[OpenWrt-Devel] RFC: check signatures of sysupgrades via ucert

Daniel Golle daniel at makrotopia.org
Tue Apr 23 18:33:53 EDT 2019

Hi Paul,

On Wed, Apr 24, 2019 at 12:02:49AM +0200, Paul Spooren wrote:
> Hi all,
> to improve security of the router sysupgrade process, it's sane to check
> firmware images for signatures of trusted parties. While this should
> always be optional (aka no vendor locking), it helps *basic* users to
> easily verify that they are installing the image they intended.
> It is already supported via ucert[0], but neither installed by default
> nor really activate able by users. An improvement is done with this[1]
> pull request, adding an UCI option and installing ucert by default (+176
> Bytes).

I don't think using UCI for this makes sense, because people also use
sysupgrade in failsafe mode and then may not be able to change UCI
options. We already got the '-F' option of sysupgrade, imho this is
enough to ignore an invalid signature.

> Eventually all targets should support metadata and therefore signatures
> within the metadata, once there, the image verification could be turned
> on by default?

That's the plan :)

> Please share your opinion!
> Best,
> Paul
> [0]: https://git.openwrt.org/?p=project/ucert.git;a=summary
> [1]: https://github.com/openwrt/openwrt/pull/1992

openwrt-devel mailing list
openwrt-devel at lists.openwrt.org

More information about the openwrt-devel mailing list