[LEDE-DEV] automated signed firmware upgrades / hide a secret in image
Bastian Bittorf
bb at npl.de
Wed Feb 22 23:40:36 PST 2017
* Michael Richardson <mcr at sandelman.ca> [23.02.2017 07:57]:
> Yes, use an asymmetric key, and distribute the public part only.
thanks people, for all the input and your ideas. our approach
is now this: we hook into the 'usign' sourcecode and "hide" a
secret there: 2 large random primenumbers. On the serverside,
we store the product (aka: solution) of these 2 numbers. This
is repeated for each generated image. (sorry, it breaks reproducable
builds for now)
The user can prove that he flashed *the specific* image by
calling 'usign -B' and send back the 2 primenumbers to the build-server.
There are some more implications, but basically thats it.
I recognized early, that including a 'quine' is senseless, because
you can read it in plaintext in the object-dump.
I'am not an expert in crypto, but as far as I understand
the approach is an asymetric key. I'am interested in feedback, see
the patch attached.
bye, bastian
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-usign-support-new-option-B-print-a-secret-which-was-.patch
Type: text/x-diff
Size: 1723 bytes
Desc: not available
URL: <http://lists.infradead.org/pipermail/lede-dev/attachments/20170223/e17b4d99/attachment.bin>
More information about the Lede-dev
mailing list