[OpenWrt-Devel] RFC: check signatures of sysupgrades via ucert
Daniel Golle
daniel at makrotopia.org
Tue Apr 23 18:33:53 EDT 2019
Hi Paul,
On Wed, Apr 24, 2019 at 12:02:49AM +0200, Paul Spooren wrote:
> Hi all,
>
> to improve security of the router sysupgrade process, it's sane to check
> firmware images for signatures of trusted parties. While this should
> always be optional (aka no vendor locking), it helps *basic* users to
> easily verify that they are installing the image they intended.
>
> It is already supported via ucert[0], but neither installed by default
> nor really activate able by users. An improvement is done with this[1]
> pull request, adding an UCI option and installing ucert by default (+176
> Bytes).
I don't think using UCI for this makes sense, because people also use
sysupgrade in failsafe mode and then may not be able to change UCI
options. We already got the '-F' option of sysupgrade, imho this is
enough to ignore an invalid signature.
>
> Eventually all targets should support metadata and therefore signatures
> within the metadata, once there, the image verification could be turned
> on by default?
That's the plan :)
>
> Please share your opinion!
>
> Best,
> Paul
>
> [0]: https://git.openwrt.org/?p=project/ucert.git;a=summary
> [1]: https://github.com/openwrt/openwrt/pull/1992
>
>
_______________________________________________
openwrt-devel mailing list
openwrt-devel at lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel
More information about the openwrt-devel
mailing list