Over the Air (OTA) Updates
The Internet of Things (IoT) extends internet connectivity to embedded devices that were traditionally not connected. These devices are capable of being programmed to communicate usable data over the internet, and to be remotely monitored and controlled. With advances in technology, these traditional embedded devices are getting internet capabilities in consumer, industrial, and enterprise space at a fast pace.
IoT devices are typically deployed in large quantities and often in places that are difficult or impractical for a human operator to access. Imagine a scenario where a security vulnerability that can expose data is discovered. In such scenarios, it is important that the affected devices are updated with security fixes quickly and reliably. Without the ability to perform OTA updates, it can also be difficult to update devices that are geographically dispersed. The cost of having these devices updated by a technician will be high, time consuming, and often times impractical. The delay in the time required to update these devices leaves them exposed to security vulnerabilities for a longer period. Recalling these devices for updating will also be costly and may cause significant disruption to consumers due to downtime.
Over the Air (OTA) Updates
OTA updates make it possible to update device firmware without an expensive recall or technician visit. This method adds the following benefits:
- Security – The ability to quickly respond to security vulnerabilities and software bugs that are discovered after the devices are deployed in field.
- Innovation – Products can be updated frequently as new features are developed, thus driving the innovation cycle. The updates can take effect quickly with minimum downtime compared to traditional update methods.
- Cost – OTA updates can reduce maintenance costs significantly compared to methods traditionally used to update these devices.
Providing the OTA functionality requires the following design considerations:
- Secure Communication – Updates must use encrypted communication channels to prevent the downloads from being tampered with during transit.
- Recovery – Updates can fail due to things like intermittent network connectivity or receiving an invalid update. In these scenarios, the device needs to be able to return to a stable state and avoid becoming bricked.
- Author Verification – Updates must be verified to be from a trusted source, along with other validations like version checking and compatibility.
FreeRTOS OTA Library
The FreeRTOS over-the-air (OTA) client library enables you to manage the notification of a newly available update, download the update, and perform cryptographic verification of the firmware update. Using the over-the-air (OTA) client library, you can logically separate firmware updates from the application running on your devices. The over-the-air (OTA) client library can share a network connection with the application, saving memory in resource-constrained devices. In addition, the over-the-air (OTA) client library lets you define application-specific logic for testing, committing, or rolling back a firmware update. The library supports different application protocols like Message Queuing Telemetry Transport (MQTT) and Hypertext Transfer Protocol (HTTP) and provides various configuration options you can fine tune depending on network type and conditions.
The major functions that this library’s APIs provide are –
- Register for notifications or poll for new update requests that are available.
- Receive, parse and validate the update request.
- Download and verify the file according to the information in the update request.
- Run a self-test before activating the received update to ensure the functional validity of the update.
- Update the status of the device.
AWS services can be used with this library to manage various cloud related topics such as sending firmware updates, monitoring large numbers of devices across multiple regions, reducing the blast radius of faulty deployments, and verifying the security of updates.
The demos for this library demonstrate complete over-the-air updates using the OTA client library and AWS Services.