<div dir="ltr"><div><div>I'm forwarding a post from listserv discussing the proposed FCC regulations that would (indirectly) compel firmware lockdown.<br><br></div>This person is reporting a new Ubiquiti AC AP where there the bootloader does an RSA signature check on the firmware image.<br><br></div>Could anyone else confirm if they've observed the same, and if it now prevents loading OpenWRT, etc? Or at least, confirm if the RSA signature checking by the bootloader was not present before?<br><div><div><br><div><div><div class="gmail_quote">---------- Forwarded message ----------<br>From: <b class="gmail_sendername">Andrew Margarit | Cucumber WiFI</b> <span dir="ltr"><<a href="mailto:andrew@polkaspots.com">andrew@polkaspots.com</a>></span><br>Date: Fri, Nov 27, 2015 at 7:59 AM<br>Subject: Re: [FCC] New AP with the lockdown<br>To: <a href="mailto:fcc@lists.prplfoundation.org">fcc@lists.prplfoundation.org</a><br><br><br>
<div bgcolor="#FFFFFF" text="#000000">
Hi there,<br>
<br>
Just to let you know, I've been looking at the Ubiquiti new AC APs,
and it looks like they added a RSA check in the bootloader.<br>
<br>
<span style="color:rgb(44,45,48);font-family:Slack-Lato,appleLogo,sans-serif;font-size:15px;font-style:normal;font-variant:normal;font-weight:normal;letter-spacing:normal;line-height:22px;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;display:inline!important;float:none;background-color:rgb(249,249,249)">Firmware
Version: BZ.qca956x.v3.4.7.3284.150911.1650</span><br style="color:rgb(44,45,48);font-family:Slack-Lato,appleLogo,sans-serif;font-size:15px;font-style:normal;font-variant:normal;font-weight:normal;letter-spacing:normal;line-height:22px;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(249,249,249)">
<span style="color:rgb(44,45,48);font-family:Slack-Lato,appleLogo,sans-serif;font-size:15px;font-style:normal;font-variant:normal;font-weight:normal;letter-spacing:normal;line-height:22px;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;display:inline!important;float:none;background-color:rgb(249,249,249)">RSA
Signed Firmware. Verfiying please wait...</span><span style="display:block;min-height:0.5rem;color:rgb(44,45,48);font-family:Slack-Lato,appleLogo,sans-serif;font-size:15px;font-style:normal;font-variant:normal;font-weight:normal;letter-spacing:normal;line-height:22px;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(249,249,249)"><i style="display:inline-block;vertical-align:baseline;min-height:0px;font-size:0px;float:left;background-repeat:no-repeat"><br>
</i></span><span style="color:rgb(44,45,48);font-family:Slack-Lato,appleLogo,sans-serif;font-size:15px;font-style:normal;font-variant:normal;font-weight:normal;letter-spacing:normal;line-height:22px;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;display:inline!important;float:none;background-color:rgb(249,249,249)">Decrypted hash: f8 2b 45 72 9f e4 5f 46 a0 96
43 37 57 4f 49 ab 43 dc 1e 8c</span><br style="color:rgb(44,45,48);font-family:Slack-Lato,appleLogo,sans-serif;font-size:15px;font-style:normal;font-variant:normal;font-weight:normal;letter-spacing:normal;line-height:22px;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(249,249,249)">
<span style="color:rgb(44,45,48);font-family:Slack-Lato,appleLogo,sans-serif;font-size:15px;font-style:normal;font-variant:normal;font-weight:normal;letter-spacing:normal;line-height:22px;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;display:inline!important;float:none;background-color:rgb(249,249,249)">Image
hash : f8 2b 45 72 9f e4 5f 46 a0 96 43 37 57 4f 49 ab 43 dc 1e
8c</span><br>
<br>
All fun and good!<br>
<br><font color="#888888">..<br><br></font><span class="HOEnZb"><font color="#888888">
<pre cols="72">--
Andrew Margarit
Wi-FI Chief | Cucumber Tony
<a href="mailto:Andrew@polkaspots.com" target="_blank">Andrew@polkaspots.com</a>
<a href="http://cucumberwifi.io" target="_blank">cucumberwifi.io</a>
twitter/cucumbertony</pre>
</font></span></div>
<br>_______________________________________________<br>
FCC mailing list<br>
<a href="mailto:FCC@lists.prplfoundation.org">FCC@lists.prplfoundation.org</a><br>
<a href="http://lists.prplfoundation.org/cgi-bin/mailman/listinfo/fcc" rel="noreferrer" target="_blank">http://lists.prplfoundation.org/cgi-bin/mailman/listinfo/fcc</a><br>
<br></div><br><br clear="all"><br>-- <br><div class="gmail_signature">Ben West<div><a href="http://gowasabi.net" target="_blank">http://gowasabi.net</a><br><a href="mailto:ben@gowasabi.net" target="_blank">ben@gowasabi.net</a><br>314-246-9434<br></div></div>
</div></div></div></div></div>