diff --git a/.github/workflows/Linux.yml b/.github/workflows/Linux.yml index d828771..174d9fb 100644 --- a/.github/workflows/Linux.yml +++ b/.github/workflows/Linux.yml @@ -70,3 +70,10 @@ jobs: with: name: ${{ matrix.TARGET_TYPE }} path: ./*.efi + + - name: Create release + uses: softprops/action-gh-release@v1 + if: startsWith(github.ref, 'refs/tags/') + with: + token: ${{ secrets.GITHUB_TOKEN }} + files: ./*.efi diff --git a/README.md b/README.md index 9f373b5..8e23a6d 100644 --- a/README.md +++ b/README.md @@ -7,8 +7,59 @@ uefi-md5sum - MD5 checksum validation for UEFI ============================================== -uefi-md5sum is a UEFI bootloader designed to perform MD5 checksum verification -from media containing an `md5sum.txt` list of hashes. +## Description + +uefi-md5sum is a UEFI bootloader designed to perform MD5 hash verification of a +media containing an `md5sum.txt` list of hashes. + +This is primarily aimed at being used with [Rufus](https://rufus.ie) for the +creation of USB bootable media (such as Linux or Windows installation drives) +that can perform self-verification on each boot. + +The reasoning with wanting to perform validation on boot rather than on media +creation is based on the fact that flash based media, and especially cheap USB +flash drives or SD cards, are exceedingly prone to failures **after** the media +was written. + +As such, we assert that, only validating the content at write-time (like +balenaEtcher and, in part, Microsoft's Media Creation Tool do) is not enough to +help users ensure that their installation media hasn't become compromised. + +This boot time validation can also prove itself useful if the boot process or +installation process produces errors, in which case, the first thing a user +may want to do, is reboot and let uefi-md5sum perform its check, to highlight +or rule out data corruption. + +## Usage + +uefi-md5sum is intended to replace, and then chain load, the original UEFI +bootloader. + +To accomplish this, the original `/efi/boot/boot###.efi` should be renamed to +`/efi/boot/boot###_original.efi` with uefi-md5sum bootloader then installed as +`/efi/boot/boot###.efi`. + +## md5sum.txt extensions + +If `md5sum.txt` sets an `md5sum_totalbytes` variable, in the form of a comment +similar to: +``` +# md5sum_totalbytes = 0x1234abcd +``` +Then uefi-md5sum interprets this value to be sum of all the file sizes of the +files referenced in `md5sum.txt`, and uses it for more accurate progress +reporting. Otherwise, progress is only incremented after each file has been +processed, regardless of its actual size. + +Thus, the provision of `md5sum_totalbytes` allows for accurate progress report, +as well the avoidance of apparent progress "freezeouts" when very large files +are being hashed (such as large squashfs or install.wim images). + +It should be noted however that, currently, uefi-md5sum supports only the +provision of an `md5sum_totalbytes` value in **lowercase** hexadecimal (no +uppercase hex, no decimal). On the other hand, there is no restriction to where, +in `md5sum.txt`, `md5sum_totalbytes` needs to be specified (i.e. it does not +necessarily mean to appear at the beginning of the file). ## Prerequisites diff --git a/src/hash.c b/src/hash.c index 4473a20..43dad09 100644 --- a/src/hash.c +++ b/src/hash.c @@ -338,7 +338,7 @@ EFI_STATUS HashFile( // Compute the MD5 Hash Md5Init(&Context); for (ReadBytes = 0; ; ReadBytes += ReadSize) { - ReadSize = sizeof(Buffer); + ReadSize = READ_BUFFERSIZE; Status = File->Read(File, &ReadSize, Buffer); if (EFI_ERROR(Status)) goto out; diff --git a/tests/test_list.txt b/tests/test_list.txt index 977f2fa..56aabb4 100644 --- a/tests/test_list.txt +++ b/tests/test_list.txt @@ -69,7 +69,6 @@ Mixed case hash: [14] Not Found # Max Path size > filename=$(cat /dev/zero | tr '\0' 'a' | head -c 512) > echo -n "00112233445566778899aabbccddeeff $filename" > image/md5sum.txt -aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa...: [2] Invalid Parameter 1/1 file processed [1 failed] # Comment preceded by whitespaces