The Firmware Over-the-Air Update (FOTA Update) is one of the most important functions for the vast majority of smart devices used, for example, by manufacturers in the automotive, consumer electronics and healthcare industries. The FOTA update functionality enables manufacturers to fix bugs in software components of the existing system on the one hand and to install updates remotely on the other hand. This means that the devices always remain up-to-date, even if new functions and features are only introduced after the purchase of a device.
Main requirements for devices or components for the automotive industry, among others, are installations of system updates or component settings (e.g. secondary boot-loader, Linux kernel, and user land applications) remotely.
An external watchdog service was also part of the update mechanism that monitors the booting of the updated kernel to prevent possible downtime. Moreover, it helps to provide an unattended update process with an automatic recovery featurein the event of an update failure or interruption.
Three sets of NAND flash partitions were provided to minimize system downtime during the update and provide an automatic rollback feature. Each set contains one partition for the Linux kernel and another for the root file system. When the system is running on partition set A, new kernel and root file system images are written into partition set B. Once the writing process is complete, the entire system reboots on partition set B. During the first boot, a functionality check is performed. In case of a failed check, the system reboots to partition set A and discards partition set B.
If it is not possible to boot from the partition set B – and also rollback to partition set A – a third partition set F is used, where F stands for "Factory Firmware". This partition set cannot be changed during the entire device life cycle and therefore contains firmware that was verified and and written to the flash during factory production. Although the firmware in the F partition can be considered outdated, it guarantees that at least minimal system functionality will be available until a service technician arrives to pick up the broken device for further maintenance.
Fallback Firmware Guarantees Maximum Fault Tolerance
Even in the event that the firmware update cannot be performed completely, precautions have been taken: an external watchdog device is used to reset the device. During the reboot, the boot loader detects why the system has been rebooted: by watchdog device, due to a power outage, or because the system has been prompted to reboot after the update is complete.
The boot loader then decides which partition set to select for the current boot process, taking into account the reboot trigger.
This is made possible by using a reboot matrix, where the same code can be retained and only the reboot matrix is modified in order to provide an extra or block an existing reboot path. All this makes the system an extremely flexible and at the same time portable solution.
Various implementations for FOTA updates already exist, which are based on two partition sets. However, Concept Reply has decided to develop its own solution with three partition sets to make customer systems more fault tolerant and robust than comparable solutions. This also makes the concept interesting for devices where reliability is the decisive criterion.
What Do You Need To Consider Before Carrying Out An Update?
It is a challenge to manage software updates for devices remotely. Therefore, it is essential to find the right means to perform software rollout processes reliably and securely. There are several software options that can be used for this purpose. Concept Reply has created a checklist to guide you through the requirements of Firmware Over-the-Air Updates and help find a software solution that meets your needs.
)
Concept Reply is an IoT software developer specializing in the research, development and validation of innovative solutions and supports its customers in the automotive, manufacturing, smart infrastructure and other industries in all matters relating to the Internet of Things (IoT) and cloud computing. The goal is to offer end-to-end solutions along the entire value chain: from the definition of an IoT strategy, through testing and quality assurance, to the implementation of a concrete solution.
,allowExpansion)