[onerng talk] install & access

Jim Cheetham jim at gonzul.net
Wed Nov 5 19:14:33 GMT 2014


On Nov 6, 2014 7:10 AM, "Paul Campbell" <paul at taniwha.com> wrote:
> On Wed, 05 Nov 2014 13:00:50 ianG wrote:
> > I'm assuming here that any flashing
> > will require the new package to be signed by a key bedded into to the
> > non-flashable code?

At this stage there is no embedded key, no "non-flashable" storage,
therefore integrity checking needs you to check the signature of the full
content of the flash storage itself, offline (i.e in the host OS startup
scripts)

Adding such extra storage would increase the system complexity, not
something we're doing at this stage. If we do it later, we need to consider
how the owner of the device will be able to inspect the storage to make
sure it is correct and that there's no other data in there ... which
probably wouldn't be easy especially if they couldn't trust the firmware to
check for them.

Mind you, I can see a 64-bit key *physically* encoded as a row of DIP
switches, or jumpers ... that might be cool, very unwieldy though.

-jim
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ourshack.com/pipermail/discuss/attachments/20141106/63335b55/attachment.html>


More information about the Discuss mailing list