@@ -1,9 +1,9 @@
.. SPDX-FileCopyrightText: 2013-2021 Stefano Babic <stefano.babic@swupdate.org>
.. SPDX-License-Identifier: GPL-2.0-only
-==================
-Project's road-map
-==================
+=============================
+Proposals to improve SWUpdate
+=============================
Please take into account that most of the items here are *proposals*.
I get some ideas talking with customers, some ideas are my own thoughts.
@@ -26,27 +26,11 @@ itself.
Core features
=============
-Support for further compressors
--------------------------------
-
-SWUpdate supports image compressed with following formats: zlib, zstd. This is
-a compromise between compression rate and speed to decompress the single artifact.
-To reduce bandwidth or for big images, a stronger compressor could help.
-Adding a new compressor must be careful done because it changes the core of
-handling an image.
-
Support for OpenWRT
-------------------
OpenWRT is used on many routers and has its own way for updating that is not power-cut safe.
-Selective downloading
----------------------
-
-Bandwidth can be saved not only via delta, but identifying which part of the SWu must be
-loaded and skipping the rest. For example, SWUpdate can detect the versions for artifact before
-downloading them and ask the servers to send just the relevant artifacts.
-
Software-Software compatibility
-------------------------------
@@ -66,36 +50,17 @@ in libconfig, a manual conversion is still required.
Fetcher and interfaces
======================
-Downloader
-----------
-
-The downloader is a one-shot command: when -d is set, SWUpdate loads the SWU from the provided
-URL. This behavior is high requested and must be even supported in future, but another
-use case is to run the downloader as daemon (like suricatta) and checks if a new SWU is
-available at the specified URL. It should be as an alternative server for suricatta and
-this allows to control it via IPC (enable/disable/trigger).
+- No plan
Tools and utilities
===================
-Self contained tool to generate Update Packages (SWU)
------------------------------------------------------
-
-Generation of SWUs is fully supported inside OE via meta-swupdate, but there is no
-support at all with other buildsystems (Buildroot, Debian). The user have a not preordered
-bunch of programs and scripts to generate the SWU, and mostly they are not generic enough.
-It will be interesting to create a `buildswu` tool, running on host system, that can create
-form a configuration a SWU. The tool must support all features, that means it should be able
-to pack artfact, generate sw-description from templates, sign the SWU, encrypt the artifact,
-etc.
-
+- No plan
Lua
===
- API between SWUpdate and Lua is poorly documented.
-- Extend Lua to load modules at startup with functions that are globally visible
- and can be used by own Lua scripts or by the embedded-script in sw-description.
- Store in SWUpdate's repo Lua libraries and common functions to be reused by projects.
Handlers:
@@ -138,18 +103,19 @@ BTRFS supports subvolume and delta backup for volumes - supporting subvolumes is
to move the delta approach to filesystems, while SWUpdate should apply the deltas
generated by BTRFS utilities.
-Security
-========
+Security / Crypto engines
+=========================
- add support for asymmetryc decryption
-
-Support for evaluation boards
-=============================
-
-meta-swupdate-boards contains examples with evaluation boards.
-Currently, there are examples using Beaglebone Black,
-Raspberri PI 3 and Wandboard. The repo is a community driven project:
-patches welcome.
+- rework support for crypto engine - let possible to load multiple libraries at
+ the same time. Currently, there is support for openSSL, WolfSSL and mbedTLS.
+ However, WolfSSL are mising together. There should be a way to select one or more
+ libraries and independently the algorithms that SWUpdate should support.
+ Some hacks are currently built to avoid conflicts (pkcs#7 and CMS are the same
+ thing, but supported by different libraries), and they should be solved.
+- add more algorythms for decryption, as AES-CTR can be very useful to decrypt
+ chunks in delta updates.
+- Support for TPM2 to store secrets (requires rework above).
Back-end support (suricatta mode)
=================================
@@ -186,21 +152,6 @@ SWUpdate in down-loader mode works as one-shot: it simply try to download a SWU
from a URL. For simple applications, it could be moved into `suricatta` to detect
if a new version is available before downloading and installing.
-Back-end: support for Mender
-----------------------------
-
-There was several discussion how to make a stronger collaboration between
-different update solution and a proposal discussed previously is to use SWUpdate as client
-to upgrade from a Mender server, see `BOF at ELCE 2017 <https://elinux.org/images/0/0c/BoF_secure_ota_linux.pdf>`_
-
-Support for multiple Servers simultaneously
--------------------------------------------
-
-Currently, suricatta's server backends are a mutually exclusive
-compile-time choice. There is no interest to have multiple OTA at the same time.
-This feature won't be implemented and I will remove this from roadmap if no
-interest will be waked up.
-
Test and Continuous Integration
===============================
Many goals in roadmap were reached and the documentation there is obsolete (SWUGenerato as stand-alone tool, etc.). Some proposals seem obsolete because there was no request to implement them, even if present in the doc since years. Rework the file, add some more useful proposal. Signed-off-by: Stefano Babic <stefano.babic@swupdate.org> --- doc/source/roadmap.rst | 81 +++++++++--------------------------------- 1 file changed, 16 insertions(+), 65 deletions(-) -- 2.34.1