Request - Auto Update Firmware Feature?
- Thread starter Forerunner
- Start date
Subtle l33t sp34k... I thought it was only a myth.
No, just my attempt at working around the forum spam filter
Forerunner
Occasional Visitor
After seeing your reason about security I see the reason not to have such a thing now especially with Governments now wanting Backdoors etc such as the UK's Snoopers Charter. Security first!
Fast forward a couple of years from now when our houses are filled with vulnerable IoT devices, and a secure router with up-to-date firmware is the only thing protecting those devices from become botnet slaves, an auto-update option (and minimally a notification that your current firmware is insecure and vulnerable to attack) will be a must-have feature for security-minded folks. I'd be using this feature now if this existed and I already use it on my Windows desktop, Android phone and iPhone. Of course the update process would need to be as seamless as possible and certainly not require wiping all the settings with a hard reset or any such hassle.
I explained my position on auto-updating quite a few times already. Let me repeat it here, in full, one last time.
I won't be implementing any automated update, for multiple different reasons.
1) It puts a responsibility and a liability on my shoulders. If such a system were to be compromised, allowing the push of malicious firmware, it puts me in a difficult position, with potential legal repercussions. Such a system requires the expertise of engineers to completely secure the whole system (which provides a very tempting targets to potential hackers). That means it requires resources, time, and money. I don't have enough of these to put behind what is still just a hobby, done on my spare time.
2) The router is a critical piece of your network. A failed firmware upgrade made automatically means your WHOLE network goes down. If you are currently away from home, you're SOL until you get back home. If you're not an expert, it means you get up one morning, router seems to be dead, and you have no way of properly troubleshooting it (unless you're an expert), leading you to throwing away a 200-300$ router and buying a new one (when it's just a software issue).
3) A firmware update requires a reboot. I've complained enough already against Microsoft for doing so in a very arbitrary manner with Winodws 10. I've personally lost hours of work to one of their automated update-and-reboots because it rebooted my desktop hosting my development VM without any warning (I was working remotely in that VM at that instant). It caused a corruption of my Git filesystem, forcing me to restore from a backup made earlier today, and losing all the work I had been doing between the backup and that instant. Now, imagine a router deciding to reboot itself while in the middle of a very large file transfer. Or while you are watching a streamed movie. It sucks.
4) Occasionally, a firmware upgrade will require a manual power cycle. If you aren't home, it means you are SOL until you get back home to reboot the router.
5) An interrupted firmware upgrade means a router that will no longer work. Do you have a copy of a working firmware on your computer to recover it? If you always let the device automatically upgrade itself, probably not. Means you might be stuck without Internet until you manage to get a working firmware to flash it back. A device so critical that automatically updates itself needs to have a second copy of the firmware, from which to boot in case of failure. Asuswrt does not have such a backup partition.
6) Some firmware upgrades require changing settings, or potentially a factory default reset. Wishing it wasn't the case doesn't make it any less possible.
So no: I will NOT implement an auto-update, for multiple reasons. And while I know that Asus started working on adding it, I still think it's a bad idea with the current architecture. To be done properly, it would require:
1) A second firmware partition, from which to boot in case of a failed update
2) A very secure infrastructure, including a signed firmware image that would only be flashed if the signature is validated
3) Analysis of the current network activity, rebooting only within a specific time period and IF there is next to zero network activity (and that still wouldn't be fool-proof, as you might be doing LAN-side transfer, which would STILL be interrupted if you use the router's four ports as your LAN switch)
4) A more robust update process that would never lead to requiring a manual reboot (the second firmware partition could solve that issue)
5) A more robust configuration system, with developers keeping in mind that you have to ensure that if you change an existing value (for instance radio-related variables), the firmware has to take care of automatically updating these values on the first boot of the new firmware
I won't be implementing any automated update, for multiple different reasons.
1) It puts a responsibility and a liability on my shoulders. If such a system were to be compromised, allowing the push of malicious firmware, it puts me in a difficult position, with potential legal repercussions. Such a system requires the expertise of engineers to completely secure the whole system (which provides a very tempting targets to potential hackers). That means it requires resources, time, and money. I don't have enough of these to put behind what is still just a hobby, done on my spare time.
2) The router is a critical piece of your network. A failed firmware upgrade made automatically means your WHOLE network goes down. If you are currently away from home, you're SOL until you get back home. If you're not an expert, it means you get up one morning, router seems to be dead, and you have no way of properly troubleshooting it (unless you're an expert), leading you to throwing away a 200-300$ router and buying a new one (when it's just a software issue).
3) A firmware update requires a reboot. I've complained enough already against Microsoft for doing so in a very arbitrary manner with Winodws 10. I've personally lost hours of work to one of their automated update-and-reboots because it rebooted my desktop hosting my development VM without any warning (I was working remotely in that VM at that instant). It caused a corruption of my Git filesystem, forcing me to restore from a backup made earlier today, and losing all the work I had been doing between the backup and that instant. Now, imagine a router deciding to reboot itself while in the middle of a very large file transfer. Or while you are watching a streamed movie. It sucks.
4) Occasionally, a firmware upgrade will require a manual power cycle. If you aren't home, it means you are SOL until you get back home to reboot the router.
5) An interrupted firmware upgrade means a router that will no longer work. Do you have a copy of a working firmware on your computer to recover it? If you always let the device automatically upgrade itself, probably not. Means you might be stuck without Internet until you manage to get a working firmware to flash it back. A device so critical that automatically updates itself needs to have a second copy of the firmware, from which to boot in case of failure. Asuswrt does not have such a backup partition.
6) Some firmware upgrades require changing settings, or potentially a factory default reset. Wishing it wasn't the case doesn't make it any less possible.
So no: I will NOT implement an auto-update, for multiple reasons. And while I know that Asus started working on adding it, I still think it's a bad idea with the current architecture. To be done properly, it would require:
1) A second firmware partition, from which to boot in case of a failed update
2) A very secure infrastructure, including a signed firmware image that would only be flashed if the signature is validated
3) Analysis of the current network activity, rebooting only within a specific time period and IF there is next to zero network activity (and that still wouldn't be fool-proof, as you might be doing LAN-side transfer, which would STILL be interrupted if you use the router's four ports as your LAN switch)
4) A more robust update process that would never lead to requiring a manual reboot (the second firmware partition could solve that issue)
5) A more robust configuration system, with developers keeping in mind that you have to ensure that if you change an existing value (for instance radio-related variables), the firmware has to take care of automatically updating these values on the first boot of the new firmware
ExtremeFiretop
Very Senior Member
GitHub - ExtremeFiretop/MerlinAutoUpdate-Router: Merlin(A)uto(U)pdate is a Merlin router script which allows you to remotely identify a stable firmware update for an ASUS Merlin router, and automatically download and update via an unattended method d
Merlin(A)uto(U)pdate is a Merlin router script which allows you to remotely identify a stable firmware update for an ASUS Merlin router, and automatically download and update via an unattended meth...
github.com
Last edited:
Similar threads
Similar threads
Similar threads
-
-
Feature request: Two factor authentication web login. (TOTP)
- Started by DJones
- Replies: 8
-
Request for v2ray installation training on RT-AC5300 router
- Started by karbon
- Replies: 2
-
[🙏 Feature request For Asus Merlin] Add Public WiFi Mode for GT-AX11000
- Started by mdpatel9558
- Replies: 7
-
-
-
[Feature Request] Schedule DoS Protection state and/or whitelist option
- Started by Quirken
- Replies: 5
-
[WAN feature request] GT-AXE16000 use 2.5G port as LAN and use 2 1GB ports for dual wan
- Started by mmjlmjl
- Replies: 14
-
Latest threads
-
-
My RT-AC86U reset to factory settings by itself on a reboot
- Started by BJBBJB
- Replies: 2
-
-
-
Entware Asus-Merlin 388.8 GT-AX11000 Entware v2RayA package error
- Started by RootX
- Replies: 0
Support SNBForums w/ Amazon
If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!
Sign Up For SNBForums Daily Digest
Get an update of what's new every day delivered to your mailbox. Sign up here!
Staff online
-
thigginsMr. Easy