blob: e6250f215523d114e1b35a5ebdce50039c32c19f (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
|
% ----------------------------
\section{Process Updates}
\subsection{swupdate}
% ----------------------------
\begin{frame}{Overview}
\begin{center}
\includegraphics[width=8cm]{images/update_swupdate_overview.png}
\end{center}
\end{frame}
% ----------------------------
\begin{frame}{Features I}
\begin{itemize}
\item Open-Source (GPLv2)
\item Bootloader, OS, FPGA images
\item Streamable Updates
\item Multi-Target Updates
\item Powerfail Safe
\item Crypto Support
\begin{itemize}
\item Image signing (Integrity)
\item Image encryption (Protection)
\end{itemize}
\item Fully Customizable
\item Extendable
\end{itemize}
\end{frame}
% ----------------------------
\begin{frame}{Features II}
\begin{itemize}
\item build-in Handlers
\begin{itemize}
\item raw
\item File-based
\item MTD
\item UBI
\end{itemize}
\item build-in Deployment Interfaces
\begin{itemize}
\item Local Files
\item Network (pull)
\item Web Interface (push)
\item hawkbit Deployment Server (push)
\end{itemize}
\end{itemize}
\end{frame}
% ----------------------------
\subsection{Streaming}
% ----------------------------
\begin{frame}{Update Container}
\begin{itemize}
\item Update Container Format:
\begin{itemize}
\item serialized
\item streamable
\item 1st Element: Description
\item 2nd Element: Description Signature
\end{itemize}
\item Description Elements
\begin{itemize}
\item Image Format
\item Image Size
\item Image Hash
\item Install Target
\item Install Handler
\end{itemize}
\end{itemize}
\end{frame}
% ----------------------------
\begin{frame}{Update Container Format}
\begin{columns}[onlytextwidth]
\begin{column}{0.45\textwidth}
\begin{itemize}
\item File Format: cpio
\begin{itemize}
\item open file format
\item widely used
\item indexed
\item good tooling support
\item supports seek (e.g for Streaming)
\end{itemize}
\end{itemize}
\end{column}
\begin{column}{0.45\textwidth}
\begin{center}
\includegraphics[height=0.7\textheight]{images/update_swupdate_format.png}
\end{center}
\end{column}
\end{columns}
\end{frame}
% ----------------------------
\subsection{Security}
% ----------------------------
\begin{frame}{Update Verification}
\begin{itemize}
\item Update Signature Verification Enforcement
\item Signature ensures Integrity of Update Description
\begin{itemize}
\item Integrity Verification early in Update Process
\item hash-based Image and Script Validation
\item No Image Download on Integrity failures
\end{itemize}
\end{itemize}
\end{frame}
% ----------------------------
\begin{frame}[fragile]
\frametitle{Signed Update Layout}
\begin{beamerboxesrounded}[shadow=true]{sw-description}
\begin{scriptsize}
\begin{verbatim}
[...]
stable =
{
sys_a =
{
images =
(
{
filename = "rfs.ext3.gz";
sha256 = "32df9a4057c858abd2ce64b8bffd2722bd2502d257f221b15295bd9fb85c325b";
[...]
}
);
scripts =
(
{
filename = "10_markB.sh";
sha256 = "cbe23f93b00fb758690fc09867c9758b74a15d10522bcc5a4a51f881d2dde0a6";
type = "postinstall";
}
);
};
[...]
\end{verbatim}
\end{scriptsize}
\end{beamerboxesrounded}
\end{frame}
|
