[PATCH 1/2] doc: set delta with Hawkbit as completed
5 views
Skip to first unread message
Stefano Babic
7:39 AM (9 hours ago) 7:39 AM
to swup...@googlegroups.com, Stefano Babic
Signed-off-by: Stefano Babic <stefan...@swupdate.org>
---
doc/source/improvement_proposals.rst | 49 ++++++++++++++--------------
1 file changed, 24 insertions(+), 25 deletions(-)
diff --git a/doc/source/improvement_proposals.rst b/doc/source/improvement_proposals.rst
index c38e9841..4f2edea1 100644
--- a/doc/source/improvement_proposals.rst
+++ b/doc/source/improvement_proposals.rst
@@ -307,31 +307,6 @@ changes must be implemented in SWUpdate.
* Request for Support : Sponsor
* Priority : Low
-Backend: hawkBit support for Delta Update
------------------------------------------
-
-Delta Update requires two or more files:
-
-- the SWU
-- one file ".zck" for each artifact that is upgraded via delta handler.
-
-The .zck must be uploaded somewhere and the URL is defined inside sw-description, that
-is then signed. This causes a chicken-egg issue, because the buzild cannot be completed
-with hawkBit until the ".zck" files are not uploaded. In fact, hawkBit assigns to each
-Software Module an "id" that is unknown at the moment of the build.
-
-It is required to implement a mechanism that let suricatta to inform the core about URLs
-passed by the hawkBit server, and they can override the URL set inside sw-description.
-This lets the URL for ZCK unknown during the build and it will be detected at runtime.
-
-The authentication to the hawkBit Server does not work in case of delta. In fact, authentication
-is performed by the backend connector, but the download of .zck files is done by a different
-process ("downloader") that don't use the setup from suricatta.
-
-* Status: In progress
-* Request for Support : Sponsored by Orica Digital Solutions
-* Priority : Medium
-
Back-end: support for generic down-loader
-----------------------------------------
@@ -487,3 +462,27 @@ Some hacks are currently built to avoid conflicts (pkcs#7 and CMS are the same
thing, but supported by different libraries), and they should be solved.
* Status: after 2025.05
+
+Backend: hawkBit support for Delta Update
+-----------------------------------------
+
+Delta Update requires two or more files:
+
+- the SWU
+- one file ".zck" for each artifact that is upgraded via delta handler.
+
+The .zck must be uploaded somewhere and the URL is defined inside sw-description, that
+is then signed. This causes a chicken-egg issue, because the buzild cannot be completed
+with hawkBit until the ".zck" files are not uploaded. In fact, hawkBit assigns to each
+Software Module an "id" that is unknown at the moment of the build.
+
+It is required to implement a mechanism that let suricatta to inform the core about URLs
+passed by the hawkBit server, and they can override the URL set inside sw-description.
+This lets the URL for ZCK unknown during the build and it will be detected at runtime.
+
+The authentication to the hawkBit Server does not work in case of delta. In fact, authentication
+is performed by the backend connector, but the download of .zck files is done by a different
+process ("downloader") that don't use the setup from suricatta.
+
+* Status: since 2026.xx
+* Sponsored by Orica Digital Solutions
--
2.43.0
---
doc/source/improvement_proposals.rst | 49 ++++++++++++++--------------
1 file changed, 24 insertions(+), 25 deletions(-)
diff --git a/doc/source/improvement_proposals.rst b/doc/source/improvement_proposals.rst
index c38e9841..4f2edea1 100644
--- a/doc/source/improvement_proposals.rst
+++ b/doc/source/improvement_proposals.rst
@@ -307,31 +307,6 @@ changes must be implemented in SWUpdate.
* Request for Support : Sponsor
* Priority : Low
-Backend: hawkBit support for Delta Update
------------------------------------------
-
-Delta Update requires two or more files:
-
-- the SWU
-- one file ".zck" for each artifact that is upgraded via delta handler.
-
-The .zck must be uploaded somewhere and the URL is defined inside sw-description, that
-is then signed. This causes a chicken-egg issue, because the buzild cannot be completed
-with hawkBit until the ".zck" files are not uploaded. In fact, hawkBit assigns to each
-Software Module an "id" that is unknown at the moment of the build.
