[LEDE-DEV] automated signed firmware upgrades / hide a secret in image

Michael Richardson mcr at sandelman.ca
Thu Feb 23 18:13:46 PST 2017

Bastian Bittorf <bb at npl.de> wrote:
    > * Michael Richardson <mcr at sandelman.ca> [23.02.2017 07:57]:
    >> Yes, use an asymmetric key, and distribute the public part only.

    > thanks people, for all the input and your ideas. our approach is now
    > this: we hook into the 'usign' sourcecode and "hide" a secret there: 2
    > large random primenumbers. On the serverside, we store the product
    > (aka: solution) of these 2 numbers. This is repeated for each generated
    > image. (sorry, it breaks reproducable builds for now)

Anyone can multiply two large prime numbers to get the solution.
So I can't understand what you are doing.
You can't hide things in binaries.  That's total snake oil.

    > I'am not an expert in crypto, but as far as I understand the approach
    > is an asymetric key. I'am interested in feedback, see the patch
    > attached.

I am an expert.

I don't understand what your goals are here.
If you can explain them better, then I can help.

I thought from the subject line and explanation that it was to permit a
firmware image to be validated as being uncorrupted/tained.  One might do
this before flashing a device with it.

Now I get the impression that the idea for a user to be able to prove
which firmware image they actually used?

]               Never tell me the odds!                 | ipv6 mesh networks [
]   Michael Richardson, Sandelman Software Works        | network architect  [
]     mcr at sandelman.ca  http://www.sandelman.ca/        |   ruby on rails    [

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 487 bytes
Desc: not available
URL: <http://lists.infradead.org/pipermail/lede-dev/attachments/20170223/c8b836e6/attachment.sig>

More information about the Lede-dev mailing list