Syslinux - Aug 2017 - Bootable ISO with extra data outside the ISO?

Sorry if this is a total noob question... I've searched the archives and
haven't turned up much.  Not turning up much on the web in general, either.

I'm working on a project and I'd like to create a Linux bootable ISO
disc
with an extra chunk of data **outside** the ISO space.  This chunk of data
might be a 10MB tar/zip.  The goal would be to boot into Linux in RAM off
the disc and mount the extra chunk of data to access it.  Is this a hybrid
ISO?  I'm not asking for the command line recipe, but maybe a "yes,
this is
simple, use xorriso and check out feature XXXX" would be helpful.

I need this because I want the Linux ISO to be constant and verifiable with
an SHA hash... the extra stuff will vary from customer to customer.

Thanks!

Bret

Hi,
> I'd like to create a Linux bootable ISO disc
> with an extra chunk of data **outside** the ISO space.
> [...]
> The goal would be to boot into Linux in RAM off
> the disc and mount the extra chunk of data to access it.  Is this a hybrid
> ISO?
If you have data outside the ISO but inside the image file or disc,
then it is some kind of hybrid, of course.
It is not "isohybrid" necessarily, because that term is for ISOs
bootable
from USB stick via an MBR and from CD/DVD/BD via an El Torito boot image.
It is not "ISO 9660 / UDF hybrid", either.

> maybe a "yes, this is simple,
This depends on your further needs. :))

> use xorriso and check out feature XXXX" would be helpful.
You could simply append the extra data to the produced ISO image
file. The data would have to offer information about their valid
size, then. The data start could be deduced by the ISO size reported
by programs like /sbin/isosize.


A matching xorriso feature is native command -append_partition or the
mkisofs emulation option of the same name:

  xorriso -as mkisofs \
    -o test.iso -R \
    -append_partition 2 0xc0 /file/with/partition/content/on/disk \
    /iso/payload/directory/on/disk

will produce an ISO about which fdisk says:

  Units: sectors of 1 * 512 = 512 bytes
  ...
  Device     Boot Start   End Sectors  Size Id Type
  test.iso1           0   735     736  368K 83 Linux
  test.iso2         736  1567     832  416K  c W95 FAT32 (LBA)

The first 736 blocks are the ISO, the blocks from 736 to end are the
appended partition. If these blocks constitute a FAT filesystem (as
my second argument 0x0c to -append_partition suggests) then you can mount
it from the image file by the --offset option of losetup.
On USB stick it will be mountable as partition 2.

Of course you can put a tar archive directly into the partition.
The partition size will give an upper limit for the archive size.

You may have to use partition number 3 if there is EFI boot equipment in
the ISO, which usually gets into partition 2.

Be aware that multi-session on that ISO will overwrite the partition
and that the ISO filesystem size inquired by e.g. program /sbin/isosize
will be smaller than the size of the image file ...
> I need this because I want the Linux ISO to be constant and verifiable with
> an SHA hash... the extra stuff will vary from customer to customer.
... on the other hand, /sbin/isosize will tell you the size that is
covered by your checksum.


Have a nice day :)

Thomas

On Fri, 4 Aug 2017 12:23:44 -0400
Bret Schuhmacher via Syslinux <syslinux at zytor.com> wrote:
> I'm working on a project and I'd like to create a Linux bootable
ISO
> disc with an extra chunk of data **outside** the ISO space.
Does it have to be a *disk*? What you are asking for is actually a
standard feature of some Linux distribution ISOs (such as
Ubuntu/LinuxMint), when they are installed on a USB flashdrive.
> This chunk of data might be a 10MB tar/zip. The goal would be to boot
> into Linux in RAM off the disc and mount the extra chunk of data to
> access it.
Specifically, you can setup a FAT32-formatted flashdrive to boot an
unmodified ISO image contained as a read-only file. After the system in
the ISO image boots, it looks for two ext4 images also contained in the
FAT32 filesystem, and union-mounts those on top of both system and user
data. The intended purpose of this is to allow persistent changes to the
system without modifying the ISO image, which certainly seems to cover
your use case.

http://manpages.ubuntu.com/manpages/xenial/en/man7/casper.7.html
> I need this because I want the Linux ISO to be constant and verifiable
> with an SHA hash... the extra stuff will vary from customer to
> customer.
What base ISO image are you using? Ubuntu and LinuxMint live ISOs have a
boot option called "integrity check", which presumably does something
like this. In any case, having the ISO image contained as a regular file
within a flashdrive filesystem makes it easy to verify its hash
signature from any other operating system.

(Since the system that actually runs can be modified in almost any way
by the persistence file, the verification of the ISO image doesn't
really prove very much. But maybe you don't have to point this out to
your customers.)
> I see there's a memtest on the Linux discs I've created... would it
be
> possible to put another program in place (a module, perhaps?) that can
> calculate a hash using a certain algorithm (i.e. SHA512 or similar) to
> validate and print out the hash of the boot ISO before booting it? The
> integrity of the ISO is absolutely critical.
An advantage of using a flashdrive is that it gives you the option of
booting with GRUB, which already has builtin facilities for doing
exactly this,

https://www.gnu.org/software/grub/manual/html_node/hashsum.html

and is fully scriptable.

https://www.gnu.org/software/grub/manual/html_node/Shell_002dlike-scripting.html

(Of course, if somebody had maliciously altered the ISO image, they
could also alter a program which was supposed to check that, so that it
would falsely claim the opposite. This is just security theatre. The
only convincing verification would come from software not contained or
controlled by the media that was supposedly being tested.)


-- Ian Bruce