Closed hexsecs closed 1 year ago
@hexsecs Are you still planning to draft this copy and we are here just to review it?
I'm happy to review, but I don't have time near-term to write content for the Getting Started page.
I do think it would be fine to let this topic largely be future for Uptane Standards contributors.
Here is a quick crack at it....
Getting Started with Uptane
Welcome to the "Getting Started" guide for Uptane, the standard framework designed to secure software updates for vehicles. Whether you're a developer, security professional, or just a curious individual, this guide will provide you with a foundational understanding of Uptane and how it's revolutionizing automotive software security.
Uptane is an open-source framework that ensures the security of software updates for vehicles. Given the increasing complexity of modern vehicles, which often rely on numerous software components, ensuring that these updates are secure and tamper-proof is crucial. Uptane addresses potential vulnerabilities and threats that can arise during the software update process.
Security: Uptane provides a multi-layered defense against various types of attacks, including those by nation-states.
Flexibility: It's designed to work seamlessly with existing software update systems.
Community-Driven: Being open-source, Uptane benefits from the collective expertise of the global developer community.
Learn more in Uptane Theat Model section.
Director Repository: Determines which updates should be sent to each vehicle.
Image Repository: Stores the metadata about the available images (software updates).
End-to-end Security: Ensures that vehicles only install updates from legitimate sources.
Compromise Resilience: Even if an attacker compromises one part of the update system, other parts remain secure.
Learn more in the Uptane Design section. <-- fix to relative path
Understand the Uptane Standard: Familiarize yourself with the Uptane Standard to understand its specifications and guidelines. <--fix to relative link
Define Implementation Requirements: Protocols, Operations, Usage, and Formats (POUFs) precisely specifies the wireline format and operations that any implementation using it must obey. Hence, implementations that use the same POUF are able to interoperate. An automotive OEM would establish a POUF definition for their particular Uptane update strategy.
Set Up Repositories: Establish the Director and Image repositories.
Integrate with Your Update System: Modify your existing software update system to work with Uptane's repositories and verification processes.
Test: Before deploying, rigorously test the system to ensure it works as expected.
Learn more in the Uptane Deployment Best Practices section.
Uptane GitHub Repositories: Access the source code and contribute to the project.
Uptane Deployment Best Practices: A guide to help you deploy Uptane effectively. <-- fix to relative link
Uptane Community: Join the community, participate in discussions, and stay updated with the latest developments. <---
Q: Is Uptane only for vehicles?
A: While Uptane was primarily designed for vehicles, its principles can be adapted for other IoT devices.
Q: How does Uptane differ from other update security systems?
A: Uptane offers a unique multi-layered defense approach, ensuring that even if one part is compromised, the entire system remains secure.
We hope this guide provides a clear starting point for your journey with Uptane. As the world of automotive software continues to evolve, Uptane stands as a beacon of security, ensuring that vehicles remain safe and trustworthy. Dive in, explore, and be part of this community!
This on the whole is great.
I would add a link to the first Whitepaper to your resources list. It's a pretty basic breakdown of what Uptane is and how it works (https://uptane.github.io/papers/uptane_first_whitepaper_7821.pdf). I would also modify the FAQs a bit. We might want to consider taking this out of the FAQ format. It looks a bit weird to have an FAQ with only two points. Maybe we could work these two points into the concluding paragraph.
Q: Is Uptane only for vehicles? A: While Uptane was primarily designed for vehicles, its principles can be adapted for other IoT devices. The community is already aware of applications in robotics, industrial systems, medical and health care equipment, mart city devices, and aviation.
Q: How does Uptane differ from other update security systems? A: Uptane offers a unique multi-layered defense approach, ensuring that even if one part is compromised, the entire system remains secure. It's modular approach, in which features can be added in stages. In this way, it can offer improved protection to legacy systems.
This on the whole is great.
I would add a link to the first Whitepaper to your resources list. It's a pretty basic breakdown of what Uptane is and how it works (https://uptane.github.io/papers/uptane_first_whitepaper_7821.pdf). I would also modify the FAQs a bit. We might want to consider taking this out of the FAQ format. It looks a bit weird to have an FAQ with only two points. Maybe we could work these two points into the concluding paragraph.
