Articles by Enrico Jörns
In its current master branch, RAUC now supports encrypted Bundles. This tutorial will introduce you to the basics of using encryption in RAUC and show how to use it in a simplified Yocto setup with the meta-rauc Layer.
RAUC is an update framework for safely deploying verified updates on your embedded Linux devices. It ensures atomicity of the update process to protect from sudden power outages, hardware failures, etc. So, why would one like to run RAUC on an emulated platform?
Back in 2018, rauc-hawkbit-updater was started by Prevas A/S as a C/GLib port of our rauc-hawkbit Python prototype (also called RAUC hawkBit Client) that was mainly developed for showcases and to serve as a demonstration and evaluation platform for others.
Being able to robustly and securely update embedded systems and IoT devices in the field is a key requirement of every product today. The update framework RAUC is the basis for a modern and future-proof solution. In this showcase we present the basic principles of a fail-safe update system and how Pengutronix can support you with implement this for your platform.
This release fixes a vulnerability in RAUC that can be exploited under certain circumstances to achieve a local privilege escalation. It provides both a mitigation for the vulnerability when using the existing bundle format as well as a new bundle format that uses dm-verity to continuously authenticate the update data while it is installed.
It's been 3 weeks ago now since the tag for RAUC 1.4 was created. But it is vacation time and so we have a good excuse for communicating things with some delay. Fortunately, the media team is back now and so also those of you who haven't noticed the new release yet will be informed about notable changes.
In 2020, things tend to be a bit different from what we had before. This is also true for this year's Embedded Linux Conference in North America. The need for keeping physical distance required the Linux Foundation to switch form a real conference to a fully virtual one.
The Corona crisis is a challenge that has hit many people as well as most companies quite unexpectedly. The entire team of Pengutronix wants to thank those that currently ensure our essential supplies, health system and civil infrastructure!
Yesterday, Embedded World started, in normal times one of the largest trade shows for embedded development in Europe. While many exhibitors (and thus maybe also lots of visitors) have canceled their presence due to the coronavirus, we present our booth and our demo show cases as usual.
FOSDEM is one of the biggest Open Source community meetings in Europe and takes place in Brussels at the Université Libre de Bruxelles every year in February. For Pengutronix this is always a good chance to meet developers, discuss current topics and enjoy some Belgian beer and food. This year we attended FOSDEM with 15 colleagues. Here are some talks our colleagues recommend you to see.
This year, co-located to the FOSDEM in Brussels, the first OpenEmbedded workshop was held. About 30 OpenEmbedded (and Yocto Project) enthusiasts - from the developers of the first hour to those still collecting their first experiences - got together at the DigitYser tech hub in Brussels. Pengutronix attended with their two developers most involved in OpenEmbedded: Jan Lübbe and Enrico Jörns.
In this blog post I would like to address the challenges of performing unattended and verified updates of embedded Linux systems in the field using open source software and workflows. While updating is not a end in itself, a second part of my considerations goes even further and also works out the necessities and possible workflows for keeping the software stack of a project up to date and thus either preventing security issues or at least enabling a short reaction time in case of severe CVE'S discovered.
As in the previous years a bunch of Pengutronix developers attended the FOSDEM Open Source conference in Brussels to stay up-to-date with the latest developments in the context of embedded Linux, graphics and media, electronics and lots of other interesting topics.
The RAUC team is proud to announce that we've just released RAUC v0.3! Again, we have worked a lot on stability and support for more and more use cases. RAUC now supports pure UEFI-based booting on x86, multiple board variants in the same bundle, intermediate certificates and enhanced feedback from the boot selection layer.
OTA field updates are a common requirement in modern embedded device deployments. The larger the amount of devices to control, the more important is having a good infrastructure that is reliable in updating and smart in rolling out the software.