This training introduces the fundamental concepts behind secure software updates and explains why they are a critical component of a secure software supply chain.

We begin by exploring the requirements introduced by the 🇪🇺 Cyber Resilience Act (CRA), highlighting the obligations placed on manufacturers to ensure that Products with Digital Elements (PDEs) receive secure and timely security updates throughout their lifecycle.

Next, we examine the architecture and threat model of software update systems. We show that update infrastructures face a wide range of sophisticated attacks—such as rollback attacks, freeze attacks, and repository compromises—demonstrating why update mechanisms cannot be secured in a trivial way.

Building on this context, the training introduces The Update Framework, explaining how it protects update systems through:

• clearly defined roles and trust relationships 🔑
• signed metadata describing the state of the repository 📜
• delegations that distribute trust and limit the impact of key compromise
• consistent snapshots that ensure clients observe a coherent view of the repository 📦

Finally, we review the client update workflow, illustrating how clients securely retrieve metadata, verify signatures, detect attacks, and safely download and install software updates.

✨ Together, these concepts provide a practical foundation for designing and implementing secure software update mechanisms that can withstand real-world software supply chain threats and support compliance with modern cybersecurity regulations.

This module sets the foundation for the training by presenting secure software updates as a core obligation under the Cyber Resilience Act. It introduces the regulatory requirements that Products with Digital Elements must meet in terms of update security, integrity, authenticity, and lifecycle resilience. The module also presents a reference software update architecture and discusses the main threats that modern update systems must defend against.

🔗 Go to Module 1 →

This module introduces The Update Framework, a security framework designed to protect software update systems against advanced adversaries. It explains the main concepts of the framework, including its roles, metadata, trust model, and security mechanisms, and shows how it helps build update infrastructures that are resilient to compromise.

🔗 Go to Module 2 →

In this module, participants apply the concepts learned in the previous modules through a hands-on exercise. We use TUF-on-CI, a repository and signing tool based on The Update Framework, to demonstrate how a secure update repository can be created and managed in practice.

🔗 Go to Module 3 →

Distributed under the CC-BY-SA-4.0 License. See LICENSE.TXT for more information.

The CRACY project info@cra-cy.eu

Project Link: https://github.com/excid-io/cra-tuf-training/tree/main

• Initial contribution by ExcID