File integrity check in Mender

Hi community.

While writing a blog on Mender’s update mechanism, I noticed a sentence regarding Mender’s security and robustness :

*Root filesystem integrity checksum to avoid corruption during transfer or storage.

However, I could not reach more detailed information about this. How does Mender ensure file integrity? I searched on the source code but couldn’t find it. If anyone has information, I would be happy if he could give details about it.


This is possibly referring to the fact that the mender artifact file that gets uploaded to the server and then later downloaded and installed onto your device, contains checksums of all the files inside the artifact. Also if your signing the artifact then you also get artifact signature verification of the artifact prior to install

Hi @dellgreen

As I understand it, Mender can check the integrity of files in the artifact by comparing checksums. Well, can we say that?
“Mender protects against tampering in the file system.?”

Hi @mEK currently the regular rootfs-image installer does not read back the image after it has been written, the checksum is calculated as the image is streamed onto the passive partition. It is not read back a second time afterwards, as it assumes it is the responsibility of the memory controller to get the bits handed to it safely onto the underlying memory.

However, delta-updates will do this I think, as xDelta needs to verify the delta it has written. So if this is a concern, maybe delta-updates is for you? :slight_smile:

Hi @oleorhagen Thanks for your revealing answer but for delta update service, I have to use Mender Professional or enterprise, which is a paid service :slight_smile:

@mEK. Yes, indeed. Deltas are a premium feature.

However, OS is open-source.

And for this, I guess you might not even have to touch the core code. If it is important for you to verify the rootfs, also after it has been written, I suggest maybe creating a custom update module (even one for rootfs), see:

Update Modules

The opportunities are endless :wink:

@oleorhagen I am aware of the unlimited opportunities of Mender and I support this as much as possible.
I’ll think about it :slight_smile:

1 Like

@mEK I nearly forgot. Curious about that blog post. Will you link to it here?