[OpenWrt-Devel] sysupgrade: extending firmware validation

Rafał Miłecki zajec5 at gmail.com
Wed Sep 11 05:26:14 EDT 2019 

On Wed, 19 Jun 2019 at 16:07, Rafał Miłecki <zajec5 at gmail.com> wrote:
> Currently targets can implement platform_check_image() that verifies
> submitted firmware file. It may return a success or failure.
>
> I'm looking for more complex implementation/solution. I'd like
> firmware validation to provide more info like:
> 1) Is firmware valid
> 2) What makes firmware invalid if anything
> 3) Is that possible to force firmware installation
>
> Having such info available would make user feedback much more
> friendly. I'd like luci to use that new info & display a proper
> error/warning to a user if needed.
>
> Some possible validation failures:
> 1) Firmware not matching device model
> 2) File too big to get flashed
> 3) Checksum invalid (corrupted file)
> 4) Signature missing (can be dangerous to flash it)
>
> luci could display warnings and then offer an option to flash a
> firmware anyway. Or display a critical error and don't offer such
> option at all. In any case that should be much more meaningful than a
> single error message.
>
> I also thought we may want to start signing OpenWrt firmwares one day.
>
> My question is: what do you find the best way of implementing it?
>
> A simple return code of bash script won't be sufficient (too many data
> to pass, even if we decide to use some bit flags). I was thinking
> about providing validation result using JSON. Should that be some
> standalone app or a ubus deamon? How could we handle target-specific
> validation steps?

Over the last few weeks I've implemented many sysupgrade improvements.
There are 2 patches under review right now.

What I still want to implement:
1) Usable "ubus call system sysupgrade" without /sbin/sysupgrade
2) LuCI using new validation info

The later may take me quite some time as I have close to zero LuCI experience.

Does anyone have any other suggestions for extra improvements?

--
Rafał

_______________________________________________
openwrt-devel mailing list
openwrt-devel at lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel

More information about the openwrt-devel mailing list