RAUC v0.3 Released
The RAUC team is proud to announce that we've just released RAUC v0.3! Again, we have worked a lot on stability and support for more and more use cases. RAUC now supports pure UEFI-based booting on x86, multiple board variants in the same bundle, intermediate certificates and enhanced feedback from the boot selection layer.
- Added support for intermediate certificates, improved bundle resigning and certificate information for hooks. This makes it easier to use a multi-level PKI with separate intermediate certificates for development and releases.
- Added support for image variants, which allow creating a single bundle which supports multiple hardware variants by selecting the matching image from a set contained in the bundle.
- Added support for redundant booting by using EFI boot entries directly.
- Added boot information to rauc status
- Added rauc extract command to extract bundles
- Support detection of the booted slot by using the UUID= and PARTUUID= kernel options.
- Improved the status and error output
- Improved internal error cause propagation
- Fixed boot slot detection for root=<symlink> boot parameters (such as root=/dev/disk/by-path/pci-0000:00:17.0-ata-1-part1)
- Removed redundant image checksum verification during installation.
- Improve robustness and test coverage
- Use gcc-7 for testing
- Added documentation for intermediate certificates, re-signing bundles, image variants and UEFI support
Back in 2018, rauc-hawkbit-updater was started by Prevas A/S as a C/GLib port of our rauc-hawkbit Python prototype (also called RAUC hawkBit Client) that was mainly developed for showcases and to serve as a demonstration and evaluation platform for others.
Being able to robustly and securely update embedded systems and IoT devices in the field is a key requirement of every product today. The update framework RAUC is the basis for a modern and future-proof solution. In this showcase we present the basic principles of a fail-safe update system and how Pengutronix can support you with implement this for your platform.
This release fixes a vulnerability in RAUC that can be exploited under certain circumstances to achieve a local privilege escalation. It provides both a mitigation for the vulnerability when using the existing bundle format as well as a new bundle format that uses dm-verity to continuously authenticate the update data while it is installed.