[LEDE-DEV] automated signed firmware upgrades / hide a secret in image
mcr at sandelman.ca
Wed Feb 22 10:16:47 PST 2017
Bastian Bittorf <bb at npl.de> wrote:
> There are "automated" signatures (e.g. from builbot) and manual ones,
> from humans. For protecting ourselfes from bad admins, there should be
> a "secret thing" which is baked into the firmware and only seeable
> during runtime: this way we can prevent, that a lazy admin "signs" a
> sha256 sum, without really has flashed the image and can make sure that
> it really runs.
Please don't use a symmetric key in the firmware. Especially one that
anyone can download and examine. This is what Philips did for the HUE bulb,
and it was a disaster.
> Now the question: a secret can be e.g. # ls -la /etc | md5sum
> This is naive, and a dumb admin can e.g. unsquashfs the image for
> getting the data. are there better methods? any ideas?
Yes, use an asymmetric key, and distribute the public part only.
] Never tell me the odds! | ipv6 mesh networks [
] Michael Richardson, Sandelman Software Works | network architect [
] mcr at sandelman.ca http://www.sandelman.ca/ | ruby on rails [
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 487 bytes
Desc: not available
More information about the Lede-dev