misc: Update Slides

- Update Concepts (redundant, rescue)
- Update Processing (swupdate)
- Deployment (Hawkbit)

Signed-off-by: Holger Dengler <dengler@linutronix.de>

7 files changed, 447 insertions, 0 deletions

diff --git a/misc/Kconfig b/misc/Kconfig
index bd62193..cf1e7dd 100644
--- a/misc/Kconfig
+++ b/misc/Kconfig
@@ -28,3 +28,9 @@ config MISC_IPC
 	default n
 	help
 	 Presenation about available IPC mechanisms.
+
+config MISC_UPDATE
+	bool "Update"
+	default n
+	help
+	 Presenation about embedded Update concepts
diff --git a/misc/Makefile b/misc/Makefile
index 18bde4e..9c631ed 100644
--- a/misc/Makefile
+++ b/misc/Makefile
@@ -3,3 +3,4 @@ obj-$(CONFIG_MISC_ZYNQ) += pres_zynq_en.pdf
 obj-$(CONFIG_MISC_MINICOREDUMPER) += pres_minicoredumper_en.pdf
 obj-$(CONFIG_MISC_BEST) += pres_best_en.pdf
 obj-$(CONFIG_MISC_IPC) += pres_ipc_en.pdf
+obj-$(CONFIG_MISC_UPDATE) += pres_update.pdf
diff --git a/misc/frm_update_concepts.tex b/misc/frm_update_concepts.tex
new file mode 100644
index 0000000..28aaca9
--- /dev/null
+++ b/misc/frm_update_concepts.tex
@@ -0,0 +1,147 @@
+% ----------------------------
+\section{Update Concepts}
+\subsection{Introduction}
+
+% ----------------------------
+\begin{frame}{General}
+\begin{itemize}
+\item Why are updates necessary?
+ \begin{itemize}
+ \item Functionality (new features)
+ \item Up-to-date (problem fixes, configuration)
+ \item Root-of-trust (Certificates et.al.)
+ \end{itemize}
+\item Common Issues with Updates:
+ \begin{itemize}
+ \item Reduced Resources
+ \item Unreliable Communication
+ \item Failed or Incomplete Updates
+ \item Integrity of Updates
+ \item No "One-size-fits-all"-Solution
+ \end{itemize}
+\item Update concepts are mandatory for Embedded Systems!
+\end{itemize}
+\end{frame}
+
+% ----------------------------
+\begin{frame}{General Requirements}
+\begin{itemize}
+\item Security
+ \begin{itemize}
+ \item Ensure Update Integrity
+ \item Prevent Malicious Code Injection
+ \item Usage of Encryption Standards
+ \end{itemize}
+\item Reliability
+ \begin{itemize}
+ \item Handle failed or incomplete Updates
+ \end{itemize}
+\item Flexibility
+ \begin{itemize}
+ \item Adaptable to changing Needs
+ \item Adaptable to Target Requirements
+ \item Adaptable to System Environment
+ \end{itemize}
+\item Scalability
+ \begin{itemize}
+ \item Number of Targets
+ \item Target Size
+ \item Target Connectivity
+ \end{itemize}
+\end{itemize}
+\end{frame}
+
+% ----------------------------
+\subsection{Redundant System}
+
+% ----------------------------
+\begin{frame}{Overview}
+\begin{center}
+\includegraphics[height=0.7\textheight]{images/update_redundant_overview.png}
+\end{center}
+\end{frame}
+
+% ----------------------------
+\begin{frame}{Process Update}
+\begin{center}
+\includegraphics[width=5cm]{images/update_redundant_upd_process.png}
+\end{center}
+\end{frame}
+
+% ----------------------------
+\begin{frame}{Confirm Update}
+\begin{center}
+\includegraphics[width=5cm]{images/update_redundant_upd_confirm.png}
+\end{center}
+\end{frame}
+
+% ----------------------------
+\begin{frame}{Features}
+\begin{itemize}
+\item Always working (and updateable) System
+\item Single Root-Filesystem Layout
+\item Single Reboot per Update
+\item Pros:
+ \begin{itemize}
+ \item Fallback: Production Environment
+ \item only one Reboot per Update required
+ \item better Integration with Application
+ \end{itemize}
+\item Cons:
+ \begin{itemize}
+ \item Space Requirements
+ \end{itemize}
+\end{itemize}
+\end{frame}
+
+% ----------------------------
+\subsection{Rescue System}
+
+% ----------------------------
+\begin{frame}{Overview}
+\begin{center}
+\includegraphics[height=0.7\textheight]{images/update_rescue_overview.png}
+\end{center}
+\end{frame}
+
+% ----------------------------
+\begin{frame}{Prepare Update}
+\begin{center}
+\includegraphics[width=5cm]{images/update_rescue_upd_prepare.png}
+\end{center}
+\end{frame}
+
+% ----------------------------
+\begin{frame}{Process Update}
+\begin{center}
+\includegraphics[width=5cm]{images/update_rescue_upd_process.png}
+\end{center}
+\end{frame}
+
