Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Signing firmware files post-delta creation fails #227

Open
fhunleth opened this issue Apr 22, 2024 · 0 comments
Open

Signing firmware files post-delta creation fails #227

fhunleth opened this issue Apr 22, 2024 · 0 comments

Comments

@fhunleth
Copy link
Collaborator

fhunleth commented Apr 22, 2024
edited
Loading

Signing firmware files prior to delta creation succeeds. It's unclear when this regression happened due to a shell script issue in 175_sign_delta_upgrade.test that erroneously caused this test to succeed.

Therefore, the recommended way of creating delta firmware images is to:

  1. Create and sign the regular (non-delta) firmware file
  2. Modify the firmware file with the delta

Do NOT sign the delta firmware update files until this issue is fixed since they can't be verified.

Note that firmware signatures cover the result of the running the delta data through the xdelta3 algorithm. This is also true of the regular lossless compression. I.e., you're not signing a hash of the compressed data, you're signing a hash of the uncompressed data. That means that fwup will succeed so long as the .fw's contents can get you to the exact uncompressed data that was signed.

To my knowledge, users of delta firmware updates with fwup always sign first since that's integrated into their CI or via a signing computer. Then they upload the signed .fw file to a firmware update service which runs a script to create the deltas depending on the versions of firmware that exist on devices in the field. In other words, I don't believe this to be a production-affecting issue. It's still very important, since this should work and will certainly cause a lot of confusion for anyone who stumbles on it.
fhunleth added a commit that referenced this issue Apr 22, 2024
@fhunleth
Comment out the failing call to verify in test 175
ffcf1bd 
See #227 for discussion
especially how this has been an issue for a while and likely doesn't
affect anyone. Still want it fixed, but no need to waste more people's
time on looking into it any more.
fhunleth added a commit that referenced this issue Apr 22, 2024
@fhunleth
Comment out the failing call to verify in test 175
f274c7f 
See #227 for discussion
especially how this has been an issue for a while and likely doesn't
affect anyone. Still want it fixed, but no need to waste more people's
time on looking into it any more.
@fhunleth fhunleth mentioned this issue Apr 26, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@fhunleth