mcuboot icon indicating copy to clipboard operation
mcuboot copied to clipboard
verified publisher icon mcu-tools

Implement the Swap Hash algorithm

Open d3zd3z opened this issue 4 years ago • 5 comments

Pushing this early to get some review on the docs.

d3zd3z avatar Apr 15 '22 16:04 d3zd3z

@d3zd3z, Hi this is a nice proposal but maybe there is a way to better support devices with large write block sizes.

Suppose that instead of updating the progress status, the progress status is precalculated. E.g. a (running) crc32 would be calculated for each sector and this is written to the status before starting the upgrade. This can be written once taking into account the write block size. The progress is then determined by comparing the crc32 with the one that has been precalculated, as soon as a crc32 differs from the expected we have found the place where the upgrade has stopped, the upgrade can be restarted from this point.

@danieldegrasse, for your info.

Laczen avatar May 12 '22 07:05 Laczen

@Laczen thanks for the suggestion. I'm not sure I see how this differs very much from what I'm proposing, though. A running sum, vs just having a hash of each block still needs to store that value. And, we still need to pre-compute them to make sure there aren't any collisions (and perhaps change a seed value).

d3zd3z avatar May 17 '22 18:05 d3zd3z

After going through the documentation once more I think it is basically the same. IMO this should be the standard method as it allows removing the swap status from the image slots.

Laczen avatar May 17 '22 19:05 Laczen

@d3zd3z As I went through this RFC I found it as outstanding mechanism. It was not clear to me was when HASH'es are written (as I understand now that happens only twice either before the sliding and the swap operations). Maybe worth to introduce a wording and decryption for highlight that all HASH'es are written at once, and that HASH'es list is a control matrix for slots.

nvlsianpu avatar May 20 '22 11:05 nvlsianpu

@nvlsianpu writes:

It was not clear to me was when HASH'es are written

They are computed and written once, before any flash operations are started. There is no update to them between slide and swap, as the same hashes apply.

I probably have to think a bit about hashes and encryption, though, as using encryption might require some trickery to avoid having to have twice as many hashes.

d3zd3z avatar May 20 '22 17:05 d3zd3z

This pull request has been marked as stale because it has been open (more than) 60 days with no activity. Remove the stale label or add a comment saying that you would like to have the label removed otherwise this pull request will automatically be closed in 14 days. Note, that you can always re-open a closed pull request at any time.

github-actions[bot] avatar Nov 17 '22 02:11 github-actions[bot]