[Solved] Verify image integrity before sysupgrade

https://openwrt.org/docs/guide-user/installation/sysupgrade.cli

I'm reading the above and it says that you can verify checksums against the web page where you got your image. But this is to verify that it is a legitimate openwrt or other image I believe.

However, when building my own image, I know where it comes from so the only thing I want to make sure of is that the image was not broken during download before I sysupgrade? That is what I cannot seem to find information on.

That said, if I recall, sysupgrade itself checks the image to make sure it is complete otherwise it fails right?

Generate MD5 for image, and compare after download.

1 Like

sure, or sha256 which is what the website uses, and what the LuCI interface will calculate for you.

sha256sum myimage.img

You want to verify the integrity of the image before you flash it. This means that it has not been altered from its original location, either the download server of OpenWrt or your hard drive. This verifies that there was no error during transmission. If you flash from Luci it will be calculated after you upload the file. Better use sha256, it is the current standard.
Don't rely on sysupgrade itself to check the image. I have seen posts in here from users who accidentally flashed the wrong image



I tried to explain but I don't think I did a good job :).

There is no luci stuff, just command line.

I am not caring where the image comes from since it is my own build.
What I want is to make sure that is it complete, did not get trashed in some way transferring it to the router before using sysupgrade.

By integrity, I mean it's own completeness so that it is safe to write to the router. I'm not going to flash the wrong image, I just want to make sure the image is ok to flash first.

I added that I think I recall sysupgrade complaining when the image was either corrupted or not for the right arch.

Don't rely on sysupgrade itself to check the image. I have seen posts in here from users >who accidentally flashed the wrong image

This says a lot then :).
So, the answer is to generate a checksum code when building.

sha256sum is available on OpenWrt and generated during the firmware build. Modern targets also use image meta data, which includes this feature.

1 Like

Yes, it's the answer that has been mentioned and sounds like the solution. I just need to find some information on how to generate the MD5 when using image builder so I can use it on the router to confirm the image integrity.

There should be a sha256sums file in your targets directory, generated during the build by default. Just use the above command against the image scp (ed?) to your device, against what is in that file.

Yup, just found that.

# sha256sum imagename.bin
c56d656d748594a60889xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx imagename.bin

Next I run the same on the router before sysupgrade. If the code matches, good to go.

Done, works perfectly. Thanks everyone for making sure my hardware doesn't get bricked and especially others that will find this thread.

If your problem is solved, please consider marking this topic as [Solved]. See How to mark a topic as [Solved] for a short how-to.

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.