Secure Software Update for Embedded Devices with SWUpdate and TUF – Koshiro Onuki, Toshiba Corp
Secure Software Update for Embedded Devices with SWUpdate and TUF – Koshiro Onuki, Toshiba Corporation
Embedded devices for industrial and civil infrastructure require software updates. This is a very important process that ensures safety and efficiency. For this update process, SWUpdate, which is used in many embedded devices, can be used. SWUpdate uses “update images” for updating. There are various methods for downloading and applying them. Not only local updates, but also OTA updates can be used to efficiently update multiple embedded devices at once. However, when downloading images from remote server, security measures must be put in place to protect against malicious attacks and interference. SWUpdate provides basic security by verifying signatures, but it does not cover all possible threats. Therefore, we thought that introducing a framework called TUF (The Update Framework) could reduce the risk. TUF is a flexible framework that helps maintain the security of software update systems. TUF enhances security by protecting against known attacks and mitigating the impact of key compromises. In this presentation, we will examine how to introduce the generation and verification of metadata that conforms to the TUF specification to enhance the security of SWUpdate during an OTA update. We mainly focus on ensuring that devices receive accurate and reliable images. In addition, we will also demonstrate using SWUpdate, TUF (python-tuf) and wfx, a lightweight workflow executor.
by The Linux Foundation
linux foundation
