Purpose of the partition table md5 checksum

ablagodirov
Posts: 1
Joined: Thu Oct 21, 2021 8:05 am

Purpose of the partition table md5 checksum

Postby ablagodirov » Thu Oct 21, 2021 8:26 am

Hi,
We have moved to IDF 4.3 and faced problems during OTA with some old devices.
Those devices do not have md5 checksum in the partition table since we were using CMake build system since IDF 3.3.
And for some time it was not generated. (https://github.com/espressif/esp-idf/co ... 14703eab52)

So we disabled generation of MD5 and updated those devices (set CONFIG_PARTITION_TABLE_MD5=n)

Which drawbacks can we get? And what is the function of this checksum?

ESP_Sprite
Posts: 8921
Joined: Thu Nov 26, 2015 4:08 am

Re: Purpose of the partition table md5 checksum

Postby ESP_Sprite » Thu Oct 21, 2021 8:42 am

The downside would be that some types of corruption in the partition table could not be detected anymore. This means that in case of flash corruption, a device could boot with a corrupted partition table, leading to strange errors later on that may not indicate that the partition table is at fault; with a MD5 checksum, these errors would be detected immediately. Note that in general, corruption like this does not occur frequently, so in practice there should not be much difference.

(There's one other purpose, and that is if you have flash encryption and secureboot turned on. In that case, someone could corrupt a random 16-byte area of the partition table by messing with the flash in that area. With an MD5sum, the ESP32 halts immediately; without it, whatever problems result from this corruption may play a part in someone compromising the device. It'd be non-trivial to exploit this, if it even is possible, though.)

Who is online

Users browsing this forum: alubee and 135 guests