[LEDE-DEV] automated signed firmware upgrades / hide a secret in image

Bastian Bittorf bb at npl.de
Wed Feb 22 01:05:35 PST 2017

dear devs,

I'm polishing up our work-in-progress regarding automated
firmware-upgrades in our community network and I have a concept problem:

our images/the sha256-sum's are signed:

The downloader checks against a list of signatures, where
e.g. 3 signatures must match the sha256 sum.

There are "automated" signatures (e.g. from builbot) and manual ones,
from humans. For protecting ourselfes from bad admins, there
should be a "secret thing" which is baked into the firmware and
only seeable during runtime: this way we can prevent, that a lazy
admin "signs" a sha256 sum, without really has flashed the image
and can make sure that it really runs.

Now the question: a secret can be e.g.
# ls -la /etc | md5sum

This is naive, and a dumb admin can e.g. unsquashfs the
image for getting the data. are there better methods? any ideas?

bye, bastian

More information about the Lede-dev mailing list