Close

Firmware signing

A project log for Orthrus

SD card secure RAID USB storage

nick-sayerNick Sayer 10/09/2017 at 18:430 Comments

In order to further protect against rogue firmware, I've created a firmware signing certificate and used it to sign the firmware in the release zip. There's also a README included with the steps to validate the signature. It's simple operations with OpenSSL. The code signing certificate is also separately included in the Files section of the project and has been checked into GitHub, but if you're really paranoid then you should contact me offline somehow and I can provide you with the expected SHA256 hash of the certificate or some other reasonable proof of authenticity.

If it turns out there is some reasonable and free mechanism for obtaining a trusted code signing certificate, I'll endeavor to resign the same public key, if possible.

Meanwhile, this will allow for reasonable security around field firmware updates.

Discussions