Secure software update framework is an open source update mechanism to update the embedded systems remotely/locally in a very secure way. This framework has considered drawbacks on the existing update mechanism and provided an efficient way to overcome those issues. This framework has been designed very carefully while considering the industrial requirements to update the Embedded devices in a secure way. This framework can be easily customized based on the customers need. Multiple HW platforms can be supported in a single image. In this framework images are compressed in a CPIO format. We can also create our own handlers to install the secure software images on a specific partition of the device. This framework provides an image based secure software update solution. In this framework an application will be used to trigger the update process while using OS services.
This framework provides two update mechanism, one is Single Copy, which will be more suitable if we have limited storage space on the device and another is Double copy, which have mechanism to invoke the fallback, in case of update failure, and also guarantees that there will always be a working copy for the system to run.
This framework handles failure scenarios in a very effective way. This framework chooses a very effective mechanism to cross verify the update images from the verified sources to provide the security. SWUpdate process will use verification of hashes with signed software description to secure the images. In this update process we can use menuconfig to select a suitable algorithm to sign and verify the software descriptor. This has the support to set and erase U-Boot variables. Update images can be streamed directly into the target board.