Difference between revisions of "Secure OTA Update"
m |
m |
||
Line 35: | Line 35: | ||
= Relevant conference presentations = | = Relevant conference presentations = | ||
+ | * ELC-E 2017 | ||
+ | ** https://elinux.org/images/5/51/SWUpdateELCE2017.pdf | ||
+ | ** https://elinux.org/images/0/0c/BoF_secure_ota_linux.pdf | ||
+ | ** https://elinux.org/images/6/6d/UF_-_ELCE_2017_Presentation.pdf | ||
* [https://uptane.github.io/ Uptane, Automotive-focused update framework] | * [https://uptane.github.io/ Uptane, Automotive-focused update framework] | ||
** [[images/f/f3/How_we_added_software_updates_to_AGL.pdf|How we added software updates to AGL]] | ** [[images/f/f3/How_we_added_software_updates_to_AGL.pdf|How we added software updates to AGL]] |
Revision as of 06:37, 25 October 2017
Contents
Overview
A valid software update system on Linux should provide the following elements
- Atomic updates
- Stateless system
- Capable of updating all software
- bootloader
- kernel
- user data / configuration
- rootfs / root file system
- fail-safe, rollback to a previous software state
- boot/update monitoring (watchdog) with boot confirmation
- Secure download and verification of the image
- Easy to use without vendor lock-in
- Trusted
- Compliant with and leverages HW elements (TPM/TEE)
Storage and delivery methods
- Layered Tarball-based (i.e. docker)
- File-based (i.e.libostree)
- Chunk-based (i.e. casync)
- Block-based (i.e. others)
Todo
- Develop guidelines / reference implementations for key stories
- Secure boot
- Trusted execution environment (bootloader update, integrity checks)
- Bootloader-driven rootfs image update process (image swap, boot count)
- Boot firmware update process
- Integration with different Open Source management servers
- Secure software distribution (TUF) implementation
- Watchdog best practices / boot image validation
- Investigate cross-compatibility extensions in existing solutions
- i.e. Mender support in SWUpdate?
- casync (chunk-based image support in AGL
Relevant conference presentations
- ELC-E 2017
- Uptane, Automotive-focused update framework
- TUF - The update framework
- NCC security assessments: Kolide TUF Client, Docker Notary, osquery
- When the going gets tough, get TUF going
- 2017 ELC-E Europe BoF: How to collaborate on secure update for Linux
Relevant information
- Cloud Native Compute Foundation announces Notary and TUF specification adoption
- Uptane: One of Popular Science's top 100 technologies of the year
- ostree's documentation of related projects
- Update systems listed in the Yocto Project
Reference implementations
- AGL has a meta-sota layer that is an implementation - [https://wiki.automotivelinux.org/subsystem/agl-sota/ostree agl-
Actions
- Setup mailing list?
- Please add your email if you are interested at being involved with the collaboration efforts.
- alan (at) opensourcefoundries.com
- peter (at) korsgaard.com
- ricardo (at) opensourcefoundries.com
- anton (at) advancedtelematic.com
- Please add your email if you are interested at being involved with the collaboration efforts.