[riot-devel] Riot Software Update

2015-03-24 Thread Thomas C. Schmidt

Hi,

yesterday in the IAB technical plenary, Hannes Tschofening stressed the 
need for system software maintenance. This raises the question: Have we 
spent enough thoughts on automated secure software updates for RIOT, are 
we approaching this subject?


It might be some thing worth while considering??

Cheers,
 Thomas
--

Prof. Dr. Thomas C. Schmidt
° Hamburg University of Applied Sciences   Berliner Tor 7 °
° Dept. Informatik, Internet Technologies Group20099 Hamburg, Germany °
° http://www.haw-hamburg.de/inet   Fon: +49-40-42875-8452 °
° http://www.informatik.haw-hamburg.de/~schmidtFax: +49-40-42875-8409 °

--

Prof. Dr. Thomas C. Schmidt
° Hamburg University of Applied Sciences   Berliner Tor 7 °
° Dept. Informatik, Internet Technologies Group20099 Hamburg, Germany °
° http://www.haw-hamburg.de/inet   Fon: +49-40-42875-8452 °
° http://www.informatik.haw-hamburg.de/~schmidtFax: +49-40-42875-8409 °
___
devel mailing list
devel@riot-os.org
https://lists.riot-os.org/mailman/listinfo/devel


Re: [riot-devel] Riot Software Update

2015-03-24 Thread Cédric Adjih
  Hello,

  Indeed, that presentation was rather interesting.
and secure updates indeed as part of security;

Looking at the OTA, the discussions are excluding 
network protocol, so maybe one step in that direction
would be to have some secure protocol for sending them ?

Is there something already envisionned ?

best regards,
-- Cedric

- Original Message -
| From: Thomas C. Schmidt schm...@informatik.haw-hamburg.de
| To: RIOT OS kernel developers devel@riot-os.org
| Sent: Tuesday, March 24, 2015 10:01:01 AM
| Subject: [riot-devel] Riot Software Update
| 
| Hi,
| 
| yesterday in the IAB technical plenary, Hannes Tschofening stressed
| the
| need for system software maintenance. This raises the question: Have
| we
| spent enough thoughts on automated secure software updates for RIOT,
| are
| we approaching this subject?
| 
| It might be some thing worth while considering??
| 
| Cheers,
|   Thomas
| --
| 
| Prof. Dr. Thomas C. Schmidt
| ° Hamburg University of Applied Sciences   Berliner
| Tor 7 °
| ° Dept. Informatik, Internet Technologies Group20099 Hamburg,
| Germany °
| ° http://www.haw-hamburg.de/inet   Fon:
| +49-40-42875-8452 °
| ° http://www.informatik.haw-hamburg.de/~schmidtFax:
| +49-40-42875-8409 °
__
| devel mailing list
| devel@riot-os.org
| https://lists.riot-os.org/mailman/listinfo/devel
| 
___
devel mailing list
devel@riot-os.org
https://lists.riot-os.org/mailman/listinfo/devel


Re: [riot-devel] Riot Software Update

2015-03-24 Thread Ludwig Ortmann
Hi,

yes, we agreed that in order to get software updates we need a foundation
for activating new firmware images first.
The working assumption for the first incarnation/iteration of this is that
an image has been saved to some memory of the device already.

Cheers,
Ludwig

Oleg Hahm schrieb:
 Hi!

 I see the upgrade distribution process as mostly independent from the
 software infrastructure needed to activate new images.

 Do I get this right, that the OTA task force is excluding the OTA part of
 the
 software update from their work? Or are you just considering the single
 hop
 case?

 Cheers,
 Oleg
 --
 My computer is so slow that sometimes it gets a timeout from
 http://localhost.
 ___
 devel mailing list
 devel@riot-os.org
 https://lists.riot-os.org/mailman/listinfo/devel



___
devel mailing list
devel@riot-os.org
https://lists.riot-os.org/mailman/listinfo/devel


Re: [riot-devel] Riot Software Update

2015-03-24 Thread Emmanuel Baccelli
Hi Thomas,

there are some initial efforts on-going in the community, such as [1] [2]
[3], and upcoming GSOC projects on implementing LWM2M amd dynamic linking.

However, this is not sufficient to get the whole nine yards. To have the
full picture, there lacks security/crypto aspects, software updates
(rrlated but different from firmware updates) and the automatic aspect,
which also include a network/transport/distribution aspect.

So in a nutshell: I think this aspect is of utmost importance indeed.
Having a really good way to do that could be a decisive advantage of RIOT
over other OS. In any case: the IoT will only become the IoT the day such
evolutive mechanisms are in place and usable.

I was thinking that this could/should be the main focus of RIOT in upcoming
H2020 project proposals for instance.

best,

Emmanuel

[1]
https://lists.riot-os.org/pipermail/devel/attachments/20150211/7e2772a3/attachment-0001.pdf
[2] https://github.com/RIOT-OS/RIOT/wiki/minutes-OTA-meetup-13.2.2015
[3] https://lists.stillroot.org/pipermail/devel/2015-January/001738.html
 Le 24 mars 2015 10:01, Thomas C. Schmidt 
schm...@informatik.haw-hamburg.de a écrit :

 Hi,

 yesterday in the IAB technical plenary, Hannes Tschofening stressed the
 need for system software maintenance. This raises the question: Have we
 spent enough thoughts on automated secure software updates for RIOT, are we
 approaching this subject?

 It might be some thing worth while considering??

 Cheers,
  Thomas
 --

 Prof. Dr. Thomas C. Schmidt
 ° Hamburg University of Applied Sciences   Berliner Tor 7 °
 ° Dept. Informatik, Internet Technologies Group20099 Hamburg, Germany °
 ° http://www.haw-hamburg.de/inet   Fon: +49-40-42875-8452
 °
 ° http://www.informatik.haw-hamburg.de/~schmidtFax: +49-40-42875-8409
 °

 --

 Prof. Dr. Thomas C. Schmidt
 ° Hamburg University of Applied Sciences   Berliner Tor 7 °
 ° Dept. Informatik, Internet Technologies Group20099 Hamburg, Germany °
 ° http://www.haw-hamburg.de/inet   Fon: +49-40-42875-8452
 °
 ° http://www.informatik.haw-hamburg.de/~schmidtFax: +49-40-42875-8409
 °
 ___
 devel mailing list
 devel@riot-os.org
 https://lists.riot-os.org/mailman/listinfo/devel

___
devel mailing list
devel@riot-os.org
https://lists.riot-os.org/mailman/listinfo/devel


Re: [riot-devel] Riot Software Update

2015-03-24 Thread Oleg Hahm
Hi Ludwig!

 yes, we agreed that in order to get software updates we need a foundation
 for activating new firmware images first.
 The working assumption for the first incarnation/iteration of this is that
 an image has been saved to some memory of the device already.

Okay, basically my question was: do the OTA task force wants to work on the
actual update distribution mechanisms (including security) in a second step or
would it make more sense trying to charter a task force that works on this in
parallel? (If the latter, I would recommend to rename it.)

Cheers,
Oleg
-- 
The bad thing about HTML DOM jokes is that everyone has their own
interpretations, so you have to tell them 9000 different ways.


pgpSFGlWeiziK.pgp
Description: PGP signature
___
devel mailing list
devel@riot-os.org
https://lists.riot-os.org/mailman/listinfo/devel