Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Prestudy encryption and unattended upgrades #859

Open
troglobit opened this issue Dec 5, 2024 · 0 comments
Open

Prestudy encryption and unattended upgrades #859

troglobit opened this issue Dec 5, 2024 · 0 comments
Milestone
FUTURE

Comments

@troglobit
Copy link
Contributor

Objective

Detail an implementation proposal for allowing end-users to perform unattended firmware upgrade, deploy configuration changes, and collect support data for transmission to first line support in a "secure enough" way.

Basic Idea

  1. Auto-mount USB media
  2. Maybe decrypt disk (Bitlocker/LUKS), or
  3. Decrypt/authenticate files on disk
  4. Perform upgrade, or config change, in a defined order
  5. Signal progress on LEDs and in logs (for remote syslog monitoring)

Encryption Alternatives

  • Bitlocker support for Linux (FUSE), pro: works with Windows
  • Password protected zip files, pro: simple works with basically any operating system
  • GPG/PGP signed files, pro: simple, many (most?) prominent MUAs have support for it
  • Symmetric key in ietf-keystore yang, user may deploy startup-config with same key on a group of devices

Resources
@troglobit troglobit converted this from a draft issue Dec 5, 2024
@troglobit troglobit added this to the FUTURE milestone Dec 5, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
Infix & C:o
Status: No status
Milestone
FUTURE
Development

No branches or pull requests
2 participants
@troglobit @wkz