+% ----------------------------
+\begin{frame}{Confirm Update}
+\begin{center}
+\includegraphics[width=5cm]{images/update_rescue_upd_confirm.png}
+\end{center}
+\end{frame}
+
+% ----------------------------
+\begin{frame}{Features}
+\begin{itemize}
+\item Always updateable System
+\item Separate Root-Filesystem Layout
+\item Full Linux functionality (NAND, USB, WiFi, etc) for Rescue
+\item Pros:
+ \begin{itemize}
+ \item Space Requirements
+ \item Restricted HW Access in (connected) Production System
+ \item Full HW Access in (disconnected) Rescue System
+ \end{itemize}
+\item Cons.:
+ \begin{itemize}
+ \item two Reboots per Update
+ \item no/reduced Application Support during Update
+ \item no Fallback to working System
+ \end{itemize}
+\end{itemize}
+\end{frame}
diff --git a/misc/frm_update_deploy.tex b/misc/frm_update_deploy.tex
new file mode 100644
index 0000000..ac22405
--- /dev/null
+++ b/misc/frm_update_deploy.tex
@@ -0,0 +1,78 @@
+% ----------------------------
+\section{Deploy Updates}
+\subsection{Device-local}
+
+% ----------------------------
+\begin{frame}{swupdate local Deployment Interfaces}
+\begin{itemize}
+\item Direct Update Processing
+ \begin{itemize}
+ \item simple and fast (Commandline)
+ \item scriptable
+ \item for Development/Test
+ \end{itemize}
+\item Socket-based Interface
+ \begin{itemize}
+ \item flexible
+ \item defined client API
+ \item direct Integration in Customer Applications
+ \end{itemize}
+\end{itemize}
+\end{frame}
+
+% ----------------------------
+\subsection{Network}
+
+% ----------------------------
+\begin{frame}{internal Web}
+\begin{itemize}
+\item Direct Update Pull
+ \begin{itemize}
+ \item simple and fast (Commandline)
+ \item pull Update from Server URL
+ \item for Device-triggered Pull
+ \end{itemize}
+\item internal Web Server
+ \begin{itemize}
+ \item simple Web UI
+ \item Push Updates
+ \item New: better WebApp Support
+ \end{itemize}
+\end{itemize}
+\end{frame}
+
+% ----------------------------
+\subsection{Server-based}
+
+% ----------------------------
+\begin{frame}{Hawkbit (Server)}
+\begin{itemize}
+\item Hawkbit Project
+ \begin{itemize}
+ \item Open Source (Eclipse Public License 1.0)
+ \item Ecplipse Project
+ \item Initiated by Bosch Software Innovations GmbH
+ \end{itemize}
+\item Features
+ \begin{itemize}
+ \item server-based Graphical Interface
+ \item multiple Protocol Adapter Support
+ \item flexible Rollout Management
+ \item RESTful Management API
+ \end{itemize}
+\item Device Management
+ \begin{itemize}
+ \item Database driven
+ \item Device Groups
+ \item Filters
+ \item Bulk-Deploy
+ \end{itemize}
+\end{itemize}
+\end{frame}
+
+% ----------------------------
+\begin{frame}{Hawkbit Web UI}
+\begin{center}
+\includegraphics[width=10cm]{images/update_hawkbit_screen.png}
+\end{center}
+\end{frame}
diff --git a/misc/frm_update_process.tex b/misc/frm_update_process.tex
new file mode 100644
index 0000000..e6250f2
--- /dev/null
+++ b/misc/frm_update_process.tex
@@ -0,0 +1,145 @@
+% ----------------------------
+\section{Process Updates}
+\subsection{swupdate}
+
+% ----------------------------
+\begin{frame}{Overview}
+\begin{center}
+\includegraphics[width=8cm]{images/update_swupdate_overview.png}
+\end{center}
+\end{frame}
+
+% ----------------------------
+\begin{frame}{Features I}
+\begin{itemize}
+\item Open-Source (GPLv2)
+\item Bootloader, OS, FPGA images
+\item Streamable Updates
+\item Multi-Target Updates
+\item Powerfail Safe
+\item Crypto Support
+ \begin{itemize}
+ \item Image signing (Integrity)
+ \item Image encryption (Protection)
+ \end{itemize}
+\item Fully Customizable
+\item Extendable
+\end{itemize}
+\end{frame}
+
+% ----------------------------
+\begin{frame}{Features II}
+\begin{itemize}
+\item build-in Handlers
+ \begin{itemize}
+ \item raw
+ \item File-based
+ \item MTD
+ \item UBI
+ \end{itemize}
+\item build-in Deployment Interfaces
+ \begin{itemize}
+ \item Local Files
+ \item Network (pull)
+ \item Web Interface (push)
+ \item hawkbit Deployment Server (push)
+ \end{itemize}
+\end{itemize}
+\end{frame}
+
+% ----------------------------
