This kind of functionality should be possible, but it would most likely need some work.
This “sealed” status your devices can have. Are they already sealed when they leave the factory floor. Or can they be sealed dynamically on the field?
What I’m thinking is, is the following. Right now Aktualizr reports to the Cloud predetermined state information. I don’t believe it’s possible currently, to send back custom state information like in your case with the sealed/unsealed states.
That said there’s still some options. For context on our devices we have this file that defines all the valid update package types that Aktualizr will accept from the cloud:
{
"docker-compose": [
{
"partial_verifying": false,
"ecu_hardware_id": "docker-compose",
"full_client_dir": "/var/sota/storage/docker-compose",
"ecu_private_key": "sec.private",
"ecu_public_key": "sec.public",
"firmware_path": "/var/sota/storage/docker-compose/docker-compose.yml",
"target_name_path": "/var/sota/storage/docker-compose/target_name",
"metadata_path": "/var/sota/storage/docker-compose/metadata"
}
],
"torizon-generic": [
{
"partial_verifying": false,
"ecu_hardware_id": "@@MACHINE@@-bootloader",
"full_client_dir": "/var/sota/storage/bootloader",
"ecu_private_key": "sec.private",
"ecu_public_key": "sec.public",
"firmware_path": "/var/sota/storage/bootloader/u-boot.img",
"target_name_path": "/var/sota/storage/bootloader/target_name",
"metadata_path": "/var/sota/storage/bootloader/metadata",
"action_handler_path": "/usr/bin/bl_actions.sh"
}
]
}
Here you can see this device will only accept package types with hardware ids matching either docker-compose
or <machine>-bootloader
. What I was thinking was that you could have separate hardware id types for legal and non-legal software. A device that was unsealed would have both hardware id types listed, while a sealed device would only have the non-legal software listed.
This way from the Cloud side sealed devices wouldn’t even be capable of accepting updates for legal software since it would not be listed as a valid hardware id type for it. Additionally. you would be separating your software into legal and non-legal relevant components anyways so it kind of makes sense to treat these as different package types.
This should be possible today. It does depend a little on how your devices get “sealed” as per my question at the start.
Also if you want I can try to arrange a call with our team so we can better discuss your use-case here and what we can offer you to achieve this.
Best Regards,
Jeremias