Q: Is Uptane only for vehicles? A: While Uptane was primarily designed for vehicles, its principles can be adapted for other IoT devices. The community is already aware of applications in robotics, industrial systems, medical and health care equipment, mart city devices, and aviation.
Q: How does Uptane differ from other update security systems? A: Uptane offers a unique multi-layered defense approach, ensuring that even if one part is compromised, the entire system remains secure. It's modular approach, in which features can be added in stages. In this way, it can offer improved protection to legacy systems.
@jhdalek55 for the getting started page do we need this and the above content only or do we need anything else, if this is fine should I just add that in the getting started file?
I think the content is sufficient with my suggested changes. I'm just not sure I like the FORMAT of a FAQ with just two questions. But, if Ira and Phil are fine with it, let's move forward. I can't think of anything else that needs to be added at this time.
Lois
On Sat, Sep 23, 2023 at 11:06 AM Abhijay Jain @.***> wrote:
This on the whole is great.
I would add a link to the first Whitepaper to your resources list. It's a pretty basic breakdown of what Uptane is and how it works ( https://uptane.github.io/papers/uptane_first_whitepaper_7821.pdf https://urldefense.proofpoint.com/v2/url?u=https-3A__uptane.github.io_papers_uptane-5Ffirst-5Fwhitepaper-5F7821.pdf&d=DwMCaQ&c=slrrB7dE8n7gBJbeO0g-IQ&r=hgBKIqNYIOwzXeBjPUaKRw&m=g-2jAHCT0Bk_l3RAEX4iNNg90WZXVM-5-P7P44bdbZn4XctzWpQUCuHw1RQAjsRg&s=ecUcBDPQk_W6lTKx23gvnQiHQR1c_4Bt-M7frnJTvMQ&e=). I would also modify the FAQs a bit. We might want to consider taking this out of the FAQ format. It looks a bit weird to have an FAQ with only two points. Maybe we could work these two points into the concluding paragraph.
Q: Is Uptane only for vehicles? A: While Uptane was primarily designed for vehicles, its principles can be adapted for other IoT devices. The community is already aware of applications in robotics, industrial systems, medical and health care equipment, mart city devices, and aviation.
Q: How does Uptane differ from other update security systems? A: Uptane offers a unique multi-layered defense approach, ensuring that even if one part is compromised, the entire system remains secure. It's modular approach, in which features can be added in stages. In this way, it can offer improved protection to legacy systems.
@jhdalek55 https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_jhdalek55&d=DwMCaQ&c=slrrB7dE8n7gBJbeO0g-IQ&r=hgBKIqNYIOwzXeBjPUaKRw&m=g-2jAHCT0Bk_l3RAEX4iNNg90WZXVM-5-P7P44bdbZn4XctzWpQUCuHw1RQAjsRg&s=yGnFy5bcL0_eHexoyfMsh7fBFTz7Xh8T7tIpAzGyRKw&e= for the getting started page do we need this and the above content only or do we need anything else, if this is fine should I just add that in the getting started file?
— Reply to this email directly, view it on GitHub https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_Abhijay007_uptane-2Ddemo_issues_11-23issuecomment-2D1732338101&d=DwMCaQ&c=slrrB7dE8n7gBJbeO0g-IQ&r=hgBKIqNYIOwzXeBjPUaKRw&m=g-2jAHCT0Bk_l3RAEX4iNNg90WZXVM-5-P7P44bdbZn4XctzWpQUCuHw1RQAjsRg&s=DrZNIS0Y1WQWBnfIWJYf-HzPOoCAaG0KahzM67ypBYs&e=, or unsubscribe https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_notifications_unsubscribe-2Dauth_ADPGUX3FP7BR6VSA55XV4HLX333IJANCNFSM6AAAAAA5DBPBPE&d=DwMCaQ&c=slrrB7dE8n7gBJbeO0g-IQ&r=hgBKIqNYIOwzXeBjPUaKRw&m=g-2jAHCT0Bk_l3RAEX4iNNg90WZXVM-5-P7P44bdbZn4XctzWpQUCuHw1RQAjsRg&s=I_kPVEaK_g3ey88Kd5MrEx1FLZfnLl2HohzEb3zR2lQ&e= . You are receiving this because you were mentioned.Message ID: @.***>
For now (to launch new Uptane website), I think the content is sufficient now (with proposed changes from Lois). I think we should wrap it up and close this issue.
We need to create the copy for the getting started page.