[PATCH] doc: sets new goals in the improvement file
17 views
Skip to first unread message
Stefano Babic
May 28, 2026, 6:37:55 AM (8 days ago) May 28
to swup...@googlegroups.com, Stefano Babic
Signed-off-by: Stefano Babic <stefan...@swupdate.org>
---
doc/source/improvement_proposals.rst | 62 +++++++++++++++++++++-------
1 file changed, 46 insertions(+), 16 deletions(-)
diff --git a/doc/source/improvement_proposals.rst b/doc/source/improvement_proposals.rst
index 55108f83..79153835 100644
--- a/doc/source/improvement_proposals.rst
+++ b/doc/source/improvement_proposals.rst
@@ -128,9 +128,12 @@ multiple devices, and each of them needs a subset of the whole SWU. Like the del
SWUpdate knows from sw-description which artifacts are to be installed, and reading the stream
could decide to skip unnecessary components.
+Note: this feature is not the same than delta update, but most users are happier with delta update.
+This feature request will be removed in next release if there won't be interest.
+
* Status: Wait
* Request for Support : Sponsor
-* Priority : Medium
+* Priority : Low
Tools and utilities
===================
@@ -230,6 +233,14 @@ However, upgrading the Webserver code requires to adjust the interface and code.
will be nice to have further implementation of the Webserver, and/or to open to
Webserver that allows streaming.
+Reported from ML there is this place for enhancement:
+
+- use Mopngoose as library
+- use alternative Webserver. Civetweb is a fork from Mongoose and could be integrated.
+- Webserver itself is not doing a lot - it just provides API to push a SWU and Websocket to report progress.
+ If SWUpdate is behind a reverse-proxy, an easy own developed internal Webserver
+ can be a solution.
+
* Status: Wait
* Request for Support : Sponsor
* Priority : Medium
@@ -237,19 +248,37 @@ Webserver that allows streaming.
Security / Crypto engines
=========================
-- add more algorithms for decryption, as AES-CTR can be very useful to decrypt
- chunks in delta updates.
+- Support for encrypted Delta Update:
+
+ Remote ZCK files are not encrypted because a chunk difference is evaluated.
+ A mechanism can be implemented to encrypt chunks as well.
+
+* Status: Wait
+* Request for Support : Sponsor
+* Priority : High
+
+- add more algorithms for decryption nea AES-CBC
* Status: Wait
* Request for Support : Sponsor
* Priority : High
-- Support for TPM2 / HSM to store secrets (requires rework above).
+- Support for TPM2 / HSM to store secrets.
* Status: Wait
* Request for Support : Sponsor
* Priority : High
+- Support for Linux Trusted Keys
+
+ Linux Kernel has introduced "trusted keys" and the keys are never exposed to User Space.
+ Currently, SWUpdate reads keys at the start up from files.
+
+* Status: Wait
+* Request for Support : Sponsor
+* Priority : High
+
+
Back-end support (suricatta mode)
=================================
@@ -326,7 +355,7 @@ and tested on real hardware.
* Status: Wait
* Request for Support : Sponsor
-* Priority : Medium
+* Priority : High
Bootloader interface
====================
@@ -346,6 +375,16 @@ Binding to languages
libswupdate allows to write an application that can control SWUpdate's behavior and be informed
about a running update. There are bindings for C/C++, Lua and nodejs (just progress).
+Applications can be written in other languages, and binding to Python and Rust can be
+implemented, too.
+
+* Status: Wait
+* Request for Support : Sponsor
+* Priority : Low
+
+IPC / Daemon control
+====================
+
Use a JSON interface to exchange IPC messeges.
----------------------------------------------
@@ -356,16 +395,6 @@ SWUpdate. This makes adding new binding very easy, and often not necessary.
* Request for Support : Sponsor
* Priority : Medium
-Bindings for other languages
-----------------------------
-
-Applications can be written in other languages, and binding to Python and Rust can be
-implemented, too.
