Search by Tags

Over-The-Air Updates

 
Applicable for

Tags

Article updated at 24 Jul 2019
Compare with Revision



Subscribe for this article updates

Introduction

Over-The-Air (OTA) updates is a way to remotely update your software on an embedded system. In other words, it makes it possible to update and fix your software as well as deploy new features and patch security vulnerabilities without physically getting to the board.

A system working like this demands robustness. A faulty update, following a network issue or power loss while updating, can brick your device, demanding a complete recovery. Therefore, OTA updates should be carried out atomically, providing a rollback to the last working version in case an unexpected event occurs leading to failure. Also, a system like that demands security. Because it grants a way to change the entire filesystem over the internet, this structure has to implement security checking features, such as TLS communication, to ensure confidentiality, as well as signature hashes for integrity and authenticity checking.

The OTA Update system can also provide some kind of versioning method, which allows updates to download only the delta (diff) instead of the full rootfs as this saves a lot of time and internet usage. Note that not only you can update the entire rootfs, but also single applicationsm libs or even a mix between all of that, should you want to.

A/B Partitioning Method

A common method of setting up the flash memory of an OTA capable device is the A/B partitioning method. It creates two filesystems: usually, one will keep working seamlessly to the user and act as a fall-back while the other updates. To make this possible, the Bootloader acts like a supervisor, handling both filesystems, where to boot and how to rollback when necessary. With this method:

  • Updates can take place while the system runs, unbeknownst to the user
  • If the update finishes successfully, the system will load the new filesystem on next reboot
  • A failed update won't mess with the current user nor with their filesystem, though they are free to re-attempt the update.

Non-A/B Partitioning Method

On the other hand, should the A/B Partitioning Method be considered impractical for storage space reasons, it is possible to use only one Partition for the system and another smaller one as Rescue Partition. In this situation, the bootloader boots a rescue partition, which then boots into the main partition. If the main boot is not successful, it then returns to the rescue partition. With this method:

  • More storage space to the main partition is allowed, since the Rescue Partition is much smaller than the rootfs.
  • On the other hand, the boot time is longer, since it has to boot the Rescue Partition first and only then the Main Partition.
  • Updates cannot happen while the system is in use, contrary to the A/B partitioning method it has to be completely shutdown before the update starts

Solutions

Besides choosing to use an OTA Update platform, developers must also choose which one to pick. You can develop your own solution, implement existing, open source software or use corporative services. Toradex offers a variety of solutions through operating systems, partners and services.

Torizon Update System

Warning: the Torizon Update System is a project currently under development at Toradex Labs. It is still an experimental project in it's early stages which is subject to changes without notice. This might impact new releases and/or iterations.

Our own Operating System, Torizon, makes use of OSTree: "a shared library and suite of command line tools that combines a "git-like" model for committing and downloading bootable filesystem trees, along with a layer for deploying them and managing the bootloader configuration", as explained at the Torizon Update System article. In this case, Aktualizr, an open-source implementation of Uptane (a very secure software update system design), is used as a supervisor, checking authentication and integrity, handling the security part of OTA.

Torizon is built on top of Foundries' Linux microPlatform, which implements the mentioned technologies. To test Torizon OTA Updates, one can use HERE OTA. Toradex is currently developing their own OTA hosted server. Our solution will be integrated with the Torizon platform which will make it easy to keep a Torizon system up to date with the latest software from Toradex, as well as make it easier to manage and deploy both system updates and containerized applications to remote devices; this project is currently a Toradex Labs project.

To learn more about OSTree and Torizon, visit the Torizon software page.

Third Party Solutions

Android Update Factory - Kynetics

Kynetics is a software development company providing customized U-Boot, Secure Boot, Drivers, Linux Kernel, Android HAL, and embedded Android and Linux Operating Systems. In addition, to help speed up development to production timelines, Kynetics offers an over-the-air embedded OS builds delivery platform: Update Factory, which remotely updates your Android or Linux OS: kernel, userspace system and applications. For more information visit:

Kynetics also provides a Partner Demo Image that you can install and test the Update Factory directly with Toradex Easy Installer. For more information visit:

Mender.io

Mender is an end-to-end open source software updater for embedded Linux devices that allows secure image-based updates using HTTPS and the A/B partitioning method. It includes both the client and management server providing tools to build, deploy and manage your software OTA. They offer a commercial solution named Hosted Mender, it is a cloud implementation for the server-side part of Mender.

Mender also provides a Partner Demo Image that you can install and test directly with the Toradex Easy Installer. For more information visit:

Balena (Resin.io)

Balena, known in the past as Resin.io, provides a complete set of tools for building, deploying, and managing fleets of connected Linux devices. Their core platform, balenaCloud, encompasses device, server, and client-side software, allowing you to push code to the balena build servers, where it will be packaged into containers and delivered to your fleet. For more information visit:

Linux microPlatform OTA - Foundries.io

Foundries.io offers Linux microPlatform. It is comprised of secure updatable firmware, kernel and a minimal distribution built using Open Embedded/Yocto, to run applications and Containers on SoCs. Applications include upgradable smart devices for industry and home, gateways and edge computing devices, reconfigurable OTA for newly attached hardware and/or services, and securely updatable software platforms for the automotive, robot and drone industries. Note that our Operating System, Torizon, is built on top of Foundries' Linux microPlatform, thus they share the same technologies at device level. To learn more, visit:

Qt OTA

Qt offers an OTA Module that enables OTA Updates functionality in embedded linux images built with meta-boot2qt. This solution is based on OSTree and features atomic updates, GPG signing and pinned TLS, efficient Disk Space handling, optimized bandwidth usage and rollback support, among other things. To learn more, visit: