NOTE: The event will be held in Central Daylight Time (CDT), UTC -5.

View More Details for Open Source Summit + Embedded Linux Conference North America 2020
Registration Information.
Back To Schedule
Tuesday, June 30 • 9:30am - 10:20am
Secure Boot and Over-the-Air Updates - That's Simple, No? - Jan Kiszka, Siemens AG

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.
Locking down embedded Linux devices via secure boot is almost solved these day. Combining this with rollback-capable over-the-air updates shouldn't be hard then. But as often, the devil is in the detail. When he comes out, you can easily end up with an insecure system or one that does not update anymore. Or both.

In this talk, we will present patterns and tools for secure OTA system updates that are being developed in the Software Update Workgroup of the Civil Infrastructure Platform project. We will introduce an OTA pattern consisting of redundant update images that are deployed and managed by SWUpdate and switched by a boot loader. We will discuss the options and implication of securing those images, for the boot process as well as the runtime of the images. Then we will walk through UEFI-based secure boot processes, explain shortcomings of commodity boot loaders are and where to use the embedded boot loader EFI Boot Guard instead. Finally, we will also have a look at plain U-Boot-based setups, discuss if its new UEFI mode can help to unify architectures and explain what to do when it is not available.

avatar for Jan Kiszka

Jan Kiszka

Principal Key Expert, Siemens AG
Jan Kiszka is working as consultant, open source evangelist and Principal Key Expert Engineer in the Competence Center Embedded Linux at Siemens Technology. He is supporting Siemens businesses with adapting, enhancing or strategically driving open source as platform for their product... Read More →

Tuesday June 30, 2020 9:30am - 10:20am CDT
ELC Theater A