[LEDE-DEV] automated signed firmware upgrades / hide a secret in image

Bastian Bittorf bb at npl.de
Fri Feb 24 23:00:43 PST 2017 

* Michael Richardson <mcr at sandelman.ca> [24.02.2017 19:00]:

[...]

> The server can either given everyone during a period of an hour the same
> random challenge, it can make them up and store them, or it can construct
> them as the HMAC-SHA256 of, for instance, the IP address which is asking,
> such that it never has to record any of them.
> 
> A script kiddie now needs to do some work each time, has to request a new
> token each time, and if the challenges are based upon IP address, the kiddie
> can vote once per IP address they have.  So, now they need a bot net to
> vote a lot... probably that's okay.

thank you for this very good explanation.

>     >> I thought from the subject line and explanation that it was to permit
>     >> a firmware image to be validated as being uncorrupted/tained.  One
>     >> might do this before flashing a device with it.
> 
>     > how should this be done before flashing?  if there is a mistake
>     > (e.g. forgotten package during build) the image itself is fine, but not
>     > "good".
> 
> Right. So getting the stamp into the image at the very last moment is the
> key.  That way the build is reproduceable if you ignore those very few bytes.
> Ideally, there is a spot in the image that shows up to userspace. Have you
> figured this part out?  I would attempt to make it a kernel boot command
> line option, if that can be tweaked easily.

for now i patch 'usign' for a now option B = build:
root at LEDE:~ :) usign -B
98021604736550012081493806018992642304441039324849310980174888200312941028157
114543661949658574850110716953530268394806126479026079327889534650057251922973

(it output the 2 prime factors for the solution)

baking it into the kernel-commandline is an interesting idea:
we have already figured out how to do this for each target,
because we are baking a special thing in out kernel:

root at LEDE:~ :) cat /proc/cmdline 
board=TL-WR1043ND oops=panic panic=10 console=ttyS0,115200 rootfstype=squashfs,jffs2 noinitrd
                  ^^^^^^^^^^^^^^^^^^^
                  prevent seldom hangs during boot...

so we can easily add: prime1=x prime2=y or secret=foo

thanks a lot for your input, i will think about it and implement your ideas.

bye, bastian

More information about the Lede-dev mailing list