Securing Your Factory Updates with Multiple Signatures

Photo of Volodymyr Khoroz

Posted on Jan 22, 2024 by Volodymyr Khoroz

3 min read

This post describes new additions to the FoundriesFactory® backend and Fioctl®, which allow for adding several signatures to your updates metadata. This can be leveraged by an experienced user to lift product safety to new heights.

Background

FoundriesFactory® uses The Update Framework (TUF) to bring secure Over The Air (OTA) updates to your devices. You can find more information about how TUF and FoundriesFactory work together to secure your Factory updates here:

TUF uses a set of cryptographic keys to sign every update, protecting it from various cyber attacks. Before, FoundriesFactory supported the following set of cryptographic keys for its TUF implementation:

  • the offline TUF root key, owned by the Factory admin, used as a root of trust in TUF.
  • the offline TUF targets key, owned by the Factory admin, used to sign production TUF targets.
  • the online TUF targets key, owned by Foundries.io™, used to sign both CI and production TUF targets.
  • the online TUF snapshot and timestamp keys, owned by Foundries.io, used to sign other TUF artifacts.

What Was Added

Now, FoundriesFactory provides the ability to create and own more than 1 offline key for both TUF root and targets roles. In addition, a user can now configure their Factory to require more than 1 offline signature for these roles.

Together, these changes allow for implementing a multitude of new workflows, as defined in the updated user manual. In particular, a user can now implement a workflow for the following use cases:

  • Define several offline TUF root keys, stored in separate locations and owned by different users. This adds a greater redundancy to the critical crypto key, improving your product safety.

  • Define several offline TUF targets keys, one for each user eligible to create a new production release. This allows to eliminate the key sharing, improving your product security and auditability.

  • Require more than 1 offline TUF key signature for the TUF root and/or targets roles. This increases the protection of your TUF metadata from unintentional modifications.

We recommend that FoundriesFactory customers upgrade to the latest Fioctl release and review their TUF metadata configuration to incorporate this feature. At a minimum, we advise creating more than one offline TUF root key, so as to better protect your Factory from a key loss. Read the updated user manual for more details.

References

References to Foundries.io documentation, blog, or product pages:

External references:

Related posts