[LEDE-DEV] automated signed firmware upgrades / hide a secret in image
Eric Schultz
eschultz at prplfoundation.org
Wed Feb 22 10:45:44 PST 2017
Bastian,
prpl member IntrinsicID has physically unclonable function technology
which allows a key to be generated at bootup based upon the physical
characteristics of the device. It's the same key generated everytime but
it isn't actually stored in flash. Their technology requires a paid
license but we might be able to convince them to release an open-source
version with more limited capabilities. I can put you in touch with
folks both at IntrinsicID and prpl to discuss this further if you'd like.
Eric
On 02/22/2017 03:05 AM, Bastian Bittorf wrote:
> dear devs,
>
> I'm polishing up our work-in-progress regarding automated
> firmware-upgrades in our community network and I have a concept problem:
>
> our images/the sha256-sum's are signed:
> http://intercity-vpn.de/networks/liszt28/firmware/models/Buffalo%20WZR-HP-AG300H/testing/Standard,DSLR,fotobox,kalua/info.json
>
> The downloader checks against a list of signatures, where
> e.g. 3 signatures must match the sha256 sum.
>
> There are "automated" signatures (e.g. from builbot) and manual ones,
> from humans. For protecting ourselfes from bad admins, there
> should be a "secret thing" which is baked into the firmware and
> only seeable during runtime: this way we can prevent, that a lazy
> admin "signs" a sha256 sum, without really has flashed the image
> and can make sure that it really runs.
>
> Now the question: a secret can be e.g.
> # ls -la /etc | md5sum
>
> This is naive, and a dumb admin can e.g. unsquashfs the
> image for getting the data. are there better methods? any ideas?
>
> bye, bastian
>
> _______________________________________________
> Lede-dev mailing list
> Lede-dev at lists.infradead.org
> http://lists.infradead.org/mailman/listinfo/lede-dev
More information about the Lede-dev
mailing list