Hi Paul, On Wed, Apr 24, 2019 at 12:02:49AM +0200, Paul Spooren wrote: > Hi all, > > to improve security of the router sysupgrade process, it's sane to check > firmware images for signatures of trusted parties. While this should > always be optional (aka no vendor locking), it helps *basic* users to > easily verify that they are installing the image they intended. > > It is already supported via ucert[0], but neither installed by default > nor really activate able by users. An improvement is done with this[1] > pull request, adding an UCI option and installing ucert by default (+176 > Bytes).
I don't think using UCI for this makes sense, because people also use sysupgrade in failsafe mode and then may not be able to change UCI options. We already got the '-F' option of sysupgrade, imho this is enough to ignore an invalid signature. > > Eventually all targets should support metadata and therefore signatures > within the metadata, once there, the image verification could be turned > on by default? That's the plan :) > > Please share your opinion! > > Best, > Paul > > [0]: https://git.openwrt.org/?p=project/ucert.git;a=summary > [1]: https://github.com/openwrt/openwrt/pull/1992 > > _______________________________________________ openwrt-devel mailing list [email protected] https://lists.openwrt.org/mailman/listinfo/openwrt-devel
