Page MenuHomeVyOS Platform

Make it possible to verify the signature of an installed image
Open, LowPublic


As of now, signatures are completely external to the release — we sign the image file when we build it, so that everyone can verify the integrity of downloaded files.

However, it's impossible to verify that an installed system was created from a signed image. Since VyOS uses an immutable SquashFS image in installations, it's very much possible to do.

There are two possible options I see:

  • Sign the SquashFS image file and place the signature in /boot on installation.
  • Sign the version.json file and place the signature inside the SquashFS image.

Those options are not mutually exclusive. Signed version.json is easier to verify for a user, but only signing the entire image protects is from modification. We may want to do both.

It's also a question whether we should introduce a new subtree like verify or add the command to the show subtree, like:

run show system image integrity <minisign public key>


Difficulty level
Unknown (require assessment)
Why the issue appeared?
Will be filled on close
Is it a breaking change?
Perfectly compatible
Issue type
Improvement (missing useful functionality)