Main GSoC Linux Foundation page: How to apply, deadlines, other workgroups, ...

What is Uptane?

Uptane, a Linux Foundation Joint Development Foundation project, is an open source, compromise-resilient software update system for vehicles. It uses layered defense mechanisms so would-be attackers need to overcome a hierarchy of access levels in order to do serious harm. By building these multiple levels into the security system, damage from any incursions—such as attackers compromising servers, bribing operators, or gaining access to vehicular networks—will be limited in how much damage they can cause. The Uptane framework is flexible and can be incorporated into the types of software update strategies already in use in the auto industry. Among other adoptions, Uptane is incorporated into the security programs of Automotive Grade Linux through the HERE actualized program.

Initially developed under a grant from the U.S. Department of Homeland Security, Uptane was created by a team of researchers from the New York University Tandon School of Engineering in Brooklyn, NY, the University of Michigan Transportation Research Institute in Ann Arbor, MI, and the Southwest Research Institute in Austin, TX. It was formally standardized under a non-profit consortium called the Uptane Alliance on July 31, 2019, under the auspices of the IEEE/ISTO Federation. Uptane will be releasing V.2.0.0 of its Standard In early 2022.

Uptane website: https://uptane.github.io/

GitHub repository/code base: https://github.com/uptane/

Mailing list: uptane@googlegroups.com

Mentors: Lois A DeLong (lad278 at nyu dot edu), TBA

Aktualizr is an Uptane client written in C++ targeting embedded Linux systems. Uptane’s core functionality is securing and validating software updates in very security-sensitive and safety-critical systems. Aktualizr combines two important areas of functionality: implementing Uptane to actually validate software updates, and then installing those software updates. Currently, aktualizr only supports OSTree as a method of installing updates as an Uptane primary.

This GSoC project would contribute to aktualizr to implement support for an A/B partition-based update method—either through Swupdate or RAUC, two popular open-source software updaters. There is already support in libaktualizr for using additional package managers, so the integration point is ready. Ideally, however, this would be done with collaboration from the maintainers of these projects.

Key skills required: Systems-level programming in C++
Potential mentors: Jon Oster, Patti Vacek, Phil Wise, Rogerio Borin, Phil Lapczynski, Person-to-be-named-later from SWUpdate or RAUC project.

The Uptane project has open-source implementations of the core back-end services required to operate an Uptane system at scale, with Scala implementations of a device registry, director server, and TUF image repo server. These services are used in real-world implementations, but generally require some expertise both to set up and to use. A simplified, docker-based method of deploying the services is available with OTA Community Edition, so a developer with sufficient experience can get a working base system. However, this system doesn’t have a UI, a key element for allowing ordinary users to interact with the system.

This GSoC project would develop a new, simplified UI from scratch and integrate it into OTA Community Edition, allowing users evaluating Uptane to use the entire system. It should also include a robust test suite for all areas of functionality, to ensure that any upstream changes in the core services don’t break the UI.

Key skills required: Front-end/UI development, automated testing, CI/CD
Potential mentors: Jon Oster, Temi Adeyeri, ???