Difference between revisions of "Secure OTA Update"
(fix link) |
(→Other) |
||
Line 59: | Line 59: | ||
= Other = | = Other = | ||
− | * [https://groups.google.com/forum/#!forum/ | + | * [https://groups.google.com/forum/#!forum/linuxota Mailing list] |
Latest revision as of 17:07, 15 November 2017
Contents
Overview
A valid software update system on Linux should provide the following elements
- Atomic updates
- Stateless system
- Capable of updating all software
- bootloader
- kernel
- user data / configuration
- rootfs / root file system
- fail-safe, rollback to a previous software state
- boot/update monitoring (watchdog) with boot confirmation
- Secure download and verification of the image
- Easy to use without vendor lock-in
- Trusted
- Compliant with and leverages HW elements (TPM/TEE)
Storage and delivery methods
- Layered Tarball-based (i.e. docker)
- File-based (i.e.libostree)
- Chunk-based (i.e. casync)
- Block-based (i.e. others)
Todo
- Develop guidelines / reference implementations for key stories
- Secure boot
- Trusted execution environment (bootloader update, integrity checks)
- Bootloader-driven rootfs image update process (image swap, boot count)
- Boot firmware update process
- Integration with different Open Source management servers
- Secure software distribution (TUF) implementation
- Watchdog best practices / boot image validation
- Investigate cross-compatibility extensions in existing solutions
- i.e. Mender support in SWUpdate?
- casync (chunk-based image support in AGL
Relevant conference presentations
- ELC-E 2017
- FOSDEM 2017
- Uptane, Automotive-focused update framework
- TUF - The update framework
- NCC security assessments: Kolide TUF Client, Docker Notary, osquery
- When the going gets tough, get TUF going
Relevant information
- Cloud Native Compute Foundation announces Notary and TUF specification adoption
- Uptane: One of Popular Science's top 100 technologies of the year
- ostree's documentation of related projects
- Update systems listed in the Yocto Project
Reference implementations
- AGL has a meta-sota layer that is an implementation - agl-sota