Abhijay007 / uptane-demo

Apache License 2.0
1 stars 0 forks source link

Content for "Getting Started" page #11

Closed hexsecs closed 1 year ago

hexsecs commented 1 year ago

We need to create the copy for the getting started page.

jhdalek55 commented 1 year ago

@hexsecs Are you still planning to draft this copy and we are here just to review it?

iramcdonald commented 1 year ago

I'm happy to review, but I don't have time near-term to write content for the Getting Started page.
I do think it would be fine to let this topic largely be future for Uptane Standards contributors.

hexsecs commented 1 year ago

Here is a quick crack at it....

Getting Started with Uptane

Welcome to the "Getting Started" guide for Uptane, the standard framework designed to secure software updates for vehicles. Whether you're a developer, security professional, or just a curious individual, this guide will provide you with a foundational understanding of Uptane and how it's revolutionizing automotive software security.

1. What is Uptane?

Uptane is an open-source framework that ensures the security of software updates for vehicles. Given the increasing complexity of modern vehicles, which often rely on numerous software components, ensuring that these updates are secure and tamper-proof is crucial. Uptane addresses potential vulnerabilities and threats that can arise during the software update process.

2. Why Uptane?

Learn more in Uptane Theat Model section.

3. Key Features of Uptane

Learn more in the Uptane Design section. <-- fix to relative path

4. Getting Started with Implementation

  1. Understand the Uptane Standard: Familiarize yourself with the Uptane Standard to understand its specifications and guidelines. <--fix to relative link

  2. Define Implementation Requirements: Protocols, Operations, Usage, and Formats (POUFs) precisely specifies the wireline format and operations that any implementation using it must obey. Hence, implementations that use the same POUF are able to interoperate. An automotive OEM would establish a POUF definition for their particular Uptane update strategy.

  3. Set Up Repositories: Establish the Director and Image repositories.

  4. Integrate with Your Update System: Modify your existing software update system to work with Uptane's repositories and verification processes.

  5. Test: Before deploying, rigorously test the system to ensure it works as expected.

Learn more in the Uptane Deployment Best Practices section.

5. Resources

6. FAQs

Q: Is Uptane only for vehicles?
A: While Uptane was primarily designed for vehicles, its principles can be adapted for other IoT devices.

Q: How does Uptane differ from other update security systems?
A: Uptane offers a unique multi-layered defense approach, ensuring that even if one part is compromised, the entire system remains secure.

We hope this guide provides a clear starting point for your journey with Uptane. As the world of automotive software continues to evolve, Uptane stands as a beacon of security, ensuring that vehicles remain safe and trustworthy. Dive in, explore, and be part of this community!

jhdalek55 commented 1 year ago

This on the whole is great.

I would add a link to the first Whitepaper to your resources list. It's a pretty basic breakdown of what Uptane is and how it works (https://uptane.github.io/papers/uptane_first_whitepaper_7821.pdf). I would also modify the FAQs a bit. We might want to consider taking this out of the FAQ format. It looks a bit weird to have an FAQ with only two points. Maybe we could work these two points into the concluding paragraph.

Q: Is Uptane only for vehicles? A: While Uptane was primarily designed for vehicles, its principles can be adapted for other IoT devices. The community is already aware of applications in robotics, industrial systems, medical and health care equipment, mart city devices, and aviation.

Q: How does Uptane differ from other update security systems? A: Uptane offers a unique multi-layered defense approach, ensuring that even if one part is compromised, the entire system remains secure. It's modular approach, in which features can be added in stages. In this way, it can offer improved protection to legacy systems.

Abhijay007 commented 1 year ago

This on the whole is great.

I would add a link to the first Whitepaper to your resources list. It's a pretty basic breakdown of what Uptane is and how it works (https://uptane.github.io/papers/uptane_first_whitepaper_7821.pdf). I would also modify the FAQs a bit. We might want to consider taking this out of the FAQ format. It looks a bit weird to have an FAQ with only two points. Maybe we could work these two points into the concluding paragraph.

Q: Is Uptane only for vehicles? A: While Uptane was primarily designed for vehicles, its principles can be adapted for other IoT devices. The community is already aware of applications in robotics, industrial systems, medical and health care equipment, mart city devices, and aviation.

