Session Highlight: Secure Boot and Over-the-Air Updates – That’s Simple, No?
The Civil Infrastructure Platform is thrilled to be sponsoring the Linux Foundations’ OpenSource Summit North America Event. In addition to having a virtual booth, CIP reps will be giving several talks as well as hosting the CIP Mini-Summit.
On June 30 from 9:30 to 10:20 am CT, Jan Kiszka with Siemens AG will be giving a talk called, “Secure Boot and Over-the-Air Updates – That’s Simple, No?”
Check out talk details below and read on to learn how to register for the event.
Locking down embedded Linux devices via secure boot is almost solved these day. Combining this with rollback-capable over-the-air updates shouldn’t be hard then. But as often, the devil is in the detail. When he comes out, you can easily end up with an insecure system or one that does not update anymore. Or both.
In this talk, we will present patterns and tools for secure OTA system updates that are being developed in the Software Update Workgroup of the Civil Infrastructure Platform project. We will introduce an OTA pattern consisting of redundant update images that are deployed and managed by SWUpdate and switched by a boot loader. We will discuss the options and implication of securing those images, for the boot process as well as the runtime of the images. Then we will walk through UEFI-based secure boot processes, explain shortcomings of commodity boot loaders are and where to use the embedded boot loader EFI Boot Guard instead. Finally, we will also have a look at plain U-Boot-based setups, discuss if its new UEFI mode can help to unify architectures and explain what to do when it is not available.