Difference between revisions of "Secure OTA Update"
m |
(→Other) |
||
(5 intermediate revisions by 2 users not shown) | |||
Line 36: | Line 36: | ||
= Relevant conference presentations = | = Relevant conference presentations = | ||
* ELC-E 2017 | * ELC-E 2017 | ||
− | ** https://elinux.org/images/5/51/SWUpdateELCE2017.pdf | + | ** [https://elinux.org/images/5/51/SWUpdateELCE2017.pdf SWUpdate - Updating an Embedded System] |
− | ** https://elinux.org/images/0/0c/BoF_secure_ota_linux.pdf | + | ** [https://elinux.org/images/0/0c/BoF_secure_ota_linux.pdf BoF - Collaborating on secure OTA systems for linux] |
− | ** https://elinux.org/images/6/6d/UF_-_ELCE_2017_Presentation.pdf | + | ** [https://elinux.org/images/6/6d/UF_-_ELCE_2017_Presentation.pdf Orchestrated Android-Style System Upgrades for Embedded Linux] |
+ | * FOSDEM 2017 | ||
+ | ** [https://archive.fosdem.org/2017/schedule/event/secure_safe_embedded_updates/ Secure and Safe Updates for Your Embedded Device (RAUC)] | ||
* [https://uptane.github.io/ Uptane, Automotive-focused update framework] | * [https://uptane.github.io/ Uptane, Automotive-focused update framework] | ||
** [[images/f/f3/How_we_added_software_updates_to_AGL.pdf|How we added software updates to AGL]] | ** [[images/f/f3/How_we_added_software_updates_to_AGL.pdf|How we added software updates to AGL]] | ||
Line 46: | Line 48: | ||
** NCC security assessments: [https://www.nccgroup.trust/uk/our-research/the-update-framework-tuf-security-assessment/ Kolide TUF Client], [https://www.nccgroup.trust/us/our-research/docker-notary/ Docker Notary], [https://www.nccgroup.trust/uk/our-research/osquery-application-security-assessment-public-report/ osquery] | ** NCC security assessments: [https://www.nccgroup.trust/uk/our-research/the-update-framework-tuf-security-assessment/ Kolide TUF Client], [https://www.nccgroup.trust/us/our-research/docker-notary/ Docker Notary], [https://www.nccgroup.trust/uk/our-research/osquery-application-security-assessment-public-report/ osquery] | ||
** [http://events.linuxfoundation.org/sites/events/files/slides/LINUXCON_EU_When%20the%20going%20gets%20tough%2C%20get%20TUF%20going%21.pdf When the going gets tough, get TUF going] | ** [http://events.linuxfoundation.org/sites/events/files/slides/LINUXCON_EU_When%20the%20going%20gets%20tough%2C%20get%20TUF%20going%21.pdf When the going gets tough, get TUF going] | ||
− | |||
= Relevant information = | = Relevant information = | ||
Line 55: | Line 56: | ||
= Reference implementations = | = Reference implementations = | ||
− | * AGL has a meta-sota layer that is an implementation - [https://wiki.automotivelinux.org/subsystem/agl-sota/ostree agl- | + | * AGL has a meta-sota layer that is an implementation - [https://wiki.automotivelinux.org/subsystem/agl-sota/ostree agl-sota] |
− | = | + | = Other = |
− | * | + | * [https://groups.google.com/forum/#!forum/linuxota Mailing list] |
− | |||
− | |||
− | |||
− | |||
− |
Latest revision as of 17:07, 15 November 2017
Contents
Overview
A valid software update system on Linux should provide the following elements
- Atomic updates
- Stateless system
- Capable of updating all software
- bootloader
- kernel
- user data / configuration
- rootfs / root file system
- fail-safe, rollback to a previous software state
- boot/update monitoring (watchdog) with boot confirmation
- Secure download and verification of the image
- Easy to use without vendor lock-in
- Trusted
- Compliant with and leverages HW elements (TPM/TEE)
Storage and delivery methods
- Layered Tarball-based (i.e. docker)
- File-based (i.e.libostree)
- Chunk-based (i.e. casync)
- Block-based (i.e. others)
Todo
- Develop guidelines / reference implementations for key stories
- Secure boot
- Trusted execution environment (bootloader update, integrity checks)
- Bootloader-driven rootfs image update process (image swap, boot count)
- Boot firmware update process
- Integration with different Open Source management servers
- Secure software distribution (TUF) implementation
- Watchdog best practices / boot image validation
- Investigate cross-compatibility extensions in existing solutions
- i.e. Mender support in SWUpdate?
- casync (chunk-based image support in AGL
Relevant conference presentations
- ELC-E 2017
- FOSDEM 2017
- Uptane, Automotive-focused update framework
- TUF - The update framework
- NCC security assessments: Kolide TUF Client, Docker Notary, osquery
- When the going gets tough, get TUF going
Relevant information
- Cloud Native Compute Foundation announces Notary and TUF specification adoption
- Uptane: One of Popular Science's top 100 technologies of the year
- ostree's documentation of related projects
- Update systems listed in the Yocto Project
Reference implementations
- AGL has a meta-sota layer that is an implementation - agl-sota