RAUC v1.1 Released
Just before the beautiful shine of the new has fully disappeared from RAUC 1.0, it is now time to bring out a new release: v1.1.
This release comes with some remarkable memory leakage fixes you should not miss.
As new features, we now have full support for reading GRUB2 status like we had for the other bootloader implementations already.
A minor feature but quite useful for debugging certificate issues is the new ability to use --dump-cert without requiring successful verification.
Especially system integrators may like the support for using multiple keyring certificates from a directory. This will avoid conflicts when installing multiple certificates from different build system packages.
As a result of various community feedback and discussion, this release adds a bunch of documentation updates targeting potential misunderstandings and explains some unclear topics in more detail.
We would like to say thank you to everyone who tested for v1.1, reported issues or contributed new features!
For those using A+B+recovery setups where A+B are controlled via the default boot selection logic and recovery is booted as fallback without this mechanism, RAUC also allows specifying the booted slot's name (not only the bootname) via commandline (e.g. rauc.slot=recovery.0).
Thanks to all contributors since v1.0: Angus Lees, Arnaud Rebillout, Beralt Meppelink, Enrico Jörns, Evan Edstrom, Ian Abbott, Jan Lübbe, Michael Heimpold, Rasmus Villemoes, Ulrich Ölmann, Vitaly Ogoltsov
Back in 2018, rauc-hawkbit-updater was started by Prevas A/S as a C/GLib port of our rauc-hawkbit Python prototype (also called RAUC hawkBit Client) that was mainly developed for showcases and to serve as a demonstration and evaluation platform for others.
Being able to robustly and securely update embedded systems and IoT devices in the field is a key requirement of every product today. The update framework RAUC is the basis for a modern and future-proof solution. In this showcase we present the basic principles of a fail-safe update system and how Pengutronix can support you with implement this for your platform.
This release fixes a vulnerability in RAUC that can be exploited under certain circumstances to achieve a local privilege escalation. It provides both a mitigation for the vulnerability when using the existing bundle format as well as a new bundle format that uses dm-verity to continuously authenticate the update data while it is installed.