[OpenWrt-Devel] [PATCH 1/2] base-files: use JSON for storing firmware validation info

Rafał Miłecki zajec5 at gmail.com
Fri Aug 30 02:34:23 EDT 2019


On Fri, 23 Aug 2019 at 08:15, Rafał Miłecki <zajec5 at gmail.com> wrote:
> So far firmware validation result was binary limited: it was either
> successful or not. That meant various limitations, e.g.:
> 1) Lack of proper feedback on validation problems
> 2) No way of marking firmware as totally broken (impossible to install)
>
> This change introduces JSON for storing detailed validation info. It
> provides a list of performed validation tests and their results. It
> allows marking firmware as non-forceable (broken image that can't be
> even forced to install).
> Example:
> {
>         "tests": {
>                 "fwtool_signature": true,
>                 "fwtool_device_match": true
>         },
>         "valid": true,
>         "forceable": true
> }
>
> Implementation is based on *internal* check_image bash script that:
> 1) Uses existing validation functions
> 2) Provides helpers for setting extra validation info
>
> This allows e.g. platform_check_image() to call notify_check_broken()
> when needed & prevent user from bricking a device.
>
> Right now the new JSON info is used by /sbin/sysupgrade only. It's
> already a nice gain as it stops users from installing broken images.
>
> Further plans for this feature are:
> 1) Expose firmware validation using some new ubus method
> 2) Move validation step from /sbin/sysupgrade into "sysupgrade" ubus
>    method so:
>    a) It's possible to safely sysupgrade using ubus only
>    b) /sbin/sysupgrade can be more like just a CLI

I decided to:
1) Use more accurate "validate_firmware_image" executable
2) Don't modify /sbin/sysupgrade to use "forceable". That was
extending /sbin/sysupgrade which we should rather avoid in order to
focus on more generic ubus method.

_______________________________________________
openwrt-devel mailing list
openwrt-devel at lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel


More information about the openwrt-devel mailing list