Inspired by questions and a convo w/ "Robert Brian" this mornign in the seedsigner telegram group.
I've found that SeedSignerOS appears to write to the microsd during the very first boot after writing the microsd.
tl;dr: I'm trying to use dd to get a checksum of a microsd as a baseline, and then be able to verify it has not changed in the future, after much activity, by comparing my baseline checksum.
My write-up, intended for Mr. Brian...
I'd mentioned that I suspect we can verify that our microsd has not been touched, so here is my hypothesis for how we might do so:
- start by zeroing the microsd... this way we can compare it to what other users might see. Better than this would be to /dev/random our microsd. I'll call my microsd /dev/microsd even though it's really /dev/sdf for me.
dd if=/dev/zero bs=8M of=/dev/microsd status=progress
this took the better part of an hour for my 32GB microsd, I killed it with sudo pkill dd
after it ran out of space and wouldn't exit on its own.
To make sure I've got all zeros, I compared the first 64M of my microsd to 64M of /dev/zero.
dd if=/dev/zero bs=64M count=1| sha256sum
and
dd if=/dev/microsd bs=64M count=1 | sha256sum
both gave me the same output
1+0 records in
1+0 records out
67108864 bytes (67 MB, 64 MiB) copied, 0.328032 s, 205 MB/s
3b6a07d0d404fab4e23b6d34bc6696a6a312dd92821332385e5af7c01c421351 -
This is enough because:
- I know that SeedSignerOS is going to be written on the first 36M of my microsd, and
- we sort of have to cut this corner if we expect to be comparing against others with different microsd sizes.
Write SeedSigner OS onto the microsd
sudo dd if=~/Downloads/SeedSignerOS_0_5_1_EXP.img of=/dev/microsd status=progress
gives me output like:
28439040 bytes (28 MB, 27 MiB) copied, 3 s, 9.5 MB/s
69633+0 records in
69633+0 records out
35652096 bytes (36 MB, 34 MiB) copied, 5.93515 s, 6.0 MB/s
OK, Let's see what that checksum looks like, being careful to only look at the blocks written to our microsd.
sudo dd if=/dev/microsd count=69633 | sha256sum
gives me output like:
69633+0 records in
69633+0 records out
35652096 bytes (36 MB, 34 MiB) copied, 1.80364 s, 19.8 MB/s
ac74b29ca9194c0a1e0eef8427b166336d1d1d3ba451753940a843a4aaa69193 -
Cool, that happens to be the same hash that our repo says we should have downloaded when installing the 0.5.1 SeedSigner OS image.
Now let's see what the checksum is for the first 64M, assuming that we'll catch any future writes as long as they change existing bits or extend that filesystem.
sudo dd if=/dev/microsd bs=64M count=1| sha256sum
1+0 records in
1+0 records out
67108864 bytes (67 MB, 64 MiB) copied, 3.68302 s, 18.2 MB/s
5431895fe9640a490bf26d9880ed4fd13b7048939c71b4e86911d595783603df -
This is close, but it is not yet our baseline.
- It is my experience that the microsd will get written the very first time we boot. I don't know why but I'm going to ask @DesobedienteTecnologico about it.
- We want to setup our persistent settings to our liking, so that will write to the microsd as well.
So, remove the microsd from the computer, insert it into seedsigner, and let seedsigner boot fully, then setup your persistent settings however you like. DO NOT LOAD ANY SEEDS. Just pull power, and remove your microsd card so that we can get a final baseline hash using the steps above.
With the microsd back in your computer, get your new baseline.
sudo dd if=/dev/microsd bs=64M count=1| sha256sum
If what I'm suggesting is sound, it should not change in the future unless we change our persistent settings with the microsd inserted.
Unfortunately, I'm using an old pi2 and a self-built SeedSigner OS w/ version 0.5.2, so my baseline is going to look different than yours (maybe yours will look different than everyone else's because of that un-explained write that happens on the very first boot.). My microsd card is returning the same hash as my baseline after a few reboots, after a few loads of different seeds, and after 1 signed transaction on testnet. I'll reference this message in the future if I notice that my microsd changes after repeated activity.
(for my own future reference), with a self-built seedsigner_0.5.2 for pi2 having hash 8eef773e71751fbba30ccc292d4bde2ca9e8076ed65f3404dddb9013b0e510f8,
my baseline after first boot (and much activity aftewards, never saving persistent settings) looks like:
sudo dd if=/dev/sdf bs=64M count=1| sha256sum
1+0 records in
1+0 records out
67108864 bytes (67 MB, 64 MiB) copied, 3.5751 s, 18.8 MB/s
9b1e01f5f3e0220959d4eb3639e23518b2e88edb5342bf7f52d9adf4ea226599 -