---
-title: Introduction
+title: Update (Over The Air)
---
-# Part 8 - Update (**OTA**)
-
-## Abstract
-
Updating applications and firmware is essential for the development of new
features and even more to fix security bugs. However, if a malicious third party
manages to alter the content during transport, it could alter the functioning of
_OTA_ | **O**ver **T**he **A**ir
_SOTA_ | **S**oftware **O**ver **T**he **A**ir
_TUF_ | **T**he **U**pdate **F**ramework
+
+# Firmware Over The Air
+
+The firmware update is critical since its alteration back to compromise the
+entire system. It is therefore necessary to take appropriate protective
+measures.
+
+AGL includes the _meta-updater_ Yocto layer that enables OTA software updates
+via [Uptane](https://uptane.github.io), an automotive-specific extension to [The
+Update Framework](https://theupdateframework.github.io/). Uptane and TUF are
+open standards that define a secure protocol for delivering and verifying
+updates even when the servers and network--internet and car-internal--aren't
+fully trusted.
+
+_meta-updater_ includes the application
+[`aktualizr`](https://github.com/advancedtelematic/aktualizr), developed
+Advanced Telematic Systems (now part of HERE Technologies) that enables OTA for
+an ECU. `aktualizr` combined with Uptane is suitable for updating the firmware,
+software, and other packages on even functionally critical ECUs. `aktualizr` can
+be enabled with the free, open souce backend
+[`ota-community-edition`](https://github.com/advancedtelematic/ota-community-edition).
+
+This FOTA update mechanism can be enabled through the `agl-sota` feature.
+
+## Building
+
+To build an AGL image that uses `aktualizr`, the following can be used.
+
+```
+source meta-agl/scripts/aglsetup.sh -m <machine> agl-sota <other-features...>
+```
+
+During the build, _meta-updater_ will use credentials downloaded from
+`ota-community-edition` to sign metadata verifying the build as authentic. These
+signatures are part of the Uptane framework and are used to verify FOTA updates.
+
+## Atomic Upgrades with Rollbacks
+
+`aktualizr`'s primary method of updating firmware is to use `libostree` with
+binary diffs. The binary diffs use the least amout of bandwidth, and by it's
+nature `libostree` stores current and previous firmware versions on disk or in
+flash memory to allow for rollbacks.
+
+`libostree` is a content addressable object store much like `git`. Versions are
+specified via SHA2-256. These hashes are signed in the Uptane metadata and are
+robust against cryptographic compromise.
+
+# Software Over The Air
+
+Software updates in connected vehicles are a very useful feature, which can
+deliver significant benefits. If not implemented with security in mind, software
+updates can incur serious vulnerabilities. Any software update system must
+ensure that not only are the software updates to devices done in a secure way,
+but also that the repositories and servers hosting these updates are adequately
+protected. As the process of updating software migrates from a Dealership update
+model towards an **OTA** update model, securing these processes becomes a high
+priority.
+
+**SOTA** is made possible by **AppFw** (See Platform part). It will be possible
+to manage in a simple way the packets (i.g. Android like).
+
+Domain | Improvement
+------------- | -----------------
+Update-SOTA-1 | Part to complete.
\ No newline at end of file
Code Review / AGL / documentation.git / blobdiff