RAUC v0.1.1 released
RAUC is making progress, and my colleagues Enrico Jörns and Jan Lübbe finally pushed out a new release today that reflects what happened during the last months. Updating embedded linux systems in the field in a secure and robust way becomes more and more important; we had many interesting talks with our customers during the last time, and some of the new ideas are already finding their way into the codebase. However, there is still a lot of work ahead, and if you have more ideas, either drop us a note on the community channels, send patches or github pull requests, or ask for commercial help!
Back in 2018, rauc-hawkbit-updater was started by Prevas A/S as a C/GLib port of our rauc-hawkbit Python prototype (also called RAUC hawkBit Client) that was mainly developed for showcases and to serve as a demonstration and evaluation platform for others.
Being able to robustly and securely update embedded systems and IoT devices in the field is a key requirement of every product today. The update framework RAUC is the basis for a modern and future-proof solution. In this showcase we present the basic principles of a fail-safe update system and how Pengutronix can support you with implement this for your platform.
This release fixes a vulnerability in RAUC that can be exploited under certain circumstances to achieve a local privilege escalation. It provides both a mitigation for the vulnerability when using the existing bundle format as well as a new bundle format that uses dm-verity to continuously authenticate the update data while it is installed.