Skip to main content
Version: Torizon OS 6.x.y

Torizon Updates Overview


In this article, you will learn the basics about secure updates with the Torizon Cloud. You will learn the main features, what is possible to update with it, and how it is secure, reliable and easy to use. Torizon updates features are ready-to-use and work seamlessly with devices running Torizon OS and its development environment — TorizonCore Builder and the Torizon IDE Extension.

Main Features

With the Torizon Updates feature it is possible to:

In both cases, the Torizon Cloud enable you to:

  • Execute secure and reliable updates of Operating System, Applications, and Bootloader
  • Perform synchronous updates - both the OS and the Application as a single component
  • Automatically trigger the update whenever a new update is available
  • Automatically rollback to the last working version of the OS or the application in case the update fails
  • Block updates from happening from the application’s side, in case you have a critical application that cannot stop for an update to take place

Security, Reliability and Ease-To-Use

By bringing your update packages to the Torizon Cloud domain, you leverage the Torizon Cloud to manage security, reliability, traceability, and ease of the update process.

The Torizon Cloud builds security metadata when you create update packages. Device provisioning assigns the devices with the matching information to validate and deploy the updates. This ensures that only trustworthy updates are executed. That said, you are also allowed to keep the root of trust under your control if you choose to do so, instead of delegating such responsibility.

On the device side, the automatic search for updates and deployment process, along with rollback capabilities, ensures the ease and reliability of the process. That eliminates the need for skilled labor and the possibility of undefined states for the device.

Offline Updates vs Remote Updates

The Offline and Remote OTA Updates features share the technology stack. Both of them allow updating the OS and/or the application in a deployed device. Their main difference is where the update comes from.

  • For the Remote Update, the device regularly checks the Torizon Cloud for new updates through the internet. Once the update is found, the device reaches for files in different sources and then deploys the update.
  • For the Offline Updates, the device monitors a local directory — mounted from a USB drive, for example — for the new update. All the files are sourced during the medium preparation and are contained within the medium.

You will need a provisioned device to securely update it, regardless of choosing Remote or Offline Update.

Note that you currently cannot have both sources of updates enabled at once. The device must be configured to receive either Offline or Remote Updates. By default, devices disable Offline Updates in favor of Remote Updates.

How it Works

To make secure and reliable updates possible, Torizon Cloud uses 3 main components.

  • Torizon Cloud: the cloud infrastructure that manages the user's accounts, devices, fleets, packages, security metadata, and update process.

  • Torizon OS: the OS used by the devices, which has the services needed for registering the device in the Torizon Cloud. It's also responsible for searching, downloading, validating, and deploying the updates.

  • TorizonCore builder: the tool used to push packages and OS images from the host machine to the Torizon Cloud.

Torizon Update Packages

With Torizon Cloud, you can remotely update the following packages on single or multiple devices:

  • The unmodified, a.k.a. vanilla Torizon OS
  • Your application, packaged in a single or a group of containers
  • A custom version of Torizon OS made for your application
  • Both application and OS as a single update, with success or failure tied to the synchronous update.
  • Bootloader

Torizon Updates in the Development and Maintenance Workflow

During development, you will most likely perform multiple deploys with different revisions of your customized Torizon OS image, and your application packages.

After a stable software stack is achieved, Torizon provides a quick and simple production programming method to wrap your OS image and Application into a single package and deploy to multiple devices in a production line.

With Torizon Cloud, you create OS and Application Packages to update them individually or at the same time. This reduces the number of "moving parts", eliminates the need for bundling applications and OS in your maintenance process and allows smaller update packages.

Under-The-Hood Technologies

For more information about the technology stack shared by Offline and Remote updates, it is recommended to read the Torizon Remote Updates Technical Overview article. It highlights the roles of:

  • OSTree as the system that handles updates to the filesystem tree.
  • Uptane as the standard Toradex follows for secure updates.
  • Aktualizr as the client-side implementation for Uptane.
  • Greenboot as the framework that defines what is a successful boot.


Toradex has presented webinars about Secure Offline and Online Updates and you can watch them on demand.

Secure Offline and Online Updates for Linux Devices

Learn more about this webinar on the landing page, or watch it below:

Send Feedback!