0

How does the Ubuntu Install disk verify its own integrity after boot and before install?

I'm very familiar with the process to do a manual check of the integrity of a Linux distro's .iso file with a cryptographic hash stored in a (hopefully signed) digest file like SHA256SUMS using a command like

sha256sum --check SHA256SUMS

But I've also seen that, When installing Ubuntu via CD or USB drive, it can verify its own integrity!

How does this actually work, internally? What tools are used? Where is the sourcecode for this check?

Michael Altfield
  • 277
  • 1
  • 10
  • See also https://askubuntu.com/questions/993407/is-verifying-isos-downloaded-from-the-official-website-worthwhile – Michael Altfield May 02 '22 at 14:29
  • See also https://askubuntu.com/questions/1091335/create-checksum-sha256-of-all-files-and-directories – Michael Altfield May 02 '22 at 14:30
  • Please [edit your question](https://askubuntu.com/posts/1406136/edit) and add all the additional information and links in your question. The comments are mainly our channel to ask for clarification and let you know if there is a problem with your question. – user68186 May 02 '22 at 14:52

1 Answers1

1

I believe what you are referring to is handled by Casper.

When the ISO boots the service casper.casper-md5check.service is run. This service calls the binary casper-md5check. The arguments to the binary tell it to verify checksums defined in /cdrom/md5sum.txt.

The results of the verification are written to /run/casper-md5check.json.

The service is fairly new. The verification used to run from a script in the initramfs.

I'm not sure what part of the ISO build process creates the md5sum.txt file.

Andrew Lowther
  • 5,811
  • 1
  • 15
  • 23