[OpenWrt-Devel] RFC: check signatures of sysupgrades via ucert
daniel at makrotopia.org
Tue Apr 23 18:33:53 EDT 2019
On Wed, Apr 24, 2019 at 12:02:49AM +0200, Paul Spooren wrote:
> Hi all,
> to improve security of the router sysupgrade process, it's sane to check
> firmware images for signatures of trusted parties. While this should
> always be optional (aka no vendor locking), it helps *basic* users to
> easily verify that they are installing the image they intended.
> It is already supported via ucert, but neither installed by default
> nor really activate able by users. An improvement is done with this
> pull request, adding an UCI option and installing ucert by default (+176
I don't think using UCI for this makes sense, because people also use
sysupgrade in failsafe mode and then may not be able to change UCI
options. We already got the '-F' option of sysupgrade, imho this is
enough to ignore an invalid signature.
> Eventually all targets should support metadata and therefore signatures
> within the metadata, once there, the image verification could be turned
> on by default?
That's the plan :)
> Please share your opinion!
> : https://git.openwrt.org/?p=project/ucert.git;a=summary
> : https://github.com/openwrt/openwrt/pull/1992
openwrt-devel mailing list
openwrt-devel at lists.openwrt.org
More information about the openwrt-devel