An electronic apparatus adapted for a container and a software updating method for a running container system are provided. A first software installation package is installed in a host system. The first software installation package includes an executable component used by the host system and a second software installation package. The executable component provides information required by an installation operation of the first software installation package. The second software installation package is made accessible to a container system by the host system based on the executable component. The second software installation package is installed in the container system to update an application in the container system.

A method may include receiving, via a first computing node, a first pod from a second computing node. The method may also include retrieving a first image file that may include a first set of containers from a registry based on the first pod. The first set of containers may cause a control system to halt operations. The method may then involve generating a first package based on the first set of containers and storing the first package in a filesystem, receiving a second pod from the second computing node, and retrieving a second image file having a second set of containers from the registry. The second pod may include the second set of containers may cause the control system to update software components. The method may also involve generating a second package based on the second set of containers and storing the second package in the filesystem.

A method for deploying bare computers implemented in an electronic device includes starting at least one bare computer to be deployed, and assigning an IP address to the at least one bare computer; downloading a deployment image to the at least one bare computer based on the IP address, and obtaining hardware information of the at least one bare computer based on the deployment image; determining at least one service to be provided by the bare computer according to a preset deployment strategy and the obtained hardware information of the bare computer; and generating a system image according to the at least one service to be provided by the bare computer, and deploying the system image in the bare computer.

A virtualized computing system includes: a host cluster including hosts executing a virtualization layer on hardware platforms thereof, the virtualization layer configured to support execution of virtual machines (VMs), the VMs including a pod VM, the pod VM including a container engine configured to support execution of containers in the pod VM, the pod VM including a first virtual disk attached thereto; and an orchestration control plane integrated with the virtualization layer, the orchestration control plane including a master server in communication with a pod VM controller, the pod VM controller configured to execute in the virtualization layer external to the VMs and cooperate with a pod VM agent in the pod VM, the pod VM agent generating root directories for the containers in the pod VM, each of the root directories comprising a union a read/write ephemeral layer stored on the first virtual disk and a read-only layer.

Disclosed are embodiments of a installed software program that receive a model from a product management system. The model is trained to select one of a plurality of predefined states based on operational parameter values of the installation of the software program. Each of the plurality of predefined states define configuration values of the installation of the software program. The defined configuration values indicate, in some embodiments, updates to operational parameter values of the installation of the software program.

A trusted execution environment obtains a secure guest image and metadata to be used to start a secure guest. The metadata includes multiple parts and a plurality of integrity measures. A first part of the metadata includes one or more integrity measures of the plurality of integrity measures, and a second part of the metadata includes customized confidential data of the secure guest and one or more other integrity measures of the plurality of integrity measures. The trusted execution environment is used to verify at least one select part of the metadata using at least one integrity measure of the plurality of integrity measures of the metadata. Based on successful verification of the at least one select part of the metadata, the trusted execution environment starts the secure guest using the secure guest image and at least a portion of the metadata.

A trusted execution environment obtains an attestation request. The attestation request includes at least an attestation key. Based on obtaining the attestation request, one or more integrity measurements are computed, and the computing uses at least the attestation key. The one or more integrity measurements are provided to an entity, and the one or more integrity measurements are to be used to verify that a secure guest has been started using a selected secure guest image and selected secure guest metadata.

Various systems and methods are described for testing and deployment of containers on cloud and edge computing hardware. An example development platform may include capabilities for identifying, from a remote location, data to import a container software package. The development platform may store a container image, based on the data to import the container software package.

The development platform may perform a security evaluation of the container image, before execution of the container image. The development platform may store results of the security evaluation of the container image in a database accessible to the development platform. The development platform may add the container image into a registry of containers available for execution at the development platform, with execution of the container image being based on verification of the results of the security evaluation and use of the registry of containers.

A firmware massive update method using a flash memory includes: a firmware data registration step of receiving, from a manufacturer server, at least one of information of a user device that is a firmware update target, and firmware information and registering the received information as firmware data; a firmware data management step of receiving a request from a firmware update server in which the registered firmware data is stored, and storing and managing the registered firmware data in a specific area of a flash memory included in the user device via a network; and a firmware update execution step of executing a firmware update on the firmware data managed in the specific area of the flash memory included in the user device through the firmware update server.

One example technique includes receiving a request for accessing a file from a container process. In response to receiving the request, the technique includes querying a mapping table corresponding to the container process to locate an entry corresponding to a file identifier of the requested file. The entry also includes data identifying a file location on the storage device from which the requested file is accessible. The technique further includes retrieving a copy of the requested file according to the file location identified by the data in the located entry in the mapping table and providing the retrieved copy of the requested file to the container process, thereby allowing the container process to access the requested file.