RAUC v0.1.1 released
RAUC is making progress, and my colleagues Enrico Jörns and Jan Lübbe finally pushed out a new release today that reflects what happened during the last months. Updating embedded linux systems in the field in a secure and robust way becomes more and more important; we had many interesting talks with our customers during the last time, and some of the new ideas are already finding their way into the codebase. However, there is still a lot of work ahead, and if you have more ideas, either drop us a note on the community channels, send patches or github pull requests, or ask for commercial help!
Being able to robustly and securely update embedded systems and IoT devices in the field is a key requirement of every product today. The update framework RAUC is the basis for a modern and future-proof solution. In this showcase we present the basic principles of a fail-safe update system and how Pengutronix can support you with implement this for your platform.
This release fixes a vulnerability in RAUC that can be exploited under certain circumstances to achieve a local privilege escalation. It provides both a mitigation for the vulnerability when using the existing bundle format as well as a new bundle format that uses dm-verity to continuously authenticate the update data while it is installed.
It's been 3 weeks ago now since the tag for RAUC 1.4 was created. But it is vacation time and so we have a good excuse for communicating things with some delay. Fortunately, the media team is back now and so also those of you who haven't noticed the new release yet will be informed about notable changes.