemann pushed 1 commit.

0bc371d [digest] shift more code into shared function

--
You are receiving this because you are subscribed to this thread.
View it on GitHub:
https://github.com/ipxe/ipxe/pull/57/files/07f50e49126f2c98c1cb5160287bc2de447f95e0..0bc371d4ab27f7baee1968a5064fef1094bb224b

Bernhard M. Wiedemann

2017-03-29 13:29:52 UTC

Permalink

ping

--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/ipxe/ipxe/pull/57#issuecomment-290089937

Paul Liljenberg

2017-03-30 09:59:55 UTC

Permalink

There is weaknesses in sha1 to; https://shattered.io Go for sha256 at least.

--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/ipxe/ipxe/pull/57#issuecomment-290362430

Michael Brown

2017-03-30 10:29:11 UTC

Permalink

It needs a substantial cleanup before being mergeable. Also, rather than argue over which digest algorithm commands should exist, we should be able to use whichever digests are compiled in (which is controlled by config/crypto.h); this will require either a command syntax such as "digest sha256 <image>" with digests collected via the linker table mechanism, or per-digest files linked in as necessary (as used by e.g. crypto/mishmash/rsa_sha256.c).

--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/ipxe/ipxe/pull/57#issuecomment-290369961

Bernhard M. Wiedemann

2018-10-24 07:55:49 UTC

Permalink

I just noticed that this is similar to #34 but I cannot follow up on either. So, if someone wants to pick this up, I'd welcome it.

--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/ipxe/ipxe/pull/57#issuecomment-432551916