Comprehensive RAUC Documentation Update
As in many projects, also in RAUC phases of extensive development did often not leave sufficient time to explain the latest changes, new features or at least some basic concepts in an appropriate manner.
As a result, not only useful and helpful features simply go by the board. Also the amount of questions and misunderstanding that might have been prevented by a good documentation increases over the time.
Therefore, Pengutronix decided to take the virtual pen and paper in the hand and extend and improve the RAUC Documentation in many places.
The result of that work is quite impressive if you look at the quantitative impact, for example. Taking the number of characters, the volume of the documentation has increased by almost 80%.
The structure and content of the introductory chapter, that presents an overview of fundamental concepts and ideas behind RAUC to the user has been completely redesigned and complemented by many aspects. In addition, some complex topics were accompanied with vivid graphics.
With the newly created chapter Scenarios some of the most common redundancy setups are discussed while configuration examples point out how to implement them with RAUC.
The important chapters on integration of Barebox and U-Boot were extended by technically more detailed instructions.
Also, a whole series of additional topics have been added, such as dealing with security, generation and handling of certificates, application data handling and migration, bootloader updates, or software deployment.
But, even if there are robust updating frameworks like RAUC, building an individually fitting and robust update concept requires much know-how and accuracy in assembling and configuring the different system components. From the selection of the boot loader over the watchdog set up and handling to the detection of a successfully booted user space various components must closely engage with each other.
With the newly introduced Design Checklist we have therefore developed a basic pamphlet, which (without claim on completeness) covers many general cases and possible pitfalls in the design and the implementation of update concepts.
Being able to robustly and securely update embedded systems and IoT devices in the field is a key requirement of every product today. The update framework RAUC is the basis for a modern and future-proof solution. In this showcase we present the basic principles of a fail-safe update system and how Pengutronix can support you with implement this for your platform.
This release fixes a vulnerability in RAUC that can be exploited under certain circumstances to achieve a local privilege escalation. It provides both a mitigation for the vulnerability when using the existing bundle format as well as a new bundle format that uses dm-verity to continuously authenticate the update data while it is installed.
When designing an embedded system, one must consider both the application and the underlying hardware in combination, if the intended long-term stability is to be achieved. While we discussed the necessity of software updates in previous posts, in this article I describe a way to use a memory subsystem corresponding to its physics to achieve the best retention and lifetime of the whole system.
It's been 3 weeks ago now since the tag for RAUC 1.4 was created. But it is vacation time and so we have a good excuse for communicating things with some delay. Fortunately, the media team is back now and so also those of you who haven't noticed the new release yet will be informed about notable changes.