[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Verified Boot, Secure Boot, dm-verity, debcheckroot

There are tools that can help with checking all files on the hard drive
such as `debsums`. However, while `debsums` is more popular, it is

Quote https://www.elstel.org/debcheckroot/

During development of Verifiable Builds experiences were made with
verification of MBR, VBR, bootloader, partition table, kernel and
initrd. Source code was created to analyze such files.


regarding verifiable builds with gcc, flex, bison, etc.:

I have recompiled some of my self-written source code lately with gcc and the executables and object files were exactly the same.
So when is a build now deterministic?
I would be interested in comparing compilation results of the kernel sources. Does anyone know what needs to be met for these to be deterministic? From what Debian/gcc version on are deterministic builds supported? I remember this was a well discussed issue some time ago. I have a self compiled kernel under Debian8. I guess that one would not have been built deterministic? It is an issue to verify a self compiled kernel (I need to use the patch from https://www.elstel.org/software/hunt-for-4K-UHD-2160p.html.en).

Reply to: