[LEDE-DEV] FCC killing open platforms and inovations
Petr Štetiar
ynezz at true.cz
Thu Jan 19 06:22:25 PST 2017
Simon Wunderlich <simon.wunderlich at open-mesh.com> [2016-11-17 11:19:48]:
Hi Simon,
> On the other hand, swapping the u-boot is not so trivial, at least without
> opening/soldering/modifying the flash from outside, which is considered a
> reasonable hurdle.
the more I'm exploring the secrets of U-Boot code with pepe2k's help, the more
I'm puzzled and really wondering why is someone doing all this locking.
You or someone else for OpenMesh has put so much energy to make the U-Boot use
RSA keys for image verification, but on the other hand you keep the ART
partition, where you store the RSA key, writable from the system. So it's
quite trivial to unlock the device using the following commands:
ssh root at router
RSA_KEY_HEADER_SIZE=0x20
RSA_KEY_OFFSET=0x8000
ART_PARTITION=mtd7
BYTES=$((RSA_KEY_HEADER_SIZE))
SEEK=$(($RSA_KEY_OFFSET/$RSA_KEY_HEADER_SIZE))
dd if=/dev/zero bs=$BYTES count=1 | dd of=/dev/$ART_PARTITION bs=$BYTES seek=$SEEK count=1 conv=notrunc
reboot
It works on OM5P and MR1750. It doesn't seem like a big deal, no soldering
needed. Am I missing something?
-- ynezz
More information about the Lede-dev
mailing list