Q: How does Uptane differ from other update security systems? A: Uptane offers a unique multi-layered defense approach, ensuring that even if one part is compromised, the entire system remains secure. It's modular approach, in which features can be added in stages. In this way, it can offer improved protection to legacy systems.

@jhdalek55 for the getting started page do we need this and the above content only or do we need anything else, if this is fine should I just add that in the getting started file?

jhdalek55 commented 1 year ago

I think the content is sufficient with my suggested changes. I'm just not sure I like the FORMAT of a FAQ with just two questions. But, if Ira and Phil are fine with it, let's move forward. I can't think of anything else that needs to be added at this time.

Lois

On Sat, Sep 23, 2023 at 11:06 AM Abhijay Jain @.***> wrote:

This on the whole is great.

I would add a link to the first Whitepaper to your resources list. It's a pretty basic breakdown of what Uptane is and how it works ( https://uptane.github.io/papers/uptane_first_whitepaper_7821.pdf https://urldefense.proofpoint.com/v2/url?u=https-3A__uptane.github.io_papers_uptane-5Ffirst-5Fwhitepaper-5F7821.pdf&d=DwMCaQ&c=slrrB7dE8n7gBJbeO0g-IQ&r=hgBKIqNYIOwzXeBjPUaKRw&m=g-2jAHCT0Bk_l3RAEX4iNNg90WZXVM-5-P7P44bdbZn4XctzWpQUCuHw1RQAjsRg&s=ecUcBDPQk_W6lTKx23gvnQiHQR1c_4Bt-M7frnJTvMQ&e=). I would also modify the FAQs a bit. We might want to consider taking this out of the FAQ format. It looks a bit weird to have an FAQ with only two points. Maybe we could work these two points into the concluding paragraph.

Q: Is Uptane only for vehicles? A: While Uptane was primarily designed for vehicles, its principles can be adapted for other IoT devices. The community is already aware of applications in robotics, industrial systems, medical and health care equipment, mart city devices, and aviation.

Q: How does Uptane differ from other update security systems? A: Uptane offers a unique multi-layered defense approach, ensuring that even if one part is compromised, the entire system remains secure. It's modular approach, in which features can be added in stages. In this way, it can offer improved protection to legacy systems.

@jhdalek55 https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_jhdalek55&d=DwMCaQ&c=slrrB7dE8n7gBJbeO0g-IQ&r=hgBKIqNYIOwzXeBjPUaKRw&m=g-2jAHCT0Bk_l3RAEX4iNNg90WZXVM-5-P7P44bdbZn4XctzWpQUCuHw1RQAjsRg&s=yGnFy5bcL0_eHexoyfMsh7fBFTz7Xh8T7tIpAzGyRKw&e= for the getting started page do we need this and the above content only or do we need anything else, if this is fine should I just add that in the getting started file?

— Reply to this email directly, view it on GitHub https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_Abhijay007_uptane-2Ddemo_issues_11-23issuecomment-2D1732338101&d=DwMCaQ&c=slrrB7dE8n7gBJbeO0g-IQ&r=hgBKIqNYIOwzXeBjPUaKRw&m=g-2jAHCT0Bk_l3RAEX4iNNg90WZXVM-5-P7P44bdbZn4XctzWpQUCuHw1RQAjsRg&s=DrZNIS0Y1WQWBnfIWJYf-HzPOoCAaG0KahzM67ypBYs&e=, or unsubscribe https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_notifications_unsubscribe-2Dauth_ADPGUX3FP7BR6VSA55XV4HLX333IJANCNFSM6AAAAAA5DBPBPE&d=DwMCaQ&c=slrrB7dE8n7gBJbeO0g-IQ&r=hgBKIqNYIOwzXeBjPUaKRw&m=g-2jAHCT0Bk_l3RAEX4iNNg90WZXVM-5-P7P44bdbZn4XctzWpQUCuHw1RQAjsRg&s=I_kPVEaK_g3ey88Kd5MrEx1FLZfnLl2HohzEb3zR2lQ&e= . You are receiving this because you were mentioned.Message ID: @.***>

iramcdonald commented 1 year ago

For now (to launch new Uptane website), I think the content is sufficient now (with proposed changes from Lois). I think we should wrap it up and close this issue.

Abhijay007 commented 1 year ago

closing via https://github.com/Abhijay007/uptane-demo/commit/20790114a9542a973e5d521a1180c4f2ef28bb3f