Secure OTA Update

= Overview = A valid software update system on Linux should provide the following elements
 * Atomic updates
 * Stateless system
 * Capable of updating all software
 * bootloader
 * kernel
 * user data / configuration
 * rootfs / root file system
 * fail-safe, rollback to a previous software state
 * boot/update monitoring (watchdog) with boot confirmation
 * Secure download and verification of the image
 * Easy to use without vendor lock-in
 * Trusted
 * Compliant with and leverages HW elements (TPM/TEE)

= Storage and delivery methods =
 * Layered Tarball-based (i.e. docker)
 * File-based (i.e.libostree)
 * Chunk-based (i.e. casync)
 * Block-based (i.e. others)

= Todo =
 * Develop guidelines / reference implementations for key stories
 * Secure boot
 * Trusted execution environment (bootloader update, integrity checks)
 * Bootloader-driven rootfs image update process (image swap, boot count)
 * Boot firmware update process
 * Integration with different Open Source management servers
 * Secure software distribution (TUF) implementation
 * Watchdog best practices / boot image validation
 * Investigate cross-compatibility extensions in existing solutions
 * i.e. Mender support in SWUpdate?
 * casync (chunk-based image support in AGL

= Relevant conference presentations =
 * ELC-E 2017
 * SWUpdate - Updating an Embedded System
 * BoF - Collaborating on secure OTA systems for linux
 * Orchestrated Android-Style System Upgrades for Embedded Linux
 * FOSDEM 2017
 * Secure and Safe Updates for Your Embedded Device (RAUC)
 * Uptane, Automotive-focused update framework
 * How we added software updates to AGL
 * OTA Updates in AGL using OSTree
 * Software over the air for AGL
 * TUF - The update framework
 * NCC security assessments: Kolide TUF Client, Docker Notary, osquery
 * When the going gets tough, get TUF going

= Relevant information =
 * Cloud Native Compute Foundation announces Notary and TUF specification adoption
 * Uptane: One of Popular Science's top 100 technologies of the year
 * ostree's documentation of related projects
 * Update systems listed in the Yocto Project

= Reference implementations =
 * AGL has a meta-sota layer that is an implementation - agl-sota

= Other =
 * Mailing list