For secure software updates in the IoT context additional mechanisms have to be in place:
It is necessary to ensure that artifacts themselves are protected end-to-end, using digital signatures and encryption to safeguard their confidentiality, authenticity, and integrity during the update process.
It is recommended to rely on an asymmetric key encryption scheme, if supported by the device. This functionality is not offered by Bosch IoT Rollouts by design.
Signatures have to be generated and signed by a trusted source as a result of the artifact release process.
The responsibility of Bosch IoT Rollouts as part of a secure update infrastructure, is to distribute artifacts securely.
The end-to-end trust relationship has to be established between the device and the authority that published the artifacts.
We strongly advise not to distribute the encryption key with Bosch IoT Rollouts as this would undermine the benefits of the encryption mechanism.
Solutions for managing encryption keys on devices exist, e.g. by the Bosch group.
It is as well recommended for IoT devices to implement a secure boot mechanism that prevents persistent compromise of IoT devices and helps to protect from potential misuse of secret key material.