picowota icon indicating copy to clipboard operation
picowota copied to clipboard

Published 20 hours ago verified publisher icon usedbytes

authenticate and seal firmware images

Open felixdoerre opened this issue 1 year ago • 0 comments

This resolves #6. The security model is as described in that issue:

  • An unrelated attacker, that cannot observe "authorized" traffic cannot do anything
  • A passive attacker, who can observe a connection, can obtain the uploaded firmware image, together with its authentication tag, but cannot create a new connection to picowota to upload the image.
  • An active attacker, who can take over tcp connections still has no way to create new connection on their own. On an existing connection that they took over, they can erase flash, boot, but cannot use picowota to upload an unrelated firmware image. Only firmware images, where the attacker previously observed the upload can be replayed.

To use these changes, a corresponding change in https://github.com/usedbytes/serial-flash is required. That I can prepare a PR for, if this change is wanted.

felixdoerre avatar Oct 14 '23 13:10 felixdoerre