Embedded Devices:
Always up to date with FOTA updates

Contact us

Contact us

Before filling out the registration form, please read the Privacy notice pursuant to Article 13 of EU Regulation 2016/679
Invalid Input
Invalid Input
Invalid Input
Invalid Input
Invalid Input
Invalid Input
Invalid Input

Privacy

I declare that I have read and fully understood the Privacy Notice and I hereby express my consent to the processing of my personal data by Reply SpA for marketing purposes, in particular to receive promotional and commercial communications or information regarding company events or webinars, using automated contact means (e.g. SMS, MMS, fax, email and web applications) or traditional methods (e.g. phone calls and paper mail).

Always up to date

The Firmware-Over-the-Air-Update (FOTA-Update) is one of the most important features for the vast majority of modern embedded devices used, for example, by manufacturers in the automotive, consumer electronics and healthcare industries. The FOTA update functionality enables manufacturers to fix bugs in software components of the existing system on the one hand and to install updates remotely on the other hand. This means that the devices always remain up-to-date, even if new functions and features are only introduced after the purchase of a device.

Modification of a running system

One of the main requirements for a device as a component for the automotive industry was that an update should be installed during the runtime of a Linux platform and deployed into secondary bootloader, Linux kernel, and user land applications. An external watchdog device was also part of the update mechanism that controls the booting of the updated kernel to prevent possible downtime. Moreover, it was important to provide an unattended update process with an automatic recovery feature in the event of an update failure or interruption.

Minimized downtime and a rollback feature

Three sets of NAND flash partitions were implemented to minimize system downtime during the update and provide an automatic rollback feature. Each set contains one partition for the Linux kernel and another for the root file system. When the system is running on partition set A, new kernel and root file system images are flashed into partition set B. Once the flashing is complete, the entire system reboots on partition set B. During the first boot, a functionality check is performed. In case of a failed check, the system reboots to partition set A again.

If it is not possible to boot from the partition set B – and also rollback to partition set A – a third partition set F is used, where F stands for "Factory Firmware". This partition set cannot be changed during the entire device life cycle and therefore contains firmware that was verified and flashed during factory production. Although the firmware in the F partition can be considered outdated, it guarantees that at least minimal system functionality will be available until a service technician arrives to pick up the broken device for further maintenance.

Three Partition Sets

Maximum Fault Tolerance and Resilience

Even in the event that the firmware update cannot be performed completely, precautions have been taken: an external watchdog device is used to reset the device. During the reboot, the boot loader detects why the system has been rebooted: by watchdog device, due to a power outage, or because the system has been prompted to reboot after the update is complete. The boot loader then decides which partition set to select for the current boot, taking into account the reboot trigger. This is made possible by using a reboot matrix, where the same code can be retained and only the reboot matrix is modified in order to provide an extra or block an existing reboot path. All this makes the system an extremely flexible and at the same time portable solution.

Various implementations for FOTA updates already exist, which are based on two partition sets. However, Concept Reply has decided to develop its own solution with three partition sets to make customer systems more fault tolerant and robust than comparable solutions. This also makes the concept interesting for devices where reliability is the decisive criterion.
  • strip-0

    Concept Reply

    Concept Reply is an IoT software developer specializing in the research, development and validation of innovative solutions and supports its customers in the automotive, manufacturing, smart infrastructure and other industries in all matters relating to the Internet of Things (IoT) and cloud computing. The goal is to offer end-to-end solutions along the entire value chain: from the definition of an IoT strategy, through testing and quality assurance, to the implementation of a concrete solution.