dear devs, I'm polishing up our work-in-progress regarding automated firmware-upgrades in our community network and I have a concept problem:
our images/the sha256-sum's are signed: http://intercity-vpn.de/networks/liszt28/firmware/models/Buffalo%20WZR-HP-AG300H/testing/Standard,DSLR,fotobox,kalua/info.json The downloader checks against a list of signatures, where e.g. 3 signatures must match the sha256 sum. There are "automated" signatures (e.g. from builbot) and manual ones, from humans. For protecting ourselfes from bad admins, there should be a "secret thing" which is baked into the firmware and only seeable during runtime: this way we can prevent, that a lazy admin "signs" a sha256 sum, without really has flashed the image and can make sure that it really runs. Now the question: a secret can be e.g. # ls -la /etc | md5sum This is naive, and a dumb admin can e.g. unsquashfs the image for getting the data. are there better methods? any ideas? bye, bastian _______________________________________________ Lede-dev mailing list Lede-dev@lists.infradead.org http://lists.infradead.org/mailman/listinfo/lede-dev
