Software Update Management on embedded systems

Embedded Systems become more and more complex, and their software reflects their consequent complexity. New features and fixes let much more as desirable that the software on an embedded system can be updated in an absolutely reliable way.

On a Linux-based system, we can find in most cases the following elements:

  • the boot loader.
  • the kernel and the DT (Device Tree) file.
  • the root file system
  • other file systems, mounted at a later point
  • customer data, in raw format or on a file system
  • application specific software. For example, firmware to be downloaded on connected micro-controllers, and so on.

Generally speaking, in most cases it is required to update kernel and root file system, preserving user data – but cases vary.

Only in some cases it is necessary to update the boot loader too. In fact, updating the boot loader is quite risky, because an error in the update breaks the card. In some cases it is possible to restore a broken card, but in most cases this is not left to the end user and the system must be returned to the manufacturer.

Secure firmware update

Basically, image firmware updates can range from the whole system – that is the kernel, root, and user partitions – to just some of them.

Firmware update

There are two types of image updates possible: symmetric and asymmetric.

  • Symmetric: Symmetric updates require a dual copy of the partition images being updated so that one can be updated while the other is running. This typically requires two boot/kernel partitions, two root filesystems, as well as two user partitions. The bootloader then tracks which partitions to use for a given boot. Symmetric updates have minimal downtime, usually only the reboot time, and allow for update cancellation.
  • Asymmetric: Asymmetric updates use a recovery OS that usually runs from memory, with a Linux kernel and an initramfs image. This reduces the number of partitions needed, as the recovery mode lives in just one extra partition and can update any of the others. If the update fails the recovery can be re-tried. Asymmetric updates have longer downtimes when updating and do not allow for user cancellation.

Over The Air update

A firmware update process must be capable of updating both from local sources (for example, flash, USB, µSD, or UART), as well as remotely in what is commonly known as an over-the-air (OTA) update. OTA updates use a remote server to push updates to a client running on the device.

OTA update

Over-the-Air programming (OTA) refers to various methods of distributing new software, configuration settings, and even updating encryption keys to devices like cellphones, set-top boxes or secure voice communication equipment (encrypted 2-way radios).
One important feature of OTA is that one central location can send an update to all the users, who are unable to refuse, defeat, or alter that update, and that the update applies immediately to everyone on the channel.
A user could “refuse” OTA but the “channel manager” could also “kick them off” the channel automatically.

Accelerate your time to market

Koan can help you to implement a secure firmware update mechanisms and open source options for embedded Linux devices.
Contact us today to find a software solution that can accelerate your time to market and let you focus on your application development.