Posts

Building Platforms with Secure Over-the-Air Updating

Almost every device in development today requires both over-the-air (OTA) updating capabilities, and up-to-date security with authentication of the device filesystem and encryption of application data storage.

At Konsulko Group, we find that the best approach is to build a secure platform first, starting with the hardware root of trust and establishing a chain of trust by extending the root of trust through each successive component in the system.

  • A first step is to make sure the Universal Boot Loader (U-Boot) is up-to-date. If the device is using an older version, we may port U-Boot support of a more current release. Then we enable signature-based authentication of the device using the U-Boot verified boot feature.
  • To provide authentication of the device filesystem and encryption of application data storage, we often use the Linux kernel Device-Mapper infrastructure to create virtual layers of block devices: dm-verity for root filesystem authentication, dm-crypt for data encryption, and dm-integrity for read/write data volume integrity.
  • Finally, we can integrate Mender I/O support for OTA together with dm-verity and Yocto Project so that device updates can be performed while maintaining the system’s secure chain of trust.

This step-by-step methodology ensures straight-forward and predictable development. Please contact us to discuss how we can help you build a secure platform for OTA updating on your device.

Google recognizes the contributions of U-Boot maintainer Tom Rini

Google’s Open Source Peer Bonus Program has recognized Konsulko Group’s own Tom Rini for his contributions as the maintainer of U-Boot. Congratulations to Tom for his hard work maintaining this critical part of many embedded Linux systems.

Five years ago the Open Source Programs Office established the Open Source Peer Bonus Program to remind Googlers of the importance of the myriad developers outside of Google who keep open source healthy and growing.

The program works like this: we invite Googlers to nominate open source developers outside of the company who deserve recognition for their contributions to open source used at or relied on by Google. After review by a team of volunteer engineers, the recipients receive our heartfelt thanks and a small token of our appreciation.

We have recognized more than 500 open source developers from 30+ countries who have contributed their time and talent to over 400 open source projects.

Having just finished the latest round of the program, we’d like to recognize the individuals and the projects they worked on. Here’s everyone who gave us permission to thank them publicly:


Tom Rini U-Boot

From https://opensource.googleblog.com/2016/09/google-open-source-peer-bonus-program.html

Portfolio Items