OpenWrt One / project update
Ivan Ivanov
qmastery16 at gmail.com
Thu Apr 11 01:15:20 PDT 2024
> SOC: MediaTek MT7981B , Wi-Fi: MediaTek MT7976C
Are these Mediateks capable of working without any binary blobs, at
least in theory? (i.e. some existent reverse-engineering research)
If not, why have they been chosen in particular? IMHO the "OpenWRT
One" project hardware should not be worse than LibreCMC one
On Wed, Apr 10, 2024 at 7:18 AM Bjørn Mork <bjorn at mork.no> wrote:
>
> Michael Richardson <mcr at sandelman.ca> writes:
> > Bjørn Mork <bjorn at mork.no> wrote:
> >
> > > I assume the private key must be protected on the device. What are the
> > > hardware requirements?
> >
> > There are no hard and fast rules. It certainly would be best if it's in some
> > enclave. But, my take is that something is better than nothing
>
> I agree that this sounds useful in any case.
>
> But a key which can actually certify that you're talking to that
> specific device is so much better. I believe it should be seriously
> considered if you're going to do this.
>
> Maintaining a PKI and adding more device specific data will have a
> cost. Doing it "properly" might not be significanty more expensive. At
> least not if you can use functionaliy already there in the SoC (or other
> chips). Of which I know absolutely nothing, except that todays SoCs come
> with more functional blocks than I can count on my fingers.
>
> > In the RFC8995 onboarding situation, it would be used directly during
> > bootstrap, but then probably replaced with an LDevID with a more accessible
> > private key.
>
> Thanks for the pointer. This section is pretty close to answering my
> "IDevID howto for dummies" request:
> https://datatracker.ietf.org/doc/html/rfc8995#name-initial-device-identifier
>
> (and a sidenote: I'm really impressed that you got the IETF to
> standardize
>
> "BRSKI", pronounced like "brewski", is a colloquial term for beer in
> Canada and parts of the Midwestern United States
>
> Great work! :-)
>
>
> Bjørn
>
> _______________________________________________
> openwrt-devel mailing list
> openwrt-devel at lists.openwrt.org
> https://lists.openwrt.org/mailman/listinfo/openwrt-devel
More information about the openwrt-devel
mailing list