Hacker News new | past | comments | ask | show | jobs | submit login

<disclaimer: I am with Mender>

We have been evaluating OSTree as a potential building block for Mender, however the key challenges we've come across:

integrating OSTree into an existing device/OS seems quite invasive - https://ostree.readthedocs.io/en/latest/manual/adapting-exis...

block level signatures is not possible, which we feel is a requirement for an over-the-air updater

rollback is not built-in and can be quite challenging to implement reliably (bootloader level)

Think OSTree as more of a building block, like Git is for your development process. We might use it in the future but robustness and easy integration are our first priorities.

Why is it important to have signatures at the block level? Wouldn't signing an archive or binary diff be good enough?

Signing an archive would probably be good enough for many cases. Block level is a bit simpler (all or nothing) and thus less risk of mixing with unsigned parts (sideloading attacks).

For security-sensitive embedded devices (e.g. payment terminals), block level signatures would allow hardware verification during boot as well (1st stage bootloader verifies 2nd stage, then kernel, etc.) if designed correctly.

Applications are open for YC Winter 2021

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact