Difference between revisions of "Secure OTA Update"
m |
(→Other) |
||
(13 intermediate revisions by 4 users not shown) | |||
Line 1: | Line 1: | ||
− | + | = Overview = | |
+ | A valid software update system on Linux should provide the following elements | ||
+ | * Atomic updates | ||
+ | ** Stateless system | ||
+ | * Capable of updating all software | ||
+ | ** bootloader | ||
+ | ** kernel | ||
+ | ** user data / configuration | ||
+ | ** rootfs / root file system | ||
+ | * fail-safe, rollback to a previous software state | ||
+ | ** boot/update monitoring (watchdog) with boot confirmation | ||
+ | * Secure download and verification of the image | ||
+ | * Easy to use without vendor lock-in | ||
+ | * Trusted | ||
+ | ** Compliant with and leverages HW elements (TPM/TEE) | ||
− | + | = Storage and delivery methods = | |
+ | * Layered Tarball-based (i.e. [http://docker.com docker]) | ||
+ | * File-based (i.e.[https://ostree.readthedocs.io/en/latest/ libostree]) | ||
+ | * Chunk-based (i.e. [http://0pointer.net/blog/casync-a-tool-for-distributing-file-system-images.html casync]) | ||
+ | * Block-based (i.e. others) | ||
− | + | = Todo = | |
− | + | * Develop guidelines / reference implementations for key stories | |
− | + | ** Secure boot | |
− | + | ** Trusted execution environment (bootloader update, integrity checks) | |
− | + | ** Bootloader-driven rootfs image update process (image swap, boot count) | |
− | + | ** Boot firmware update process | |
+ | ** Integration with different Open Source management servers | ||
+ | ** Secure software distribution (TUF) implementation | ||
+ | ** Watchdog best practices / boot image validation | ||
+ | * Investigate cross-compatibility extensions in existing solutions | ||
+ | ** i.e. Mender support in SWUpdate? | ||
+ | ** casync (chunk-based image support in AGL | ||
+ | |||
+ | = Relevant conference presentations = | ||
+ | * ELC-E 2017 | ||
+ | ** [https://elinux.org/images/5/51/SWUpdateELCE2017.pdf SWUpdate - Updating an Embedded System] | ||
+ | ** [https://elinux.org/images/0/0c/BoF_secure_ota_linux.pdf BoF - Collaborating on secure OTA systems for linux] | ||
+ | ** [https://elinux.org/images/6/6d/UF_-_ELCE_2017_Presentation.pdf Orchestrated Android-Style System Upgrades for Embedded Linux] | ||
+ | * FOSDEM 2017 | ||
+ | ** [https://archive.fosdem.org/2017/schedule/event/secure_safe_embedded_updates/ Secure and Safe Updates for Your Embedded Device (RAUC)] | ||
+ | * [https://uptane.github.io/ Uptane, Automotive-focused update framework] | ||
+ | ** [[images/f/f3/How_we_added_software_updates_to_AGL.pdf|How we added software updates to AGL]] | ||
+ | ** [http://events.linuxfoundation.org/sites/events/files/slides/OTA%20Updates%20in%20AGL%20Using%20OSTree.pdf OTA Updates in AGL using OSTree] | ||
+ | ** [https://www.slideshare.net/leonanavi/software-over-the-air-sota-for-automotive-grade-linux-agl Software over the air for AGL] | ||
+ | * [https://theupdateframework.github.io/ TUF - The update framework] | ||
+ | ** NCC security assessments: [https://www.nccgroup.trust/uk/our-research/the-update-framework-tuf-security-assessment/ Kolide TUF Client], [https://www.nccgroup.trust/us/our-research/docker-notary/ Docker Notary], [https://www.nccgroup.trust/uk/our-research/osquery-application-security-assessment-public-report/ osquery] | ||
+ | ** [http://events.linuxfoundation.org/sites/events/files/slides/LINUXCON_EU_When%20the%20going%20gets%20tough%2C%20get%20TUF%20going%21.pdf When the going gets tough, get TUF going] | ||
+ | |||
+ | = Relevant information = | ||
+ | * [https://www.cncf.io/announcement/2017/10/24/cncf-host-two-security-projects-notary-tuf-specification/ Cloud Native Compute Foundation announces Notary and TUF specification adoption] | ||
+ | * [http://markets.businessinsider.com/news/stocks/Cybersecurity-Protocol-that-Fends-off-Automobile-Hacks-Named-to-Popular-Science-Magazine-s-List-of-Top-100-Technologies-of-the-Year-1004763332 Uptane: One of Popular Science's top 100 technologies of the year] | ||
+ | * [https://ostree.readthedocs.io/en/latest/manual/related-projects ostree's documentation of related projects] | ||
+ | * [https://wiki.yoctoproject.org/wiki/System_Update Update systems listed in the Yocto Project] | ||
+ | |||
+ | = Reference implementations = | ||
+ | * AGL has a meta-sota layer that is an implementation - [https://wiki.automotivelinux.org/subsystem/agl-sota/ostree agl-sota] | ||
+ | |||
+ | = Other = | ||
+ | * [https://groups.google.com/forum/#!forum/linuxota Mailing list] |
Latest revision as of 17:07, 15 November 2017
Contents
Overview
A valid software update system on Linux should provide the following elements
- Atomic updates
- Stateless system
- Capable of updating all software
- bootloader
- kernel
- user data / configuration
- rootfs / root file system
- fail-safe, rollback to a previous software state
- boot/update monitoring (watchdog) with boot confirmation
- Secure download and verification of the image
- Easy to use without vendor lock-in
- Trusted
- Compliant with and leverages HW elements (TPM/TEE)
Storage and delivery methods
- Layered Tarball-based (i.e. docker)
- File-based (i.e.libostree)
- Chunk-based (i.e. casync)
- Block-based (i.e. others)
Todo
- Develop guidelines / reference implementations for key stories
- Secure boot
- Trusted execution environment (bootloader update, integrity checks)
- Bootloader-driven rootfs image update process (image swap, boot count)
- Boot firmware update process
- Integration with different Open Source management servers
- Secure software distribution (TUF) implementation
- Watchdog best practices / boot image validation
- Investigate cross-compatibility extensions in existing solutions
- i.e. Mender support in SWUpdate?
- casync (chunk-based image support in AGL
Relevant conference presentations
- ELC-E 2017
- FOSDEM 2017
- Uptane, Automotive-focused update framework
- TUF - The update framework
- NCC security assessments: Kolide TUF Client, Docker Notary, osquery
- When the going gets tough, get TUF going
Relevant information
- Cloud Native Compute Foundation announces Notary and TUF specification adoption
- Uptane: One of Popular Science's top 100 technologies of the year
- ostree's documentation of related projects
- Update systems listed in the Yocto Project
Reference implementations
- AGL has a meta-sota layer that is an implementation - agl-sota