starlingx/docs
Code Issues Proposed changes
Files
eede94e45dcb0b5e7cb4cb2c09da413d381003d5
docs/doc/source/introduction/consuming.rst
Ron Stone 748740b0ed Consuming StX updates 
Add clarification and guidance for security and patching
limitations and work-arounds.
Correct copy/paste error.

Launchpad: 1990142

Signed-off-by: Ron Stone <ronald.stone@windriver.com>
Change-Id: I97dce2e0320b4fdceb43ad128963737745ea13df
2022-10-11 07:34:02 -04:00

67 lines
3.0 KiB
ReStructuredText
Raw Blame History

===================
Consuming StarlingX
===================
While |prod| is a ready-to-use solution, it is important to understand some
limitations to what you can do with the open source software and |prod|
Community ISO builds. Software features like secure boot, live software
update/patching and live software upgrades are not fully enabled by the
community.
* The community does not provide signed software images, which are needed to
implement security features such as |UEFI| Secure Boot. Providing signed images
is typically the responsibility of commercial vendors or the users
themselves.
* The commuity does not provide software updates/patches (i.e. for bug fixes or
new |CVE| vulnerabilities) to |prod| released ISOs.
* The community does not support or test software upgrades from one |prod|
release to the next |prod| Release. Very often, for software upgrades to
work from |prod| release N (old/existing) to |prod| release N+1 (new),
a software-upgrade-enabling 'update/patch' is required for |prod|
release N. Because the |prod| community does not provide/build software
update patches, this patch is not available from the |prod| community,
and therefore software upgrades may not necessarily work and are not tested
by the |prod| community.
Here are three ways in which you can consume |prod|.
Deploy the open source code
---------------------------
You can use the open source software directly. Our community partner CENGN
provides a |prod| mirror with ready-to-run ISO images of the current |prod|
releases and daily builds.
View the `CENGN StarlingX mirror
<http://mirror.starlingx.cengn.ca/mirror/starlingx/>`_.
As previously mentioned, these images are not signed and thus do not support
secure booting. Also, as previously mentioned, live software updates may not
necessarily work without software patches, which are not currently provided by
the |prod| community.
The |prod| community recommends that users planning to deploy the open source
software use the tested and validated release images.
Developers planning to work against the tip of the source trees typically use
the daily builds.
Deploy an internal version of StarlingX
---------------------------------------
Your company can form a team to create their own version of |prod| for internal
use. Such a team can do acceptance testing of the open source software,
customize it as needed, sign their own internal images (to enable features such
as |UEFI| Secure Boot), and build and deliver software updates/patches that will
also enable testing and support of software upgrades.
Deploy code from a vendor
-------------------------
You can consume a commercial vendor's |prod|-based product or solution. Vendors
provide signed images and support for software updates/patches and software
upgrades. They may also add features or content to the open source software and
they may provide other services such as technical support.
The |prod| community expects several vendors to provide |prod|-based products
and solutions. We hope to see more as our community grows.
View Git Blame Copy Permalink