Pengutronix at FOSDEM 2018
As in the previous years a bunch of Pengutronix developers attended the FOSDEM Open Source conference in Brussels to stay up-to-date with the latest developments in the context of embedded Linux, graphics and media, electronics and lots of other interesting topics.
With his talk Facing the Challenges of Updating Complex Systems Pengutronix developer Enrico Jörns looked at the updating topic beyond the basic considerations about redundancy, atomicity, simple verification and A/B setups that are luckily solved by most nowadays Open Source updating frameworks such as RAUC.
Instead, he pointed out, designing a robust update system does not mean assembling unrelated building blocks but instead requires fine-tuned configuration of all system components from the bootloader to the deployment software to smoothly interact.
While installing updates itself is solved by standard frameworks by now, handling target selection in the bootloader still requires error-prone custom scripting in many cases. With bootchooser Pengutronix brought a framework for this to the Barebox bootloader, making it an ideal candidate for redundant system designs. Enrico also noted that UEFI provides a similar mechanism with its boot target handling as well.
One of the other noteworthy topics covered in his talk was the possible benefit of using the casync content chunking tool for embedded system updates over limited data connections. With this, it is possible to reuse local data chunks that are identical between the update and the current system and download only those which differ over the network connection. Thus, future versions of RAUC will support casync-based bundles.
Thanks to the folks from OpenEmbedded we were able to bring our over-the-air updating demo to their stand at FOSDEM. This was a great opportunity for us to discuss with hackers from all different fields of interest about reproducible embedded system builds and the closely related importance of safe and secure update strategies in a growing world of embedded and IoT devices.
Beside our popular black pencils also our new Pengutronix penguin stickers and project/job cards that we got ready right in time before FOSDEM enjoyed great popularity.
Thanks to the entire FOSDEM team for organization, support and video recordings!
Wir wollen zum Bundesweiten Digitaltag am 18.6.2021 das Thema "Smarte Städte" ein bisschen von der technischen Seite beleuchten, aber keine Angst: es bleibt für alle verständlich.
Distributionen wie Raspbian lassen die passgenaue Zusammenstellung eines Betriebssystems kinderleicht aussehen. Image herunterladen, Pakete installieren, noch ein paar Änderungen - fertig. Alles wie auf dem Laptop oder Server. Warum ein Betriebssystem aus einer klassischen Distribution im Produkt-Kontext zur Katastrophe führen kann, beleuchtet der Vortrag "Raspbian vs. Build-Systeme: Das richtige Werkzeug für solide Produkte".
Being able to robustly and securely update embedded systems and IoT devices in the field is a key requirement of every product today. The update framework RAUC is the basis for a modern and future-proof solution. In this showcase we present the basic principles of a fail-safe update system and how Pengutronix can support you with implement this for your platform.
"FOSDEM is a free event for software developers to meet, share ideas and collaborate. Every year, thousands of developers of free and open source software from all over the world gather at the event in Brussels. In 2021, they will gather online." -- FOSDEM
This release fixes a vulnerability in RAUC that can be exploited under certain circumstances to achieve a local privilege escalation. It provides both a mitigation for the vulnerability when using the existing bundle format as well as a new bundle format that uses dm-verity to continuously authenticate the update data while it is installed.
Now that, due to the COVID-19 pandemic, everyone has gotten used to digitalisation and online conferences - it has never been easier to organise a conference and bring together all experts and interested parties for a few hours of intensive exchange of ideas on a certain topic.
It's been 3 weeks ago now since the tag for RAUC 1.4 was created. But it is vacation time and so we have a good excuse for communicating things with some delay. Fortunately, the media team is back now and so also those of you who haven't noticed the new release yet will be informed about notable changes.
In this blog post I would like to address the challenges of performing unattended and verified updates of embedded Linux systems in the field using open source software and workflows. While updating is not a end in itself, a second part of my considerations goes even further and also works out the necessities and possible workflows for keeping the software stack of a project up to date and thus either preventing security issues or at least enabling a short reaction time in case of severe CVE'S discovered.