RAUC v0.3 Released
The RAUC team is proud to announce that we've just released RAUC v0.3! Again, we have worked a lot on stability and support for more and more use cases. RAUC now supports pure UEFI-based booting on x86, multiple board variants in the same bundle, intermediate certificates and enhanced feedback from the boot selection layer.
- Added support for intermediate certificates, improved bundle resigning and certificate information for hooks. This makes it easier to use a multi-level PKI with separate intermediate certificates for development and releases.
- Added support for image variants, which allow creating a single bundle which supports multiple hardware variants by selecting the matching image from a set contained in the bundle.
- Added support for redundant booting by using EFI boot entries directly.
- Added boot information to rauc status
- Added rauc extract command to extract bundles
- Support detection of the booted slot by using the UUID= and PARTUUID= kernel options.
- Improved the status and error output
- Improved internal error cause propagation
- Fixed boot slot detection for root=<symlink> boot parameters (such as root=/dev/disk/by-path/pci-0000:00:17.0-ata-1-part1)
- Removed redundant image checksum verification during installation.
- Improve robustness and test coverage
- Use gcc-7 for testing
- Added documentation for intermediate certificates, re-signing bundles, image variants and UEFI support
Being able to robustly and securely update embedded systems and IoT devices in the field is a key requirement of every product today. The update framework RAUC is the basis for a modern and future-proof solution. In this showcase we present the basic principles of a fail-safe update system and how Pengutronix can support you with implement this for your platform.
This release fixes a vulnerability in RAUC that can be exploited under certain circumstances to achieve a local privilege escalation. It provides both a mitigation for the vulnerability when using the existing bundle format as well as a new bundle format that uses dm-verity to continuously authenticate the update data while it is installed.
It's been 3 weeks ago now since the tag for RAUC 1.4 was created. But it is vacation time and so we have a good excuse for communicating things with some delay. Fortunately, the media team is back now and so also those of you who haven't noticed the new release yet will be informed about notable changes.