-
-It is required to implement a mechanism that let suricatta to inform the core about URLs
-passed by the hawkBit server, and they can override the URL set inside sw-description.
-This lets the URL for ZCK unknown during the build and it will be detected at runtime.
-
-The authentication to the hawkBit Server does not work in case of delta. In fact, authentication
-is performed by the backend connector, but the download of .zck files is done by a different
-process ("downloader") that don't use the setup from suricatta.
-
-* Status: In progress
-* Request for Support : Sponsored by Orica Digital Solutions
-* Priority : Medium
-
Back-end: support for generic down-loader
-----------------------------------------
@@ -487,3 +462,27 @@ Some hacks are currently built to avoid conflicts (pkcs#7 and CMS are the same
thing, but supported by different libraries), and they should be solved.
* Status: after 2025.05
+
+Backend: hawkBit support for Delta Update
+-----------------------------------------
+
+Delta Update requires two or more files:
+
+- the SWU
+- one file ".zck" for each artifact that is upgraded via delta handler.
+
+The .zck must be uploaded somewhere and the URL is defined inside sw-description, that
+is then signed. This causes a chicken-egg issue, because the buzild cannot be completed
+with hawkBit until the ".zck" files are not uploaded. In fact, hawkBit assigns to each
+Software Module an "id" that is unknown at the moment of the build.
+
+It is required to implement a mechanism that let suricatta to inform the core about URLs
+passed by the hawkBit server, and they can override the URL set inside sw-description.
+This lets the URL for ZCK unknown during the build and it will be detected at runtime.
+
+The authentication to the hawkBit Server does not work in case of delta. In fact, authentication
+is performed by the backend connector, but the download of .zck files is done by a different
+process ("downloader") that don't use the setup from suricatta.
+
+* Status: since 2026.xx
+* Sponsored by Orica Digital Solutions
--
2.43.0
Stefano Babic
7:39 AM (9 hours ago) 7:39 AM
to swup...@googlegroups.com, Stefano Babic
Some tasks are completed and are removed from the list asking for
sponsor.
doc/source/improvement_proposals.rst | 45 ++++++++++++++++------------
1 file changed, 26 insertions(+), 19 deletions(-)
diff --git a/doc/source/improvement_proposals.rst b/doc/source/improvement_proposals.rst
index 4f2edea1..55108f83 100644
--- a/doc/source/improvement_proposals.rst
+++ b/doc/source/improvement_proposals.rst
@@ -165,8 +165,6 @@ SWUGenerator is thought to support multiple subcommands, but it currently suppor
It is thinkable, even if this can be done with other tools, to implement further commands like:
- extract: take a SWU and extracts all artifacts in a directory
-- sign: take a SWU and resign with a new key. This is useful when it is required to install a new
- Software, but the certificate or the key on the device is older and rejects the installation.
- verify: just verify if the SWU is correctly signed.
SWUGenerator does not yet support all features present in meta-swupdate. As replacement for meta-swupdate
@@ -178,15 +176,6 @@ to SWUGenerator.
-LZMA support to SWUGenerator
-----------------------------
-
-XZ (LZMA) decompression was added to SWUpdate, but SWUGenerator is not able to create XZ compressed images.
-
-* Status: Wait
-* Request for Support : Not required
-* Priority : Medium
-
swupdate-progress start up
--------------------------
@@ -204,7 +193,7 @@ installed or not.
Lua
===
-- API between SWUpdate and Lua is poorly documented.
+- Improve documentation / add examples.
- Store in SWUpdate's repo Lua libraries and common functions to be reused by projects.
* Status : Running
@@ -248,12 +237,6 @@ Webserver that allows streaming.
Security / Crypto engines
=========================
-- add support for asymmetric decryption
-
-* Status: Wait
-* Request for Support : Sponsor
-* Priority : High
-
- add more algorithms for decryption, as AES-CTR can be very useful to decrypt
chunks in delta updates.
@@ -371,7 +354,7 @@ SWUpdate. This makes adding new binding very easy, and often not necessary.
* Status: Wait
+* Priority : Medium
Bindings for other languages
----------------------------
@@ -463,6 +446,22 @@ thing, but supported by different libraries), and they should be solved.
