[LEDE-DEV] FCC killing open platforms and inovations

Petr Štetiar ynezz at true.cz
Thu Jan 19 06:22:25 PST 2017


Simon Wunderlich <simon.wunderlich at open-mesh.com> [2016-11-17 11:19:48]:

Hi Simon,

> On the other hand, swapping the u-boot is not so trivial, at least without 
> opening/soldering/modifying the flash from outside, which is considered a 
> reasonable hurdle.

the more I'm exploring the secrets of U-Boot code with pepe2k's help, the more
I'm puzzled and really wondering why is someone doing all this locking.

You or someone else for OpenMesh has put so much energy to make the U-Boot use
RSA keys for image verification, but on the other hand you keep the ART
partition, where you store the RSA key, writable from the system. So it's
quite trivial to unlock the device using the following commands:

  ssh root at router

  RSA_KEY_HEADER_SIZE=0x20
  RSA_KEY_OFFSET=0x8000
  ART_PARTITION=mtd7
  BYTES=$((RSA_KEY_HEADER_SIZE))
  SEEK=$(($RSA_KEY_OFFSET/$RSA_KEY_HEADER_SIZE))

  dd if=/dev/zero bs=$BYTES count=1 | dd of=/dev/$ART_PARTITION bs=$BYTES seek=$SEEK count=1 conv=notrunc
  reboot

It works on OM5P and MR1750. It doesn't seem like a big deal, no soldering
needed. Am I missing something?

-- ynezz



More information about the Lede-dev mailing list