The Software Updates for Internet of Things (SUIT) Working Group at the IETF

The Software Updates for Internet of Things (SUIT) Working Group is tackling one of the most pressing challenges in IoT security: reliable, secure, and interoperable firmware updates for constrained devices.

Today IoT deployments often depend on proprietary update mechanisms that are fragmented and difficult to audit. As vulnerabilities continue to emerge, security experts, researchers, and regulators agree: every IoT device should have a robust and standardized way to update firmware securely.

The SUIT WG is designing a comprehensive solution, focusing on devices with very limited resources, those with as little as ~10 KiB of RAM and ~100 KiB of flash storage, while also supporting more capable systems.

Key components of the SUIT approach include:

• A manifest, providing metadata about firmware packages, their dependencies, and cryptographic protections.
• Use of CBOR (Concise Binary Object Representation) for compact encoding, along with COSE cryptographic mechanisms to secure manifests.
• Extensions to support encryption, trust domains, update management, and integration with other IoT frameworks like MUD (Manufacturer Usage Description).
• Mechanisms for devices to report update status securely, enabling visibility and compliance across IoT fleets.

The group collaborates closely with the Remote ATtestation Procedures (RATS) WG to define claims that can attest to firmware update status, strengthening supply chain transparency and trust.

The SUIT WG is also committed to working with silicon vendors, OEMs, and the broader IoT ecosystem to drive real-world implementations, including participation in IETF Hackathons to validate and improve specifications.

Link to the WG: https://datatracker.ietf.org/group/suit/about/
Link to the WG Documents: https://datatracker.ietf.org/group/suit/documents/