+\subsection{Streaming}
+
+% ----------------------------
+\begin{frame}{Update Container}
+\begin{itemize}
+\item Update Container Format:
+ \begin{itemize}
+ \item serialized
+ \item streamable
+ \item 1st Element: Description
+ \item 2nd Element: Description Signature
+ \end{itemize}
+\item Description Elements
+ \begin{itemize}
+ \item Image Format
+ \item Image Size
+ \item Image Hash
+ \item Install Target
+ \item Install Handler
+ \end{itemize}
+\end{itemize}
+\end{frame}
+
+% ----------------------------
+\begin{frame}{Update Container Format}
+\begin{columns}[onlytextwidth]
+ \begin{column}{0.45\textwidth}
+ \begin{itemize}
+ \item File Format: cpio
+  \begin{itemize}
+  \item open file format
+  \item widely used
+  \item indexed
+  \item good tooling support
+  \item supports seek (e.g for Streaming)
+  \end{itemize}
+ \end{itemize}
+ \end{column}
+ \begin{column}{0.45\textwidth}
+  \begin{center}
+  \includegraphics[height=0.7\textheight]{images/update_swupdate_format.png}
+  \end{center}
+ \end{column}
+\end{columns}
+\end{frame}
+
+% ----------------------------
+\subsection{Security}
+
+% ----------------------------
+\begin{frame}{Update Verification}
+\begin{itemize}
+\item Update Signature Verification Enforcement
+\item Signature ensures Integrity of Update Description
+ \begin{itemize}
+ \item Integrity Verification early in Update Process
+ \item hash-based Image and Script Validation
+ \item No Image Download on Integrity failures
+ \end{itemize}
+\end{itemize}
+\end{frame}
+
+% ----------------------------
+\begin{frame}[fragile]
+\frametitle{Signed Update Layout}
+\begin{beamerboxesrounded}[shadow=true]{sw-description}
+\begin{scriptsize}
+\begin{verbatim}
+[...]
+stable =
+{
+  sys_a =
+  {
+    images =
+    (
+      {
+        filename = "rfs.ext3.gz";
+        sha256 = "32df9a4057c858abd2ce64b8bffd2722bd2502d257f221b15295bd9fb85c325b";
+        [...]
+      }
+    );
+    scripts =
+    (
+      {
+        filename = "10_markB.sh";
+        sha256 = "cbe23f93b00fb758690fc09867c9758b74a15d10522bcc5a4a51f881d2dde0a6";
+        type = "postinstall";
+      }
+    );
+  };
+[...]
+\end{verbatim}
+\end{scriptsize}
+\end{beamerboxesrounded}
+\end{frame}
diff --git a/misc/frm_update_summary.tex b/misc/frm_update_summary.tex
new file mode 100644
index 0000000..c9e5733
--- /dev/null
+++ b/misc/frm_update_summary.tex
@@ -0,0 +1,36 @@
+% ----------------------------
+\section*{}
+\subsection*{Summary}
+
+% ----------------------------
+\begin{frame}{Conclusion}
+\begin{itemize}
+\item Adaptable to your Needs
+\item Open for Integration
+\item Support for strong Cryptography Standards
+ \begin{itemize}
+ \item Hash: sha2 ff.
+ \item Asymetric: RSA, EC
+ \end{itemize}
+\item Open Source Components
+ \begin{itemize}
+ \item Flexibility
+ \item Review
+ \item Protect your Investments
+ \end{itemize}
+\item Small Footprint on Device
+\item Powerful Back-End
+\end{itemize}
+Do not re-invent the wheel - use existing Tools!
+\end{frame}
+
+% ----------------------------
+\subsection*{}
+
+% ----------------------------
+\begin{frame}{Resources}
+\begin{itemize}
+\item \url{http://sbabic.github.io/swupdate/}
+\item \url{https://www.eclipse.org/hawkbit/}
+\end{itemize}
+\end{frame}
diff --git a/misc/pres_update.tex b/misc/pres_update.tex
new file mode 100644
index 0000000..5621007
--- /dev/null
+++ b/misc/pres_update.tex
@@ -0,0 +1,34 @@
+\input{configpres}
+
+\AtBeginSection[] {
+\begin{frame}<beamer>
+\tableofcontents[currentsection]
+\end{frame}
+}
+
+% ----------------------------
+\title{Update}
+\subtitle{Secure Update for Embedded Devices}
+\maketitle
+
+% ----------------------------
+\begin{frame}{Overview}
+\tableofcontents
+\end{frame}
+
+% ----------------------------
+\input{misc/frm_update_concepts.tex}
+
+% ----------------------------
+\input{misc/frm_update_process.tex}
+
+% ----------------------------
+\input{misc/frm_update_deploy.tex}
+
+% ----------------------------
+\input{misc/frm_update_summary.tex}
+
+% ----------------------------
+\section*{}
+\subsection*{}
+\input{tailpres}