Articles by Enrico Jörns
Being able to robustly and securely update embedded systems and IoT devices in the field is a key requirement of every product today. The update framework RAUC is the basis for a modern and future-proof solution. In this showcase we present the basic principles of a fail-safe update system and how Pengutronix can support you with implement this for your platform.
This release fixes a vulnerability in RAUC that can be exploited under certain circumstances to achieve a local privilege escalation. It provides both a mitigation for the vulnerability when using the existing bundle format as well as a new bundle format that uses dm-verity to continuously authenticate the update data while it is installed.
It's been 3 weeks ago now since the tag for RAUC 1.4 was created. But it is vacation time and so we have a good excuse for communicating things with some delay. Fortunately, the media team is back now and so also those of you who haven't noticed the new release yet will be informed about notable changes.
In 2020, things tend to be a bit different from what we had before. This is also true for this year's Embedded Linux Conference in North America. The need for keeping physical distance required the Linux Foundation to switch form a real conference to a fully virtual one.
The Corona crisis is a challenge that has hit many people as well as most companies quite unexpectedly. The entire team of Pengutronix wants to thank those that currently ensure our essential supplies, health system and civil infrastructure!
Yesterday, Embedded World started, in normal times one of the largest trade shows for embedded development in Europe. While many exhibitors (and thus maybe also lots of visitors) have canceled their presence due to the coronavirus, we present our booth and our demo show cases as usual.
FOSDEM is one of the biggest Open Source community meetings in Europe and takes place in Brussels at the Université Libre de Bruxelles every year in February. For Pengutronix this is always a good chance to meet developers, discuss current topics and enjoy some Belgian beer and food. This year we attended FOSDEM with 15 colleagues. Here are some talks our colleagues recommend you to see.
This year, co-located to the FOSDEM in Brussels, the first OpenEmbedded workshop was held. About 30 OpenEmbedded (and Yocto Project) enthusiasts - from the developers of the first hour to those still collecting their first experiences - got together at the DigitYser tech hub in Brussels. Pengutronix attended with their two developers most involved in OpenEmbedded: Jan Lübbe and Enrico Jörns.
In this blog post I would like to address the challenges of performing unattended and verified updates of embedded Linux systems in the field using open source software and workflows. While updating is not a end in itself, a second part of my considerations goes even further and also works out the necessities and possible workflows for keeping the software stack of a project up to date and thus either preventing security issues or at least enabling a short reaction time in case of severe CVE'S discovered.
On June, 27th, while the sun was relentlessly heating up Germany as hardly every before, above 50 employees from many companies came together in a well air-conditioned room in the TP ConferenceCenter in Heidelberg. All operating in different fields of application but all involved in embedded systems and all interested to learn something new about security and deploying software updates.
As in the previous years a bunch of Pengutronix developers attended the FOSDEM Open Source conference in Brussels to stay up-to-date with the latest developments in the context of embedded Linux, graphics and media, electronics and lots of other interesting topics.
The RAUC team is proud to announce that we've just released RAUC v0.3! Again, we have worked a lot on stability and support for more and more use cases. RAUC now supports pure UEFI-based booting on x86, multiple board variants in the same bundle, intermediate certificates and enhanced feedback from the boot selection layer.
OTA field updates are a common requirement in modern embedded device deployments. The larger the amount of devices to control, the more important is having a good infrastructure that is reliable in updating and smart in rolling out the software.