Hi all, to improve security of the router sysupgrade process, it's sane to check firmware images for signatures of trusted parties. While this should always be optional (aka no vendor locking), it helps *basic* users to easily verify that they are installing the image they intended.
It is already supported via ucert[0], but neither installed by default nor really activate able by users. An improvement is done with this[1] pull request, adding an UCI option and installing ucert by default (+176 Bytes). Eventually all targets should support metadata and therefore signatures within the metadata, once there, the image verification could be turned on by default? Please share your opinion! Best, Paul [0]: https://git.openwrt.org/?p=project/ucert.git;a=summary [1]: https://github.com/openwrt/openwrt/pull/1992 _______________________________________________ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel