Has anyone bumping for an update requested the source code for the MR46 from Meraki? Email open-source@meraki.com, be sure to also mention that your request covers the bootloader source code.
Meraki's standard practice is to compile the environment into u-boot, and sign the whole thing. Since the environment is in the signed u-boot, you cannot modify bootcmd.
The MR46 is a different SoC, uses a different u-boot release: U-Boot 2018.01-RELEASE-gb0bd058b3f and as far as I know, all of their newer products come with secure boot enabled by default (meaning, there will be no code paths in u-boot that don't enforce signature verification).
It will only be possible to give a more definitive answer when we have the u-boot source code from Meraki
Yes, very helpful, thanks! I also requested the U-Boot sources from Meraki, albeit for the MR44 which I have a few at hand to tinker with. Also checking...
Properly implemented secure boot: Something is only secure until somebody has proven it otherwise. E.g. so far most implementations had some flaws or ways to circumvent it.
From a legal point of view Cisco will need to comply with the GPL and release source code of certain parts. Analysis thereof might help.
Later legislation prevents vendors from locking down a device completely as this basically adverts a rightful owner repairing a device and just creates more electronic waste.
You're talking about enterprise and government targeted products. Security is their paramount concern and the need to prevent non-signed firmware from running on such devices is the very first requirement to even sell to these customers. No government regulation will be created to prevent them from doing so. Don't compare them to Netgear, Linksys stuff etc.
You clearly don't know what secure boot is. All newer Meraki products have secure boot enabled by default. Any custom u-boot that is not signed with a Meraki private key will not be allowed to run, and any image that is not signed with the Meraki private key will not be able to boot from within the signed u-boot.
Of course, as with any products, there exists a (albeit very small) possibility of some security hole in their secure boot implementation that may allow it to be bypassed.
I think that, just like in the case of MR33, without looking at the source files it is impossible to detect something like this and the possibility of interrupting the loading and entering u-boot.
Until we have the U-Boot source code from Meraki, it will not be possible to state whether any mistakes were made in the secure boot implementation.
There is no possibility to interrupt boot as on MR33 U-Boot prior to 2017; Meraki have closed the xyzzy door a long time ago. You can easily verify this yourself by dumping the flash and running strings. So any bypass would involve the use of an external flasher.
Unless you are posting to share the U-Boot source code Meraki provided, please refrain from measuring contests. This includes asking for updates; it is not productive.
Secure boot means any custom uboot that is side-loaded will not run, unless it is properly signed with the vendor's private key. Where can you get that private key? Cracking RSA, ECDSA?