On 22 February 2017 at 17:05, Bastian Bittorf <b...@npl.de> wrote:
> There are "automated" signatures (e.g. from builbot) and manual ones,
> from humans. For protecting ourselfes from bad admins, there
> should be a "secret thing" which is baked into the firmware and
> only seeable during runtime: this way we can prevent, that a lazy
> admin "signs" a sha256 sum, without really has flashed the image
> and can make sure that it really runs.
>
> Now the question: a secret can be e.g.
> # ls -la /etc | md5sum
>
> This is naive, and a dumb admin can e.g. unsquashfs the
> image for getting the data. are there better methods? any ideas?
>
How about generating at build time a piece of c code whose output when
run at the target board will be the source code itself (quine). We
can use the output content to seed the computation of signature. The
binary itself should be cross-compiled in a reproducible way so that
integrity of the binary itself can be verified...
yousong
_______________________________________________
Lede-dev mailing list
Lede-dev@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/lede-dev
