[LEDE-DEV] automated signed firmware upgrades / hide a secret in image
Bastian Bittorf
bb at npl.de
Wed Feb 22 01:05:35 PST 2017
dear devs,
I'm polishing up our work-in-progress regarding automated
firmware-upgrades in our community network and I have a concept problem:
our images/the sha256-sum's are signed:
http://intercity-vpn.de/networks/liszt28/firmware/models/Buffalo%20WZR-HP-AG300H/testing/Standard,DSLR,fotobox,kalua/info.json
The downloader checks against a list of signatures, where
e.g. 3 signatures must match the sha256 sum.
There are "automated" signatures (e.g. from builbot) and manual ones,
from humans. For protecting ourselfes from bad admins, there
should be a "secret thing" which is baked into the firmware and
only seeable during runtime: this way we can prevent, that a lazy
admin "signs" a sha256 sum, without really has flashed the image
and can make sure that it really runs.
Now the question: a secret can be e.g.
# ls -la /etc | md5sum
This is naive, and a dumb admin can e.g. unsquashfs the
image for getting the data. are there better methods? any ideas?
bye, bastian
More information about the Lede-dev
mailing list