Difference between revisions of "Secure OTA Update"
(Re-formatting, Adding a List elements a Secure OTA Update system should have and including categories of storage and delivery methods) |
|||
Line 1: | Line 1: | ||
− | + | = Overview = | |
+ | A valid software update system on Linux should provide the following elements | ||
+ | * Atomic updates | ||
+ | ** Stateless system | ||
+ | * Capable of updating all software | ||
+ | ** bootloader | ||
+ | ** kernel | ||
+ | ** user data / configuration | ||
+ | ** rootfs / root file system | ||
+ | * fail-safe, rollback to a previous software state | ||
+ | ** boot/update monitoring (watchdog) with boot confirmation | ||
+ | * Secure download and verification of the image | ||
+ | * Easy to use without vendor lock-in | ||
+ | * Trusted | ||
+ | ** Compliant with and leverages HW elements (TPM/TEE) | ||
− | BoF: Secure OTA Collaboration Slides: https://goo.gl/1EGWkr | + | = Storage and delivery methods = |
+ | * Layered Tarball-based (i.e. [http://docker.com docker]) | ||
+ | * File-based (i.e.[https://ostree.readthedocs.io/en/latest/ libostree]) | ||
+ | * Chunk-based (i.e. [http://0pointer.net/blog/casync-a-tool-for-distributing-file-system-images.html casync]) | ||
+ | * Block-based (i.e. others) | ||
+ | |||
+ | = conference presentations = | ||
+ | 2017 ELC-Europe BoF: Secure OTA Collaboration Slides: https://goo.gl/1EGWkr | ||
Actions: | Actions: | ||
− | - Setup mailing list | + | - Setup mailing list? |
− | + | * initial interest | |
− | + | * Please add your email if you are interested at being involved at the collaboration efforts. | |
− | + | ** alan (at) opensourcefoundries.com | |
− | + | ** peter (at) korsgaard.com | |
− | + | ** ricardo (at) opensourcefoundries.com | |
+ | ** anton (at) advancedtelematic.com |
Revision as of 03:29, 24 October 2017
Overview
A valid software update system on Linux should provide the following elements
- Atomic updates
- Stateless system
- Capable of updating all software
- bootloader
- kernel
- user data / configuration
- rootfs / root file system
- fail-safe, rollback to a previous software state
- boot/update monitoring (watchdog) with boot confirmation
- Secure download and verification of the image
- Easy to use without vendor lock-in
- Trusted
- Compliant with and leverages HW elements (TPM/TEE)
Storage and delivery methods
- Layered Tarball-based (i.e. docker)
- File-based (i.e.libostree)
- Chunk-based (i.e. casync)
- Block-based (i.e. others)
conference presentations
2017 ELC-Europe BoF: Secure OTA Collaboration Slides: https://goo.gl/1EGWkr
Actions:
- Setup mailing list? * initial interest * Please add your email if you are interested at being involved at the collaboration efforts. ** alan (at) opensourcefoundries.com ** peter (at) korsgaard.com ** ricardo (at) opensourcefoundries.com ** anton (at) advancedtelematic.com