Bastian Bittorf <b...@npl.de> wrote:
> There are "automated" signatures (e.g. from builbot) and manual ones,
> from humans. For protecting ourselfes from bad admins, there should be
> a "secret thing" which is baked into the firmware and only seeable
> during runtime: this way we can prevent, that a lazy admin "signs" a
> sha256 sum, without really has flashed the image and can make sure that
> it really runs.
Please don't use a symmetric key in the firmware. Especially one that
anyone can download and examine. This is what Philips did for the HUE bulb,
and it was a disaster.
> Now the question: a secret can be e.g. # ls -la /etc | md5sum
> This is naive, and a dumb admin can e.g. unsquashfs the image for
> getting the data. are there better methods? any ideas?
Yes, use an asymmetric key, and distribute the public part only.
--
] Never tell me the odds! | ipv6 mesh networks [
] Michael Richardson, Sandelman Software Works | network architect [
] m...@sandelman.ca http://www.sandelman.ca/ | ruby on rails [
signature.asc
Description: PGP signature
_______________________________________________ Lede-dev mailing list Lede-dev@lists.infradead.org http://lists.infradead.org/mailman/listinfo/lede-dev
