[LEDE-DEV] automated signed firmware upgrades / hide a secret in image
Michael Richardson
mcr at sandelman.ca
Thu Feb 23 18:13:46 PST 2017
Bastian Bittorf <bb at npl.de> wrote:
> * Michael Richardson <mcr at sandelman.ca> [23.02.2017 07:57]:
>> Yes, use an asymmetric key, and distribute the public part only.
> thanks people, for all the input and your ideas. our approach is now
> this: we hook into the 'usign' sourcecode and "hide" a secret there: 2
> large random primenumbers. On the serverside, we store the product
> (aka: solution) of these 2 numbers. This is repeated for each generated
> image. (sorry, it breaks reproducable builds for now)
Anyone can multiply two large prime numbers to get the solution.
So I can't understand what you are doing.
You can't hide things in binaries. That's total snake oil.
> I'am not an expert in crypto, but as far as I understand the approach
> is an asymetric key. I'am interested in feedback, see the patch
> attached.
I am an expert.
I don't understand what your goals are here.
If you can explain them better, then I can help.
I thought from the subject line and explanation that it was to permit a
firmware image to be validated as being uncorrupted/tained. One might do
this before flashing a device with it.
Now I get the impression that the idea for a user to be able to prove
which firmware image they actually used?
--
] Never tell me the odds! | ipv6 mesh networks [
] Michael Richardson, Sandelman Software Works | network architect [
] mcr at sandelman.ca http://www.sandelman.ca/ | ruby on rails [
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 487 bytes
Desc: not available
URL: <http://lists.infradead.org/pipermail/lede-dev/attachments/20170223/c8b836e6/attachment.sig>
More information about the Lede-dev
mailing list