diff options
Diffstat (limited to 'misc/frm_update_process.tex')
| -rw-r--r-- | misc/frm_update_process.tex | 145 |
1 files changed, 145 insertions, 0 deletions
diff --git a/misc/frm_update_process.tex b/misc/frm_update_process.tex new file mode 100644 index 0000000..e6250f2 --- /dev/null +++ b/misc/frm_update_process.tex @@ -0,0 +1,145 @@ +% ---------------------------- +\section{Process Updates} +\subsection{swupdate} + +% ---------------------------- +\begin{frame}{Overview} +\begin{center} +\includegraphics[width=8cm]{images/update_swupdate_overview.png} +\end{center} +\end{frame} + +% ---------------------------- +\begin{frame}{Features I} +\begin{itemize} +\item Open-Source (GPLv2) +\item Bootloader, OS, FPGA images +\item Streamable Updates +\item Multi-Target Updates +\item Powerfail Safe +\item Crypto Support + \begin{itemize} + \item Image signing (Integrity) + \item Image encryption (Protection) + \end{itemize} +\item Fully Customizable +\item Extendable +\end{itemize} +\end{frame} + +% ---------------------------- +\begin{frame}{Features II} +\begin{itemize} +\item build-in Handlers + \begin{itemize} + \item raw + \item File-based + \item MTD + \item UBI + \end{itemize} +\item build-in Deployment Interfaces + \begin{itemize} + \item Local Files + \item Network (pull) + \item Web Interface (push) + \item hawkbit Deployment Server (push) + \end{itemize} +\end{itemize} +\end{frame} + +% ---------------------------- +\subsection{Streaming} + +% ---------------------------- +\begin{frame}{Update Container} +\begin{itemize} +\item Update Container Format: + \begin{itemize} + \item serialized + \item streamable + \item 1st Element: Description + \item 2nd Element: Description Signature + \end{itemize} +\item Description Elements + \begin{itemize} + \item Image Format + \item Image Size + \item Image Hash + \item Install Target + \item Install Handler + \end{itemize} +\end{itemize} +\end{frame} + +% ---------------------------- +\begin{frame}{Update Container Format} +\begin{columns}[onlytextwidth] + \begin{column}{0.45\textwidth} + \begin{itemize} + \item File Format: cpio + \begin{itemize} + \item open file format + \item widely used + \item indexed + \item good tooling support + \item supports seek (e.g for Streaming) + \end{itemize} + \end{itemize} + \end{column} + \begin{column}{0.45\textwidth} + \begin{center} + \includegraphics[height=0.7\textheight]{images/update_swupdate_format.png} + \end{center} + \end{column} +\end{columns} +\end{frame} + +% ---------------------------- +\subsection{Security} + +% ---------------------------- +\begin{frame}{Update Verification} +\begin{itemize} +\item Update Signature Verification Enforcement +\item Signature ensures Integrity of Update Description + \begin{itemize} + \item Integrity Verification early in Update Process + \item hash-based Image and Script Validation + \item No Image Download on Integrity failures + \end{itemize} +\end{itemize} +\end{frame} + +% ---------------------------- +\begin{frame}[fragile] +\frametitle{Signed Update Layout} +\begin{beamerboxesrounded}[shadow=true]{sw-description} +\begin{scriptsize} +\begin{verbatim} +[...] +stable = +{ + sys_a = + { + images = + ( + { + filename = "rfs.ext3.gz"; + sha256 = "32df9a4057c858abd2ce64b8bffd2722bd2502d257f221b15295bd9fb85c325b"; + [...] + } + ); + scripts = + ( + { + filename = "10_markB.sh"; + sha256 = "cbe23f93b00fb758690fc09867c9758b74a15d10522bcc5a4a51f881d2dde0a6"; + type = "postinstall"; + } + ); + }; +[...] +\end{verbatim} +\end{scriptsize} +\end{beamerboxesrounded} +\end{frame} |