-
-* Status: Wait
-* Request for Support : Sponsor
-* Priority : Low
-
Documentation
=============
@@ -445,6 +474,7 @@ Some hacks are currently built to avoid conflicts (pkcs#7 and CMS are the same
thing, but supported by different libraries), and they should be solved.
* Status: after 2025.05
+* Sponsored by iris-GmbH infrared & intelligent sensors
Support for asymmetric decryption
---------------------------------
@@ -460,7 +490,7 @@ This allows to reach two main goal:
retrieve it.
* Status: since 2026.xx
-
+* Sponsored by iris-GmbH infrared & intelligent sensors
Backend: hawkBit support for Delta Update
-----------------------------------------
--
2.43.0
---
doc/source/improvement_proposals.rst | 62 +++++++++++++++++++++-------
1 file changed, 46 insertions(+), 16 deletions(-)
diff --git a/doc/source/improvement_proposals.rst b/doc/source/improvement_proposals.rst
index 55108f83..79153835 100644
--- a/doc/source/improvement_proposals.rst
+++ b/doc/source/improvement_proposals.rst
@@ -128,9 +128,12 @@ multiple devices, and each of them needs a subset of the whole SWU. Like the del
SWUpdate knows from sw-description which artifacts are to be installed, and reading the stream
could decide to skip unnecessary components.
+Note: this feature is not the same than delta update, but most users are happier with delta update.
+This feature request will be removed in next release if there won't be interest.
+
* Status: Wait
* Request for Support : Sponsor
-* Priority : Medium
+* Priority : Low
Tools and utilities
===================
@@ -230,6 +233,14 @@ However, upgrading the Webserver code requires to adjust the interface and code.
will be nice to have further implementation of the Webserver, and/or to open to
Webserver that allows streaming.
+Reported from ML there is this place for enhancement:
+
+- use Mopngoose as library
+- use alternative Webserver. Civetweb is a fork from Mongoose and could be integrated.
+- Webserver itself is not doing a lot - it just provides API to push a SWU and Websocket to report progress.
+ If SWUpdate is behind a reverse-proxy, an easy own developed internal Webserver
+ can be a solution.
+
* Status: Wait
* Request for Support : Sponsor
* Priority : Medium
@@ -237,19 +248,37 @@ Webserver that allows streaming.
Security / Crypto engines
=========================
-- add more algorithms for decryption, as AES-CTR can be very useful to decrypt
- chunks in delta updates.
+- Support for encrypted Delta Update:
+
+ Remote ZCK files are not encrypted because a chunk difference is evaluated.
+ A mechanism can be implemented to encrypt chunks as well.
+
+* Status: Wait
+* Request for Support : Sponsor
+* Priority : High
+
+- add more algorithms for decryption nea AES-CBC
* Status: Wait
* Request for Support : Sponsor
* Priority : High
-- Support for TPM2 / HSM to store secrets (requires rework above).
+- Support for TPM2 / HSM to store secrets.
* Status: Wait
* Request for Support : Sponsor
* Priority : High
+- Support for Linux Trusted Keys
+
+ Linux Kernel has introduced "trusted keys" and the keys are never exposed to User Space.
+ Currently, SWUpdate reads keys at the start up from files.
+
+* Status: Wait
+* Request for Support : Sponsor
+* Priority : High
+
+
Back-end support (suricatta mode)
=================================
@@ -326,7 +355,7 @@ and tested on real hardware.
* Status: Wait
* Request for Support : Sponsor
-* Priority : Medium
+* Priority : High
Bootloader interface
====================
@@ -346,6 +375,16 @@ Binding to languages
libswupdate allows to write an application that can control SWUpdate's behavior and be informed
about a running update. There are bindings for C/C++, Lua and nodejs (just progress).
+Applications can be written in other languages, and binding to Python and Rust can be
+implemented, too.
+
+* Status: Wait
+* Request for Support : Sponsor
+* Priority : Low
+
+IPC / Daemon control
+====================
+
Use a JSON interface to exchange IPC messeges.
----------------------------------------------
@@ -356,16 +395,6 @@ SWUpdate. This makes adding new binding very easy, and often not necessary.
