Biscuit is a means for automating system maintenance tasks on embedded systems. It allows non-root users to run canned maintenance scripts as root.
Biscuit binary packages are bzipped and encrypted cpio archives. The biscuit command decrypts, decompresses, and unpacks the archive into a temporary directory (tmpfs if it is available), looks for a file named biscuit, and if possible executes that file. The biscuit binary package is encrypted on a build server using 1024 bit assymetric EIGamal encryption with a public key, and decrypted on the embedded target using the same with a secret key. EIGamal, as implemented by GNU Privacy Guard (GNUPG), serves as both an authentication and authorization mechanism. The build server maintains a key ring that may contain many different public keys for different embedded targets, differentiated for example by product line. This prevents biscuits for product A from being executed on product B. The biscuit command can be wired into common facilities on the embedded target such as HOTPLUG or UDEV so that the biscuit packages is run automatically when a drive is inserted. System maintenance tasks can be performed by untrained personnel by just handing them a USB thumb drive and telling them where to stick it.
Biscuit is a much improved clean room reimplementation of a mechanism I've been using for years. I've used it to automate tasks such as software and firmware updating and log extraction, of both development systems in the lab and production systems in the field.
The Biscuit tarball can be found here.
Biscuit has been used on an Linux/GNU-based BeagleBoard (Angstrom distribution), and on Linux/GNU-based PCs (both Ubuntu and Fedora distributions).
Here are some articles that my alter-ego Chip Overclock has written about Biscuit: