I'm setting up a Linux system with full disk encryption. I've written a script (to run on every boot) which will verify that neither the MBR or /boot partition (ext4) has been modified.
Problem is that every time I boot up the system, my /boot partition hashes differently.
Trying to solve this, I set the /boot partition to mount as read only in fstab. I then took individual hashes of every file on /boot. After I rebooted none of the files had changed (and there were no new files), yet the filesystem hashed as a whole had changed.
I'm guessing there is something behind the scenes which is changed/updated each time the filesystem is mounted? If so, can it be disabled? Should I try with ext3?
Any advice would be greatly appreciated!
Cheers, Lee