OTA Connect Developer Guide

Secure your software updates

To secure your software updates, OTA Connect ensures that all software files have accompanying metadata that is signed according to the Uptane framework.

When evaluating OTA Connect you don’t have to worry about signing this metadata yourself. The OTA Connect server automatically signs the metadata after you upload software.

However, for this process to work, the OTA Connect server must host the private keys that are used to sign the metadata. This is a security risk — if an attacker is able to infiltrate the OTA Connect server, they can use these private keys to sign metadata for malicious software and send it to your devices.

To prevent an event like this from happening, you should take these private keys offline and sign the metadata in your development environment. Then you can push the signed metadata back to the server. To do this, you use the garage-sign command which is part of our garage-deploy tool.