[LEDE-DEV] [PATCH 3/3] ramips: backport TP-Link image checks from AR71xx
Sergey Ryazanov
ryazanov.s.a at gmail.com
Mon Oct 2 04:45:36 PDT 2017
On Mon, Oct 2, 2017 at 12:31 PM, Mathias Kresin <dev at kresin.me> wrote:
> 2017-10-02 11:10 GMT+02:00 Sergey Ryazanov <ryazanov.s.a at gmail.com>:
>> On Mon, Oct 2, 2017 at 9:43 AM, Mathias Kresin <dev at kresin.me> wrote:
>>> 02.10.2017 01:33, Sergey Ryazanov:
>>>>
>>>> Backport TP-Link image compatibility checks (verify hardware id &
>>>> revision) from AR71xx platform and adopt it for v2/v3 image header.
>>>>
>>>> Use new functionality for Archer C20/C20i sysupgrade image verification.
>>>
>>>
>>> NAK.
>>>
>>> The image metadata (more precisely the boardname) are used to ensure that
>>> the image matches the board. We do not need any additional board checks.
>>>
>>> Even if the image metadata are not yet enforced on ramips (due to handful of
>>> boards still using the old image build code), flashing an image with
>>> metadata not matching the current board is refused. Flashing an image
>>> without metadata is still possible till metadata are enforced.
>>>
>>
>> Ok. This code path is also used to flash vendor firmware (return back
>> to original firmware). By forbidding checks of vendor image header do
>> we say to users that the selection of proper image (e.g. without
>> bootloader) is on their own risk?
>
> If you ask for my personal opinion, yes it is up to the user to ensure
> (s)he is using a matching stock firmware image file.
>
> Otherwise we have to add/keep/maintain barely used code for each
> vendor image format. I'm really glad that we got rid of all the vendor
> image checks already for some targets. It makes the whole sysupgrade
> code way easier to read and better to understand.
>
Ok. Thank you for explanation.
--
Sergey
More information about the Lede-dev
mailing list