Uptane is hosting a free online workshop on March 31 from 9 to 11 a.m. (EDT) entitled “A Conversation on End-to-End Secure Automotive Software Updates.” To register, click here. For more information, including the agenda and brief biographies of the featured speakers, click here. The slide decks for the conference can also be accessed as follows: Introductory/Uptane, Supply chain overview, and SBOM overview.
The Uptane Standard team has also prepared a survey to help us determine where to focus our outreach initiatives for 2023. Please click here to complete the survey and be sure to share the link with your colleagues as well.
Uptane is an open and secure software update framework design which protects software delivered over-the-air to automobile electronic control units (ECUs). The framework protects against malicious actors who can compromise servers and networks used to sign and deliver updates. Hence, it is designed to be resilient even to the best efforts of nation state attackers. There are multiple different free open source and closed source implementations available. Uptane is integrated into Automotive Grade Linux, an open source system currently used by many large OEMs, and has also been adopted by a number of U.S. and international manufacturers.
Uptane was first created in 2016 in a collaboration between NYU, UMTRI, SwRI, and automotive industry experts. It was developed as an open source framework under a grant from the U.S. Department of Homeland Security. It expands on The Update Framework, used in many production software update systems. In July 2018, formal standardization of Uptane began under a non-profit consortium called the Uptane Alliance. Uptane Standard for Design and Implementation version 1.0, which presents procedures for secure design and implementation of the framework, was released on July 31, 2019, under the auspices of the IEEE/ISTO Federation. The initiative now continues as a Linux Foundation Joint Development Foundation project, with versions 1.1.0 and 1.2.0 released in 2021. The most recent version, 2.0.0 was released in March 2022. Recommended deployment strategies are under active development, and are published and regularly updated on this site. All Uptane materials, including technical papers, and security audits are also freely available for all to use without a fee.