Hello all!!
What I was thinking actually was an option I could enable at build-time (kinda
preinit option), at my own risk, when building images.
From a technical standpoint, will an uci default work in all cases?
Thanks a lot for your ideas guys.
Enrico
On Tue, 6 Jul 2021, Eric Luehrsen wrote:
Date: Tue, 6 Jul 2021 19:29:19
From: Eric Luehrsen <[email protected]>
To: [email protected]
Subject: Re: Enabling Wi-Fi on First boot
On Tue, Jul 6, 2021, 1:06 PM Henrique de Moraes Holschuh
<[email protected] <mailto:[email protected]>> wrote:
On 06/07/2021 12:05, Nishant Sharma wrote:
> On 06/07/21 7:56 pm, Henrique de Moraes Holschuh wrote:
>> So, to safely and responsibly enable wireless by default in a
device (or
>> firmware) you're delivering to a third-party, you need that
"per-unit
>> unique wireless password" per device thing most vendors are doing.
>>
>> [2] not really: openwrt sysugrade *does not help* in that there
is no
>> way to add variable information to an already *finished* image
file, to
>> be used on first-boot only, and which would *survive a factory
reset*.
>>
>
> How about a first-boot script that enables the Wi-Fi if it is
disabled
> and then sets the password (if not already set) using the first MAC
> address it finds on the device?
MACs are not a secret. It is absolutely trivial to know them: they're
in just about every WiFi (and ethernet) frame. Same goes for anything
that is derived *just* from the MAC address. And anyone that is going
to automatically scan/exploit for that, will also use MAC-1, MAC+1, and
other common variants.
What would work is to reuse the vendor-provided password that is
already
in the label and somewhere in FLASH, if you could always know where it
is in FLASH (you don't). And some models don't have it.
One also don't know the unit's MAC address beforehand, so any scheme
that depends on that doesn't work (because you'd need that MAC address
to print the label or generate the PDF). In fact, this precludes the
"generate secret at the device at 1st boot" too.
You could ask the user, but that isn't safe either: if she gets it
wrong
(or openwrt isn't correct about what MAC is in the printed label of
that
exact product version) you now have a device she can't access because
the passwords won't match and it would require an ethernet cable to
bypass and reset.
Some models are more obvious about device unique default password
storage than others. So like on my other reply if it is obvious then use
it and turn on wifi. For those with wifi-on-first support, make it a
check box in the hardware support table. Then small business using
openwrt know what options might meet their deployment needs.
- Eric
_______________________________________________
openwrt-devel mailing list
[email protected]
https://lists.openwrt.org/mailman/listinfo/openwrt-devel
_______________________________________________
openwrt-devel mailing list
[email protected]
https://lists.openwrt.org/mailman/listinfo/openwrt-devel
