Skip to main content

Hardware Readiness

In a production environment, the firmware update needs to fulfill the following requirements:

  • Reliability: The device should be able to roll back to the previous version or factory version if something goes wrong
  • Security: The device should accept updates that pass authenticity and integrity checks.
  • Downtime: The device should finish updates with minimum downtime or no downtime at all

Overview of Update Process

To prepare your hardware for OTA updates, it is crucial to understand how updates work on embedded devices, be they tiny microcontrollers or industry-grade computers.

Docusaurus themed imageDocusaurus themed image

The above image shows a typical flash memory layout of a microcontroller with OTA support. The flash memory is divided into three primary partitions. The first partition stores a bootloader and information about the active partition. Then, there are a minimum of two partitions to hold the application or firmware. An additional partition can hold factory firmware, but it's not shown for simplicity.

When the device powers on, the bootloader is executed, which checks the integrity of data in the active partition and points the execution pointer to the starting of the active partition from which actual firmware execution starts. During regular operation, the device keeps checking for new firmware at regular intervals; once a new update is available, it downloads the firmware binary, verifies it, and writes it to the second partition. If everything goes without error, firmware marks the second partition as active and resets the device. This time, the bootloader points the execution pointer to the second partition, executing a new version of the firmware.

The process repeats in subsequent updates, with active partition changing between partitions 1 and 2. If there's an operation error after the upgrade, the device can easily roll back by changing the active partition to the previous one.

In Linux-based SBCs/Industrial computers, the bootloader is replaced by an Init script, and a folder structure replaces partitions. You can still use partitions to upgrade the entire OS!

In a nutshell:

  • Plan the partition scheme in your device very carefully, as you won't be able to change it once the device is deployed. (Technically, you can change, but it can lead to the device becoming permanently unresponsive if something goes wrong during the process, for example, a power cut during repartitioning)
  • The partitions should be large enough to store current and future releases of firmware. Hence, spare some margin to expand the firmware size
  • Most MCU manufacturers provide reference bootloader code or frameworks to simplify things; refer to your MCU software stack for further details.

Security in Firmware Updates

As firmware updates are critical to the operation of the devices, they need to be secure to avoid downloading fraudulent firmware binaries. At the core, the device should verify two things:

  • The firmware is from the authentic source, i.e., the manufacturer itself
  • The firmware is not tampered with

Both of the above checks can be achieved through signed assets. Generally, this process requires the generation of signed binary images, which, depending on the platform, can be feasible through the build tools provided. But in the absence of signed binary generation tools, Anedya provides an option to include signature as metadata, which does not require the generalization of a pre-signed asset.

The verification flow is as follows:

  1. The developer generates an asymmetric encryption key using RSA or ECC algorithms
  2. Manufacturer includes public key in all Devices
  3. The developer generates a firmware binary as an asset that needs to be deployed.
  4. The developer generates a signature by using the private key and provides that along with deployments
  5. The device downloads the asset
  6. The device verifies the signature using the public key it has. If signature verification is successful, the update is accepted.
⚠️Work in Progress!

This page is being modified continuously and will be updated frequently. We are continuously adding content to the documentation. Feel free to get in touch with Team Anedya for any assistance.

Last updated on