Bastian, prpl member IntrinsicID has physically unclonable function technology which allows a key to be generated at bootup based upon the physical characteristics of the device. It's the same key generated everytime but it isn't actually stored in flash. Their technology requires a paid license but we might be able to convince them to release an open-source version with more limited capabilities. I can put you in touch with folks both at IntrinsicID and prpl to discuss this further if you'd like.
Eric On 02/22/2017 03:05 AM, Bastian Bittorf wrote: > dear devs, > > I'm polishing up our work-in-progress regarding automated > firmware-upgrades in our community network and I have a concept problem: > > our images/the sha256-sum's are signed: > http://intercity-vpn.de/networks/liszt28/firmware/models/Buffalo%20WZR-HP-AG300H/testing/Standard,DSLR,fotobox,kalua/info.json > > The downloader checks against a list of signatures, where > e.g. 3 signatures must match the sha256 sum. > > There are "automated" signatures (e.g. from builbot) and manual ones, > from humans. For protecting ourselfes from bad admins, there > should be a "secret thing" which is baked into the firmware and > only seeable during runtime: this way we can prevent, that a lazy > admin "signs" a sha256 sum, without really has flashed the image > and can make sure that it really runs. > > Now the question: a secret can be e.g. > # ls -la /etc | md5sum > > This is naive, and a dumb admin can e.g. unsquashfs the > image for getting the data. are there better methods? any ideas? > > bye, bastian > > _______________________________________________ > Lede-dev mailing list > Lede-dev@lists.infradead.org > http://lists.infradead.org/mailman/listinfo/lede-dev _______________________________________________ Lede-dev mailing list Lede-dev@lists.infradead.org http://lists.infradead.org/mailman/listinfo/lede-dev