Skip to content

Re-verify artifact hashes when reading from caches / sending over the network #767

New issue
New issue
Closed
Closed
Re-verify artifact hashes when reading from caches / sending over the network#767
Labels
Sled AgentRelated to the Per-Sled Configuration and ManagementUpdate SystemReplacing old bits with newer, cooler bitsnexusRelated to nexus
@iliana

Description

@iliana
iliana
opened on Mar 15, 2022

By the point the artifacts end up in these places, we've verified that they were not tampered with. But adding more checksum verification to what will be an already-slow process doesn't hurt and can help us prevent writing bad data to devices in case of bit flips.

  • Nexus should re-verify artifact hashes when reading from its cache.
  • Nexus should tell Sled Agent the sha256 checksum of an artifact when it tells it to download and apply it, and Sled Agent should verify that on download.

(From #717)

Metadata

Metadata

Assignees

No one assigned

    Labels

    Sled AgentRelated to the Per-Sled Configuration and ManagementUpdate SystemReplacing old bits with newer, cooler bitsnexusRelated to nexus

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions