Recent DDoS attacks powered by embedded devices have finally discredited the old excuse that security is not important: security support (and thus software updates) is suddenly a required feature.
Often, physical access to these devices is limited and there is no administrator who can fix issues manually. Thus, performing updates is an operation with a critical design goal: Never brick the device!
This talk gives an overview of the surprisingly complex requirements and common pitfalls for a generic update mechanism by comparing several existing approaches. Also, our reasons for implementing (yet another) tool and the reasoning behind the design choices are explained.
Using RAUC and other open source update tools as examples, requirements, limitations and possible pitfalls in the process of designing and implementing a redundancy and update infrastructure will be presented. You will also get a brief overview over RAUCs design and abstraction of the underlying system that allows to manage both simple asymmetric setups consisting of a full system and an initramfs-based recovery system as well as complex setups with multiple root filesystems, application and data storage partitions.
Speakers: Enrico Jörns