xref: /aosp_15_r20/external/pigweed/pw_software_update/docs.rst (revision 61c4878ac05f98d0ceed94b57d316916de578985)

.. _module-pw_software_update:

.. rst-class:: with-subtitle

==================
pw_software_update
==================
.. pigweed-module::
   :name: pw_software_update

   The ``pw_software_update`` module offers the following building blocks for
   setting up your own end-to-end software delivery system.

   - **TUF embedded**: An underlying TUF_-based security framework tailored
     for embedded use cases that enable safe and resilient software delivery.
   - **One bundle**: A standard update bundle format for assembling all build
     artifacts and release information.
   - **Two keys**: Each product has two keys dedicated to software updates. The
     ``targets`` key directly signs a versioned manifest of target files and
     can be regularly rotated by the ``root`` key. The ``root`` keys are in
     turn rotated by verified boot. No provisioning is required.
   - **Frameworked client**: An update client that takes care of all the logic
     of checking, staging, verifying, and installing an incoming update. The
     framework calls into the downstream backend only when needed.
   - **Signing service**: Integration support for your favorite production
     signing service.
   - **Tooling**: Python modules that assemble, sign, and inspect bundles,
     ready to be integrated into your build and release pipeline. Plus a CLI
     with which you can try out ``pw_software_update`` before buying into it.
   - **Extensive guidance**: All software update systems are not equal. We
     are building out extensive guidance for representative scenarios.

-------------
Who is it for
-------------

The ``pw_software_update`` module is still in early stages. It works best if
your software update needs checks the following boxes.

✅ **I want security-by-design**!

The ``pw_software_update`` module is built with security in mind from
day 0. It leverages the state-of-the-art and widely used TUF_ framework.
With relatively little expertise, you can set up and operate a software
building, release, and delivery pipeline that is resiliently secure and
private.

✅ **My project has verified boot.**

Software update is an extension of verified boot. Security measures in
``pw_software_update`` CANNOT replace verified boot.

.. note::

   Verified boot, also known as secure boot, refers to the generic security
   feature that ensures no software component is run without passing
   integrity and authentication verification.  In particular, verified boot
   ensures the software update stack has not been tampered with.

✅ **My project DOES NOT require delta updates.**

``pw_software_update`` packages every new software release in a single opaque
bundle. The bundle is the smallest granularity transferred between endpoints.

✅ **I can manage signing keys myself.**

We don't yet have a public-facing signing service.

✅ **I can store and serve my own updates.**

We don't yet have a public-facing end-to-end software delivery solution.

If your project doesn't check all the boxes above but you still wish to use
``pw_software_update``. Please `email <https://groups.google.com/g/pigweed>`_
or `chat <https://discord.gg/M9NSeTA>`_ with us for potential workarounds.

.. _TUF: https://theupdateframework.io/

.. toctree::
   :hidden:
   :maxdepth: 1

   get_started
   design
   guides
   cli