* Status: after 2025.05
+Support for asymmetric decryption
+---------------------------------
+
+It makes no sense to encrypt big artifacts with an asymettric key, but asymetric decription
+is realized by encrypting sw-description multiple times with a per-device (public) certificate.
+
+This allows to reach two main goal:
+
+- revocation list: if a device is compromised, next update won't contain the device.
+- dynamic / autometic deployment of the AES symmetric key: because sw-description is encrypted,
+ the AES key can be part of sw-description and only devices with a valid certificate can
+ retrieve it.
* Status: since 2026.xx
* Sponsored by Orica Digital Solutions
+
+SWUGenerator sign command
+-------------------------
+
+- sign: take a SWU and resign with a new key. This is useful when it is required to install a new
+ Software, but the certificate or the key on the device is older and rejects the installation.
+
+since version 0.6
--
2.43.0
sponsor.
doc/source/improvement_proposals.rst | 45 ++++++++++++++++------------
1 file changed, 26 insertions(+), 19 deletions(-)
diff --git a/doc/source/improvement_proposals.rst b/doc/source/improvement_proposals.rst
index 4f2edea1..55108f83 100644
--- a/doc/source/improvement_proposals.rst
+++ b/doc/source/improvement_proposals.rst
@@ -165,8 +165,6 @@ SWUGenerator is thought to support multiple subcommands, but it currently suppor
It is thinkable, even if this can be done with other tools, to implement further commands like:
- extract: take a SWU and extracts all artifacts in a directory
-- sign: take a SWU and resign with a new key. This is useful when it is required to install a new
- Software, but the certificate or the key on the device is older and rejects the installation.
- verify: just verify if the SWU is correctly signed.
SWUGenerator does not yet support all features present in meta-swupdate. As replacement for meta-swupdate
@@ -178,15 +176,6 @@ to SWUGenerator.
* Request for Support : Sponsor
* Priority : Medium
-LZMA support to SWUGenerator
-----------------------------
-
-XZ (LZMA) decompression was added to SWUpdate, but SWUGenerator is not able to create XZ compressed images.
-
-* Status: Wait
-* Request for Support : Not required
-* Priority : Medium
-
swupdate-progress start up
--------------------------
@@ -204,7 +193,7 @@ installed or not.
Lua
===
-- API between SWUpdate and Lua is poorly documented.
+- Improve documentation / add examples.
- Store in SWUpdate's repo Lua libraries and common functions to be reused by projects.
* Status : Running
@@ -248,12 +237,6 @@ Webserver that allows streaming.
Security / Crypto engines
=========================
-- add support for asymmetric decryption
-
-* Status: Wait
-* Request for Support : Sponsor
-* Priority : High
-
- add more algorithms for decryption, as AES-CTR can be very useful to decrypt
chunks in delta updates.
@@ -371,7 +354,7 @@ SWUpdate. This makes adding new binding very easy, and often not necessary.
* Status: Wait
* Request for Support : Sponsor
-* Priority : Low
+* Priority : Medium
Bindings for other languages
----------------------------
@@ -463,6 +446,22 @@ thing, but supported by different libraries), and they should be solved.
* Status: after 2025.05
+Support for asymmetric decryption
+---------------------------------
+
+It makes no sense to encrypt big artifacts with an asymettric key, but asymetric decription
+is realized by encrypting sw-description multiple times with a per-device (public) certificate.
+
+This allows to reach two main goal:
+
+- revocation list: if a device is compromised, next update won't contain the device.
+- dynamic / autometic deployment of the AES symmetric key: because sw-description is encrypted,
+ the AES key can be part of sw-description and only devices with a valid certificate can
+ retrieve it.
+
+* Status: since 2026.xx
+
+
+* Status: since 2026.xx
+
Backend: hawkBit support for Delta Update
-----------------------------------------
@@ -486,3 +485,11 @@ process ("downloader") that don't use the setup from suricatta.
-----------------------------------------
* Status: since 2026.xx
* Sponsored by Orica Digital Solutions
+
+SWUGenerator sign command
+-------------------------
+
+- sign: take a SWU and resign with a new key. This is useful when it is required to install a new
+ Software, but the certificate or the key on the device is older and rejects the installation.
+
+since version 0.6
--
2.43.0
Reply all
Reply to author
Forward
0 new messages