* Request for Support : Sponsor
* Priority : Medium
-Bindings for other languages
-----------------------------
-
-Applications can be written in other languages, and binding to Python and Rust can be
-implemented, too.
-
-* Status: Wait
-* Request for Support : Sponsor
-* Priority : Low
-
Documentation
=============
@@ -445,6 +474,7 @@ Some hacks are currently built to avoid conflicts (pkcs#7 and CMS are the same
thing, but supported by different libraries), and they should be solved.
* Status: after 2025.05
+* Sponsored by iris-GmbH infrared & intelligent sensors
Support for asymmetric decryption
---------------------------------
@@ -460,7 +490,7 @@ This allows to reach two main goal:
retrieve it.
* Status: since 2026.xx
-
+* Sponsored by iris-GmbH infrared & intelligent sensors
Backend: hawkBit support for Delta Update
-----------------------------------------
--
2.43.0
Michael Glembotzki
May 28, 2026, 3:11:07 PM (8 days ago) May 28
to swupdate
Hi,
Typo Mongoose
+- use alternative Webserver. Civetweb is a fork from Mongoose and could be integrated.
+- Webserver itself is not doing a lot - it just provides API to push a SWU and Websocket to report progress.
+ If SWUpdate is behind a reverse-proxy, an easy own developed internal Webserver
+ can be a solution.
+
* Status: Wait
* Request for Support : Sponsor
* Priority : Medium
@@ -237,19 +248,37 @@ Webserver that allows streaming.
Security / Crypto engines
=========================
-- add more algorithms for decryption, as AES-CTR can be very useful to decrypt
- chunks in delta updates.
+- Support for encrypted Delta Update:
+
+ Remote ZCK files are not encrypted because a chunk difference is evaluated.
+ A mechanism can be implemented to encrypt chunks as well.
+
+* Status: Wait
+* Request for Support : Sponsor
+* Priority : High
+
+- add more algorithms for decryption nea AES-CBC
nea
Best regards,
Michael
Stefano Babic
May 29, 2026, 5:46:05 AM (7 days ago) May 29
to Michael Glembotzki, swupdate
Hi Michael,
thanks for review, I fixed on -master.
Regards,
Stefano
> --
> You received this message because you are subscribed to the Google
> Groups "swupdate" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to swupdate+u...@googlegroups.com
> <mailto:swupdate+u...@googlegroups.com>.
> To view this discussion visit https://groups.google.com/d/msgid/
> swupdate/ad8e0b5b-0761-463e-be66-9d1fe5817737n%40googlegroups.com
> <https://groups.google.com/d/msgid/swupdate/ad8e0b5b-0761-463e-
> be66-9d1fe5817737n%40googlegroups.com?utm_medium=email&utm_source=footer>.
--
_______________________________________________________________________
Nabla Software Engineering GmbH
Hirschstr. 111A | 86156 Augsburg | Tel: +49 821 45592596
Geschäftsführer : Stefano Babic | HRB 40522 Augsburg
E-Mail: sba...@nabladev.com
thanks for review, I fixed on -master.
Regards,
Stefano
> You received this message because you are subscribed to the Google
> Groups "swupdate" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to swupdate+u...@googlegroups.com
> <mailto:swupdate+u...@googlegroups.com>.
> To view this discussion visit https://groups.google.com/d/msgid/
> swupdate/ad8e0b5b-0761-463e-be66-9d1fe5817737n%40googlegroups.com
> <https://groups.google.com/d/msgid/swupdate/ad8e0b5b-0761-463e-
> be66-9d1fe5817737n%40googlegroups.com?utm_medium=email&utm_source=footer>.
--
_______________________________________________________________________
Nabla Software Engineering GmbH
Hirschstr. 111A | 86156 Augsburg | Tel: +49 821 45592596
Geschäftsführer : Stefano Babic | HRB 40522 Augsburg
E-Mail: sba...@nabladev.com
Reply all
Reply to author
Forward
0 new messages