Locking down embedded Linux devices via secure boot is almost solved these day. Combining this with rollback-capable over-the-air updates shouldn't be hard then. But as often, the devil is in the detail. When he comes out, you can easily end up with an insecure system or one that does not update anymore. Or both.
In this talk, we will present patterns and tools for secure OTA system updates that are being developed in the Software Update Workgroup of the Civil Infrastructure Platform project. We will introduce an OTA pattern consisting of redundant update images that are deployed and managed by SWUpdate and switched by a boot loader. We will discuss the options and implication of securing those images, for the boot process as well as the runtime of the images. Then we will walk through UEFI-based secure boot processes, explain shortcomings of commodity boot loaders are and where to use the embedded boot loader EFI Boot Guard instead. Finally, we will also have a look at plain U-Boot-based setups, discuss if its new UEFI mode can help to unify architectures and explain what to do when it is not available.
Jan Kiszka is working as consultant, open source evangelist and Principal Key Expert Engineer in the Linux Expert Center at Siemens Technology. He is supporting Siemens businesses with adapting, enhancing or strategically driving open source as platform for their product demands... Read More →
