gnoi icon indicating copy to clipboard operation
gnoi copied to clipboard
verified publisher icon openconfig

os.proto package verification question

Open aaronmillisor opened this issue 3 years ago • 1 comments

In the os.proto definition there is a suggestion that the transferred file should check the hash of the image against a known good hash, with the hash ideally being embedded in the package itself.

https://github.com/openconfig/gnoi/blob/master/os/os.proto#L33

  // The OS package file format is platform dependent. The platform MUST
  // validate that the OS package that is supplied is valid and bootable. This
  // SHOULD include a hash check against a known good hash. It is recommended
  // that the hash is embedded in the OS package.

Assuming that the hash we are discussing is something like an md5sum of the image we are transferring, how is a previous version of an OS image expected to know the hash of a future image? Also, how would the hash be expected to be included within the image against which the hash is being checked?

aaronmillisor avatar May 11 '22 21:05 aaronmillisor

Hi @aaronmillisor, there are no expectations about a previous OS version having any knowledge regarding future OS binary hashes. Anything after SHOULD is a recommendation and is up to the platform to implement at their own preference, as long as the end goal of validating that the uploaded binary is valid and bootable, is achieved.

While reading this section I do agree that it can be further improved to communicate this idea better.

samribeiro avatar May 12 '22 18:05 samribeiro