Skip to content

Commit

Permalink
tt
Browse files Browse the repository at this point in the history 
Signed-off-by: Camila Macedo <[email protected]>
  • Loading branch information
Camila Macedo committed Oct 3, 2023
1 parent 464ddee commit 34969c0
Showing 1 changed file with 10 additions and 10 deletions.
20 changes: 10 additions & 10 deletions source/reference-manual/security/offline-keys.rst
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
.. _ref-offline-keys:

Understanding TUF Keys and Their Importance
Understanding TUF Keys And Their Importance
============================================

The Update Framework (TUF) provides a method to secure software update systems.
Expand Down Expand Up @@ -82,7 +82,7 @@ every handover point, from the warehouse to their doorstep.
It will show you a list of our recommendations about improving your TUF usage, which evolve over time.
For example, it can show you the up to date information about the `Recommended Offline TUF Keys Schema`_.

Online vs Offline Keys
Online VS Offline Keys
-----------------------

**Online Keys:**
Expand All @@ -96,7 +96,7 @@ to a myriad of online attacks.
These keys are not connected to the internet. They are stored in a location that's offline.

Check warning on line 96 in source/reference-manual/security/offline-keys.rst

View workflow job for this annotation

GitHub Actions / runner / vale 

[vale] reported by reviewdog 🐶
[Fio-docs.Contractions] Avoid Contractions: Use 'that is' not 'that's'.

Raw Output:
{"message": "[Fio-docs.Contractions] Avoid Contractions: Use 'that is' not 'that's'.", "location": {"path": "source/reference-manual/security/offline-keys.rst", "range": {"start": {"line": 96, "column": 77}}}, "severity": "WARNING"}
Being offline makes them much less susceptible to online attacks, making them more secure.

Why Rotate the TUF Root Key?
Why Rotate The TUF Root Key?
----------------------------

The TUF root key is the foundation of trust in the TUF system. It's essential to ensure that this key is as secure

Check warning on line 102 in source/reference-manual/security/offline-keys.rst

View workflow job for this annotation

GitHub Actions / runner / vale 

[vale] reported by reviewdog 🐶
[Fio-docs.Contractions] Avoid Contractions: Use 'it is' not 'It's'.

Raw Output:
{"message": "[Fio-docs.Contractions] Avoid Contractions: Use 'it is' not 'It's'.", "location": {"path": "source/reference-manual/security/offline-keys.rst", "range": {"start": {"line": 102, "column": 64}}}, "severity": "WARNING"}
Expand Down Expand Up @@ -160,7 +160,7 @@ Following a summary of the practical steps as an overview.

Now, check the further sections for a deeper understand of those operations.

How to Rotate Offline TUF Root Key
How To Rotate Offline TUF Root Key
----------------------------------

The TUF root key is the most important key in TUF.
Expand Down Expand Up @@ -205,7 +205,7 @@ Onwards, use a shorter command to rotate your (offline) TUF root key::
That will lead to the inability to deliver new :ref:`Over-the-Air (OTA) updates <ref-ota>` to your Factory devices.
Therefore, after each TUF root key rotation, we recommend that you `Backup Offline TUF Keys`_ as described below.

How to Rotate Offline TUF Targets Key
How To Rotate Offline TUF Targets Key
-------------------------------------

TUF has the notion of a ``targets.json`` file which specifies what updates (Targets) are available to Factory devices.
Expand Down Expand Up @@ -253,7 +253,7 @@ This will perform the following steps:
If you lose the offline TUF targets key, a new key can be generated if you have your Factory offline TUF root key.
However, losing this key may be inconvenient if more than one Factory admin can manage production targets.

The Need to View Offline TUF Keys
The Need To View Offline TUF Keys
---------------------------------

Understanding when and why to view Offline TUF Keys is crucial for maintaining the security and trustworthiness of your update system. Here's a breakdown:
Expand All @@ -270,7 +270,7 @@ Understanding when and why to view Offline TUF Keys is crucial for maintaining t
- Amidst Security Alerts: If there's any hint or evidence of a key compromise, you must conduct an immediate check to verify its authenticity.
- Routine Checks: Just like regular health check-ups, periodically inspect the keys as part of system maintenance and security hygiene.

How to View Offline TUF Keys
How To View Offline TUF Keys
----------------------------

The Factory's TUF metadata can be viewed using this Fioctl_ command::
Expand Down Expand Up @@ -321,7 +321,7 @@ See the section `How to Backup Offline TUF Keys`_ below, how the internal struct

.. _Backup Offline TUF Keys:

How to Backup Offline TUF Keys
How To Backup Offline TUF Keys
------------------------------

There are 3 recommended ways for backing up your Factory TUF keys:
Expand Down Expand Up @@ -352,7 +352,7 @@ Over time our engineers will add more items to that list as we develop new secur

.. _ref-offline-keys-more-than-1-root:

How to Add More Than 1 Offline TUF Keys
How To Add More Than 1 Offline TUF Keys
+++++++++++++++++++++++++++++++++++++++

Usually, you need to add more than 1 offline TUF signing key for your TUF roles in one of these use cases:
Expand Down Expand Up @@ -423,7 +423,7 @@ At any moment before applying the changes, and admin can cancel the transaction

Any user with admin rights can cancel the TUF root updates transaction, not only the one who initiated it.

How to Increase the TUF Signature Threshold
How To Increase the TUF Signature Threshold
+++++++++++++++++++++++++++++++++++++++++++

Requiring more than 1 offline signature for any TUF root changes greatly improves the TUF root role security.
Expand Down

0 comments on commit 34969c0

Please sign in to comment.