Connected Devices:
Always up to date with FOTA Updates

Contact us

Contact us

Before filling out the registration form, please read the Privacy notice pursuant to Article 13 of EU Regulation 2016/679
Invalid Input
Invalid Input
Invalid Input
Invalid Input
Invalid Input
Invalid Input
Invalid Input

Privacy

I declare that I have read and fully understood the Privacy Notice and I hereby express my consent to the processing of my personal data by Reply SpA for marketing purposes, in particular to receive promotional and commercial communications or information regarding company events or webinars, using automated contact means (e.g. SMS, MMS, fax, email and web applications) or traditional methods (e.g. phone calls and paper mail).

Always up to date

The Firmware Over-the-Air Update (FOTA Update) is one of the most important functions for the vast majority of smart devices used, for example, by manufacturers in the automotive, consumer electronics and healthcare industries. The FOTA update functionality enables manufacturers to fix bugs in software components of the existing system on the one hand and to install updates remotely on the other hand. This means that the devices always remain up-to-date, even if new functions and features are only introduced after the purchase of a device.

Configuration during Operation

Main requirements for devices or components for the automotive industry, among others, are installations of system updates or component settings (e.g. secondary bootloader, Linux kernel, and user land applications) remotely. An external watchdog service was also part of the update mechanism that monitors the booting of the updated kernel to prevent possible downtime. Moreover, it helps to provide an unattended update process with an automatic recovery feature in the event of an update failure or interruption.

Minimized downtime and a rollback feature

Three sets of NAND flash partitions were provided to minimize system downtime during the update and provide an automatic rollback feature. Each set contains one partition for the Linux kernel and another for the root file system. When the system is running on partition set A, new kernel and root file system images are written into partition set B. Once the writing process is complete, the entire system reboots on partition set B. During the first boot, a functionality check is performed. In case of a failed check, the system reboots to partition set A and discards partition set B.

If it is not possible to boot from the partition set B – and also rollback to partition set A – a third partition set F is used, where F stands for "Factory Firmware". This partition set cannot be changed during the entire device life cycle and therefore contains firmware that was verified and and written to the flash during factory production. Although the firmware in the F partition can be considered outdated, it guarantees that at least minimal system functionality will be available until a service technician arrives to pick up the broken device for further maintenance.

Fail-safe

Fallback Firmware guarantees maximum Fault Tolerance

Even in the event that the firmware update cannot be performed completely, precautions have been taken: an external watchdog device is used to reset the device. During the reboot, the boot loader detects why the system has been rebooted: by watchdog device, due to a power outage, or because the system has been prompted to reboot after the update is complete. The boot loader then decides which partition set to select for the current boot process, taking into account the reboot trigger. This is made possible by using a reboot matrix, where the same code can be retained and only the reboot matrix is modified in order to provide an extra or block an existing reboot path. All this makes the system an extremely flexible and at the same time portable solution.

Various implementations for FOTA updates already exist, which are based on two partition sets. However, Concept Reply has decided to develop its own solution with three partition sets to make customer systems more fault tolerant and robust than comparable solutions. This also makes the concept interesting for devices where reliability is the decisive criterion.

Checklist: Manage Software Updates

What do you need to consider before carrying out an update?

It is a challenge to manage software updates for devices remotely. Therefore, it is essential to find the right means to perform software rollout processes reliably and securely. There are several software options that can be used for this purpose. Concept Reply has created a checklist to guide you through the requirements of Firmware Over-the-Air Updates and help find a software solution that meets your needs.
Download Checklist
  • strip-0

    Concept Reply

    Concept Reply is an IoT software developer specializing in the research, development and validation of innovative solutions and supports its customers in the automotive, manufacturing, smart infrastructure and other industries in all matters relating to the Internet of Things (IoT) and cloud computing. The goal is to offer end-to-end solutions along the entire value chain: from the definition of an IoT strategy, through testing and quality assurance, to the implementation of a concrete solution.