Secure Offline Updates Overview
This feature is a work in progress. The release date is estimated to the end of Q2 2022.
Offline Updates is a feature soon to be released in Torizon. It is an alternative for the already available Remote Updates, although they use the same technology stack: OSTree and Aktualizr. Offline Updates brings the capability to perform secure application and OS updates to Torizon devices that may not be able to update remotely. For example, devices that never connect to the internet or have limited bandwidth.
Many of the names and technologies used in Remote Updates are also used in Offline Updates. However, this feature requires some new unique terminology:
Lockbox is central to using Offline Updates. In this context, the Lockbox can be thought of as the object that will be used to perform the update. In other words, it contains all the required files that will be deployed to the updating device, along with the metadata necessary to make it a secure operation. The Lockbox can contain an OS update, an application update, or a synchronous update where both components update together.
A Lockbox must be first defined in the Torizon Platform, and later created with TorizonCore Builder. After the Lockbox is created, it is loaded into an update medium (USB drive, SD card) which is inserted in the device to initialize the update.
Main features and use cases
Like the Remote Updates counterpart, with the Offline Updates feature it is possible to:
- Update the Operating System and/or Application components, in a secure environment, on a running device without the need for an active internet connection
- Automatically update a device using an update medium loaded with a Lockbox
- Perform synchronous updates offline securely, allowing you to update the OS and the Application as a single component
- Automatically rollback to the current version of the OS or the application in case the update fails
- Block updates from the application, in case you have a critical application that cannot stop for an update to take place
- Create a single Lockbox for multiple devices with different hardware
The update process
The whole process of updating a device offline is similar to the Remote Update process.
Defining the Lockbox
The first step is to define the Lockbox in the Torizon Platform. This definition holds all the information necessary to create the Lockbox. Remember, the Lockbox itself will contain all of the files required for the update as well as the necessary metadata to make it a secure process. To define a Lockbox you have to:
- Deploy your OS and/or Application packages to the Torizon Platform
- On the Torizon Platform, define a Lockbox with the desired components (OS, Application)
Creating the Lockbox
With the Lockbox defined, the next step is to create the actual Lockbox and load it into an update medium. The update medium is a physical drive that holds the Lockbox, for example, an SD card or a USB drive. To create the Lockbox and load it into an update medium, you have to:
- Use TorizonCore Builder to download the definition of the Lockbox from the Torizon Platform servers, and create the Lockbox
- Load the Lockbox into a physical drive (the Lockbox is usually named “update")
Deploying the Offline Update
Now that you have the update medium, it becomes a matter of physically going to the device and deploying the update:
- Insert the update medium (loaded with the Lockbox) into the device
- Wait for the update to finish
- Remove the update medium. At this point, the device is updated
The update process is fully automated and no user intervention is required at any time. If you are performing an OS or synchronous update, the board will automatically reboot once.
Offline Updates vs. Remote Updates
As mentioned before, the Offline Updates feature shares the technology stack with the Remote Updates feature. Both of them allow updating the OS and/or the application in a deployed device. Their main difference is where the update comes from.
- For Remote Updates, the device regularly checks the Torizon Platform for new updates through the internet;
- For Offline Updates, the device monitors a local directory (mounted from a USB drive, for example) for new updates.
You will need a provisioned device in order to securely update it, regardless of choosing Remote or Offline Update.
Note that you currently cannot have both sources of updates enabled at once. The device must be configured to receive either Offline or Remote Updates. By default, devices disable Offline Updates in favor of Remote Updates.
The same technologies that are used in Remote Updates are also used in Offline Updates. For more information, it is recommended to read the Torizon Remote Updates Technical Overview article. It highlights the roles of:
- OSTree: as the system that handles updates to the filesystem tree;
- Uptane: as the standard Toradex follows for secure updates;
- Aktualizr: as the client-side implementation for Uptane.
Toradex has presented webinars about Secure Offline Updates and you can watch them on demand.
Secure Offline and Online Updates for Linux Devices
Learn more about this webinar on the landing page, or watch it below: