[LEDE-DEV] automated signed firmware upgrades / hide a secret in image

Bastian Bittorf bb at npl.de
Wed Feb 22 23:40:36 PST 2017


* Michael Richardson <mcr at sandelman.ca> [23.02.2017 07:57]:
> Yes, use an asymmetric key, and distribute the public part only.

thanks people, for all the input and your ideas. our approach
is now this: we hook into the 'usign' sourcecode and "hide" a
secret there: 2 large random primenumbers. On the serverside,
we store the product (aka: solution) of these 2 numbers. This
is repeated for each generated image. (sorry, it breaks reproducable
builds for now)

The user can prove that he flashed *the specific* image by
calling 'usign -B' and send back the 2 primenumbers to the build-server.
There are some more implications, but basically thats it.

I recognized early, that including a 'quine' is senseless, because
you can read it in plaintext in the object-dump.

I'am not an expert in crypto, but as far as I understand
the approach is an asymetric key. I'am interested in feedback, see
the patch attached.

bye, bastian
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-usign-support-new-option-B-print-a-secret-which-was-.patch
Type: text/x-diff
Size: 1723 bytes
Desc: not available
URL: <http://lists.infradead.org/pipermail/lede-dev/attachments/20170223/e17b4d99/attachment.bin>


More information about the Lede-dev mailing list