View Single Post
Old 10-19-2012, 07:05 AM   #28
murg
No Comment
murg ought to be getting tired of karma fortunes by now.murg ought to be getting tired of karma fortunes by now.murg ought to be getting tired of karma fortunes by now.murg ought to be getting tired of karma fortunes by now.murg ought to be getting tired of karma fortunes by now.murg ought to be getting tired of karma fortunes by now.murg ought to be getting tired of karma fortunes by now.murg ought to be getting tired of karma fortunes by now.murg ought to be getting tired of karma fortunes by now.murg ought to be getting tired of karma fortunes by now.murg ought to be getting tired of karma fortunes by now.
 
Posts: 1,543
Karma: 3856214
Join Date: Jan 2012
Location: Australia
Device: Kobo: Not just an eReader, it's an adventure!
Quote:
Originally Posted by george.talusan View Post
How does the e-reader actually know that these files are the correct ones? There's an MD5 manifest to verify that the files are not corrupt but there is no way to validate that the kernel or bootloader are actually targetted for that device's particular hardware, moreover this doesn't actually prevent tampering or DIY'ing. This is why we rely on the backend server to serve out the correct files for the device's firmware during a Wi-Fi update or desktop update.
Like the MD5 Manifest, there is nothing preventing Kobo from adding another file to the zip, containing a one line device identifier. The updater can read this file and confirm that it is for the correct device. Or the md5sum file can be renamed to something like: kobo3.md5sum or kobo4.md5sum.

This allows people who want to tamper to tamper, but protects non-tamperers from harming their device.

Quote:
Originally Posted by george.talusan View Post
Locking down the firmware update mechanism has been proposed, but why would we want to stifle hacking? It really wouldn't accomplish anything in the end.
Not to mention that it would then become a challenge...

Quote:
Originally Posted by george.talusan View Post
Put it another way: what happens when you use fastboot to flash a new ROM on an Android phone or tablet? Does it do any validation? Nope. If you flash the wrong bootloader then you're pretty much on your own.
Not being familiar with this sort of thing, I presume that you have to go out of your way to use this app. Not like, say, just copying files to the eReader's disk.

Also, there is some presumption that the firmware acquired is for a specific device, not like Kobo's latest release where the two different firmware files have exactly the same filename.

-----

And another thing, are you willing to guarantee that the Kobo PC software will NEVER get confused and load the wrong firmware onto the device?

Before you answer that, you may want to consider that Kobo doesn't have a very stellar reputation for releasing bug-free software.

Last edited by murg; 10-19-2012 at 07:10 AM.
murg is offline   Reply With Quote