Commit Graph

9 Commits

Author SHA1 Message Date
Adrian Schmutzler
ad3e1f9db4 base-files: fwtool: implement compatibility check for images
We regularly encounter the situation that devices are subject to
changes that will make them incompatible to previous versions.
Removing SUPPORTED_DEVICES will not really be helpful in most of these
cases, as this only helps after a rename.

To solve this situation, this patchset introduces a compatibility
version for devices. In this patch, the actual checks are implemented
into fwtool_check_image():

If an incompatible change is introduced, one can increase either
the minor version (1.0->1.1) or the major version (1.0->2.0).

Minor version increment:
This will still allow sysupgrade, but require to reset config
(-n or SAVE_CONFIG=0). If sysupgrade is called without -n, a
corresponding message will be printed. If sysupgrade is called
with -n, it will just pass, with supported devices being checked
as usual. (Which will allow us to add back SUPPORTED_DEVICES for
many cases.)

Major version increment:
This is meant for potential (rare) cases where sysupgrade is
not possible at all, because it would break the device.
In this case, a warning will be printed, and -n won't help.

If image check fails because of one of the versions parts not
matching, the content of DEVICE_COMPAT_MESSAGE is printed in
addition to the generic message (if set).

For both cases, upgrade can still be forced with -F as usual.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-07-31 11:40:15 +02:00
Felix Fietkau
b044b52ab9 base-files: fix ucert verification
ucert needs to check the firmware part with metadata, but without the signature.
Use the new fwtool mode to extract that without altering the firmware image inside
the check

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2019-02-12 16:42:03 +01:00
Felix Fietkau
61e01f248e base-files: do not strip fwtool signature data during check
Same reason as in commit 9808bd2799 -
sysupgrade --test must not alter the image in any way

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2019-02-09 14:34:24 +01:00
Jo-Philipp Wich
9808bd2799 Revert "base-files: fwtool: Fix wrong checksum on combined-image with metadata"
This reverts commit 41770add03.

The fwtool_check_image() procedure is used by `sysupgrade --test` which must
not alter the image under test in any way.

Currently, when the LuCI ui or any other sysupgrade wrapper first invokes
sysupgrade --test to verify the compatibility of the image and then calculates
the sha256sum over it, the resulting checksum will differ from the original
image since the test invocation will implicitely strip the metadata trailer.

To properly fix the underlying issue, the combined image checksumming code
must be modified to skip the metadata trailer.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-12-02 16:05:44 +01:00
Petr Štetiar
41770add03 base-files: fwtool: Fix wrong checksum on combined-image with metadata
If I create following image:

define Device/engenius-m36
  IMAGE/sysupgrade.bin := combined-image | append-metadata
endef

Sysupgrade then errors out:

  Invalid image. Contents do not match checksum (image:cd285595eaf297370404ae0e2815ec1a calculated:2cf9a2286fb6b01af3ea189128017d44)
  Image check 'platform_check_image' failed.

By removing the metadata from the image I get combined-image checksum
working again and sysupgrade works.

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2018-11-26 12:05:45 +01:00
Daniel Golle
8174853c78 base-files: introduce sysupgrade signature chain verification
Verify ucert signature chains in sysupgrade images in case ucert is
installed and $CHECK_IMAGE_SIGNARURE = 1.
Also make sure ucert host binary is present and generate a self-signed
ucert in case $TOPDIR/key-build.ucert is missing.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2018-08-08 02:22:54 +02:00
John Crispin
5e1b4c57de base-files: drop fwtool_pre_upgrade
this feature has never worked, the fw image name was not passed and the -t
parameter was missing in the tool invocation. drop the feature.

Signed-off-by: John Crispin <john@phrozen.org>
2018-07-30 17:42:39 +02:00
Felix Fietkau
81b5e8e5d2 base-files: add a hint in sysupgrade that shows what to do when the image metadata check fails
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-12-04 11:41:49 +01:00
Felix Fietkau
cc853810a4 base-files: validate metadata of sysupgrade images
Use fwtool to extract it, only require metadata to be present if the
platform sysupgrade script sets REQUIRE_IMAGE_METADATA=1

Image metadata is in JSON format and contains a list of supported
devices, along with version information that could be displayed by a UI
later before the actual upgrade happens.

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-11-19 11:24:09 +01:00