I would love to know. I currently have an embedded product using buildroot and as it is not exposed to a network at all, I don't have any worries about security. However, I'd love to hear of a nice mechanism to basically upgrade the system image in place. I imagine you could use something like a pair of partitions and just change the kernel boot parameters to point at the most recent one, but I'm curious about what solutions people use.
lawik|1 year ago
I work on the Nerves project which does Elixir on top of Buildroot and there we use fwup (https://github.com/fwup-home/fwup) which does a very nice job of a lot of this. Including signing, hashing and more.
This is a real example of a config: https://github.com/nerves-project/nerves_system_rpi4/blob/ma...
jameshilliard|1 year ago
https://sbabic.github.io/swupdate/swupdate.html