Today, my device uses full ubuntu with software updates deployed via deb files. In my current setup, software is distributed in an encrypted package and uploaded to a webpage hosted on the device. The device then interrogates the upload to make sure it is valid and proceeds to install any updates via dpkg/apt calls. Furthermore, some of the libraries for my device reside in a LUKS encrypted container which gets mounted at boot time.
An immutable image of the entire device OS with FDE and SB sounds very appealing. But I’m struggling somewhat with what the distribution/installation options are that exist today. So far I’ve gone through the process of bundling some my software into a snap and using “dd” to deploy the base x86 image to a machine but that is it.
It is highly likely that many instances of my device will never be internet connected so the brand store does little for updates in the field. Their networking is often a single RJ45 cable between device and a client workstation running a web browser.
What options are there for image updates in this constrained network paradigm?
Can core images be encrypted to target specific model/device keys? (i.e. how is the software contained within an image protected from prying eyes)
From this page: https://ubuntu.com/core/docs/reference/assertions/serial
The precise implementation of this cryptography may vary from device to device, based on the hardware and software capabilities of that device, and is part of the gadget snap.
Is there an installer mechanism that can interrogate an attestation key in the TPM to validate the target hardware is valid for the image installation?