Difference between revisions of "Secure OTA Update"

From eLinux.org
Jump to: navigation, search
m
m
Line 35: Line 35:
  
 
= Relevant conference presentations =
 
= Relevant conference presentations =
 +
* ELC-E 2017
 +
** https://elinux.org/images/5/51/SWUpdateELCE2017.pdf
 +
** https://elinux.org/images/0/0c/BoF_secure_ota_linux.pdf
 +
** https://elinux.org/images/6/6d/UF_-_ELCE_2017_Presentation.pdf
 
* [https://uptane.github.io/ Uptane, Automotive-focused update framework]
 
* [https://uptane.github.io/ Uptane, Automotive-focused update framework]
 
** [[images/f/f3/How_we_added_software_updates_to_AGL.pdf|How we added software updates to AGL]]
 
** [[images/f/f3/How_we_added_software_updates_to_AGL.pdf|How we added software updates to AGL]]

Revision as of 06:37, 25 October 2017

Overview

A valid software update system on Linux should provide the following elements

  • Atomic updates
    • Stateless system
  • Capable of updating all software
    • bootloader
    • kernel
    • user data / configuration
    • rootfs / root file system
  • fail-safe, rollback to a previous software state
    • boot/update monitoring (watchdog) with boot confirmation
  • Secure download and verification of the image
  • Easy to use without vendor lock-in
  • Trusted
    • Compliant with and leverages HW elements (TPM/TEE)

Storage and delivery methods

  • Layered Tarball-based (i.e. docker)
  • File-based (i.e.libostree)
  • Chunk-based (i.e. casync)
  • Block-based (i.e. others)

Todo

  • Develop guidelines / reference implementations for key stories
    • Secure boot
    • Trusted execution environment (bootloader update, integrity checks)
    • Bootloader-driven rootfs image update process (image swap, boot count)
    • Boot firmware update process
    • Integration with different Open Source management servers
    • Secure software distribution (TUF) implementation
    • Watchdog best practices / boot image validation
  • Investigate cross-compatibility extensions in existing solutions
    • i.e. Mender support in SWUpdate?
    • casync (chunk-based image support in AGL

Relevant conference presentations

Relevant information

Reference implementations

Actions

  • Setup mailing list?
    • Please add your email if you are interested at being involved with the collaboration efforts.
      • alan (at) opensourcefoundries.com
      • peter (at) korsgaard.com
      • ricardo (at) opensourcefoundries.com
      • anton (at) advancedtelematic.com