RAUC v1.5 Released

Jan Lübbe, Enrico Jörns | | RAUC

Download v1.5 release of RAUC

This release fixes a vulnerability in RAUC that can be exploited under certain circumstances to achieve a local privilege escalation. It provides both a mitigation for the vulnerability when using the existing bundle format as well as a new bundle format that uses dm-verity to continuously authenticate the update data while it is installed.

In summary, the vulnerability is that the during installation, the RAUC bundle signature is checked first and then the payload data is used for the installation. If an attacker is able to change or replace the bundle file between the signature check and the actual installation, he can inject his own data.

The vulnerability is tracked as CVE-2020-25860. Please read our security advisory, which contains the background information necessary to evaluate whether your system is affected or not.

Security Fix

To protect against attempts to modify or replace the bundle during installation, RAUC 1.5 takes ownership of bundle files if they are not owned by root and removes write permissions. RAUC then checks that no writable file descriptors are open for the bundle file (using the F_SETLEASE fcntl) and performs all further installation steps using the single file descriptor. This protects against file replacement and concurrent writes to the open bundle.


The rauc/rauc-1.5-integration repository contains examples to simplify integrating the RAUC update into existing projects. You can subscribe to this issue to receive notifications of important updates to this repository and of integration into the upstream build systems.

New Bundle Format

This version introduces the new verity bundle format (the old format is now called plain). The verity format was added to prepare for future use cases (such as network streaming and encryption), for better parallelization of installation with hash verification and to detect modification of the bundle during installation (CVE-2020-25860). The bundle format is detected when reading a bundle and checked against the set of allowed formats configured in the system.conf (see here).

See here for more details on how to switch to the verity format.

Other Enhancements

  • Support resolving the root=PARTLABEL=xxx kernel command line option. (by Gaël PORTAY)
  • Disable the unnecessary SMIMECapabilities information in the bundle signature, saving ~100 bytes.
  • Remove redundant checksum verification for source images during installation. The RAUC bundle is already verified at this point, so there is no need to verify the checksum of each file individually. (by Bastian Krause)

Bug fixes

  • Fix install handler selection for *.img files for boot-* slots when used with casync. (by Martin Schwan)
  • Fix checking for unknown keys in the slot configuration.
  • Fix some corner cases related to stopping the D-Bus daemon.
  • Propagate error if unable to save manifest. (by Stefan Wahren)
  • Apply --handler-args only during installation (and not during bundle creation).


  • Remove unused code for signed manifests (outside of a bundle).
  • Add G_GNUC_WARN_UNUSED_RESULT to many functions to let the compiler verify that the caller uses the functions return value (and thus checks for errors).


Beside some smaller typo and errors fixes, mainly the u-boot integration documentation related to scripting and (fail-save) environment storage was extended and clarified.

Again, thanks to all contributors since v1.4: Bastian Krause, Christoph Steiger, Christopher Obbard, Enrico Jörns, Gaël PORTAY, Jan Lübbe, Martin Schwan, Michael Heimpold, Stefan Wahren, Uwe Kleine-König

Further Readings

Pengutronix at Embedded World 2022

Welcome to our booth at the Embedded World 2022 in Nürnberg!

Tutorial: Start With RAUC Bundle Encryption Using meta-rauc

Enrico Jörns | | RAUC, Yocto, tutorial

In its current master branch, RAUC now supports encrypted Bundles. This tutorial will introduce you to the basics of using encryption in RAUC and show how to use it in a simplified Yocto setup with the meta-rauc Layer.

RAUC v1.6 Released

Enrico Jörns | | rauc

While major changes are about to come, the RAUC v1.6 release already paves the way under the hood. Built-in streaming support will be one of the next features built on top of the 'verity' bundle format in RAUC.