This post describes new additions to the FoundriesFactory® backend and Fioctl®, which allow for adding several signatures to your updates metadata. This can be leveraged by an experienced user to lift product safety to new heights.

Background

FoundriesFactory® uses The Update Framework (TUF) to bring secure Over The Air (OTA) updates to your devices. You can find more information about how TUF and FoundriesFactory work together to secure your Factory updates here:

• Blog: how to secure your production updates
• Blog: why is key rotation important
• Reference Manual: OTA Updates
• Reference Manual: Security
• Reference Manual: TUF Offline Keys

TUF uses a set of cryptographic keys to sign every update, protecting it from various cyber attacks. Before, FoundriesFactory supported the following set of cryptographic keys for its TUF implementation:

• the offline TUF root key, owned by the Factory admin, used as a root of trust in TUF.
• the offline TUF targets key, owned by the Factory admin, used to sign production TUF targets.
• the online TUF targets key, owned by Foundries.io™, used to sign both CI and production TUF targets.
• the online TUF snapshot and timestamp keys, owned by Foundries.io, used to sign other TUF artifacts.

What Was Added

Now, FoundriesFactory provides the ability to create and own more than 1 offline key for both TUF root and targets roles. In addition, a user can now configure their Factory to require more than 1 offline signature for these roles.

Together, these changes allow for implementing a multitude of new workflows, as defined in the updated user manual. In particular, a user can now implement a workflow for the following use cases:

• Define several offline TUF root keys, stored in separate locations and owned by different users. This adds a greater redundancy to the critical crypto key, improving your product safety.

• Define several offline TUF targets keys, one for each user eligible to create a new production release. This allows to eliminate the key sharing, improving your product security and auditability.

• Require more than 1 offline TUF key signature for the TUF root and/or targets roles. This increases the protection of your TUF metadata from unintentional modifications.

We recommend that FoundriesFactory customers upgrade to the latest Fioctl release and review their TUF metadata configuration to incorporate this feature. At a minimum, we advise creating more than one offline TUF root key, so as to better protect your Factory from a key loss. Read the updated user manual for more details.

References

References to Foundries.io documentation, blog, or product pages:

• Fioctl
• Blog: How to Secure Your Production Updates
• Blog: Why is Key Rotation Important
• Reference Manual: OTA Updates
• Reference Manual: Security
• Reference Manual: TUF Offline Keys

External references:

• The Update Framework (TUF)