OSS Remote Firmware Updates for IoT-like Projects

OSS Remote Firmware Updates for IoT-like ProjectsSilvano Cirujano Cuesta

Siemens Corporate Technology

Version 1.0October 2016

Unrestricted © Siemens AG 2016

Unrestricted © Siemens AG 20162016.10.11 Silvano Cirujano CuestaPage 2 Corporate Technology

About me

l Software Engineer at Siemens Corporate Technologyl Embedded Linux Corporate Competence CenterØ OSS contributorsØ Part of the OSS community (4 speakers in this event)

l Interested in enabling embedded devices to ride the „container“-wave


Agenda

l Why updating?l Architecturel Componentsl Firmware updatesl Conclusion

Why updating? Architecture Components Firmware updates Conclusion


State of Update Affairs in Industrial Domains

l Devices are either Ø disconnected orØ in isolated networks

l On-site updatesl Very long lifel Difficult to reachl Infrequent updates



… but the Internet of Things is coming

l Trend: More and more devices getting connected (including industrial products)l Number of devices to manage explodes Þ remote management requiredl Attack surface increases due network exposure Þ updates frequency will increase due to

security issuesl There’s always a bug to fixl Additional expectations due to technology exposure:Ø Easy features additionØ Easy bugfixing



10000 Feet Architecture

Backend hawkBit

Device SWUpdate



10000 Feet Architecture

Backend hawkBit

Device SWUpdate

Backend hawkBit

Device

SWUpdate

Suricatta

HTTP

(S)



Workflow

1. Devices poll requesting artifacts (firmware updates)

2. Backend can replyo either no updates availableo or list of updates with download URLs



Workflow

1. Devices poll requesting artifacts (firmware updates)

2. Backend can replyo either no updates availableo or list of updates with download URLs

3. Device downloads updates4. Device processes updates5. Device report success/failure



SWUpdate

l Neither convincing OSS nor commercial alternatives back thenl Make vs. “buy” OSS decisionl Developed and open-sourced by a well-established player in the OSS arena DENX with

experience in industrial domainsl Convincing feature setØ Full power of Linux userspace for updatesØ ExtensibleØ Good integration with U-Boot, support for others possibleØ …

l Battle-proof softwarel … Þ Easy decision for “buy”



hawkBit

l Neither convincing OSS nor commercial alternatives back thenl Make vs. “buy” OSS decisionl Originally developed by Bosch and released as OSS under the umbrella of the IoT working

group of the Eclipse Foundationl Bosch as Siemens in industrial domainsl Shifting from device-managed provisioning to remote-managed provisioningl Convincing present and future feature set:Ø Easy integration via REST-APIsØ Direct or indirect devices connectionØ External artifacts repositoryØ Reporting and monitoring

l Young project working on stabilization and new featuresl … Þ Decision for “buy”



Firmware definition

l Linux base system that makes system runnable

Bootloader Firmware

Others

(applications,

data,

config...)

……LibrariesKernel



Supported update strategies

l Trade-off between time and spacel Two extremes in IoT domain:Ø With two firmware partitions (best for time, worst for space)Ø With one firmware partition (best for space, worst for time)

l Hybrid solutions possible by reducing firmware storage footprintl Minimalistic firmware images reduce the differences between both with regard to space



Two Firmware Partitions

l No device bricking and rollback possibility (only 1 version back)l Double firmware storage footprintl Minimal downtime (usually only reboot)l Update cancellation in case erroneous/manipulated images, keeping working version

Bootloader Firmware Firmware

Others

(applications,

data,

config...)



Two Firmware Partitions: Start

Bootloader Firmware v1SWUpdate

OthersBlue


OthersBlue

hawkBit1



Two Firmware Partitions: Download and Flashing


OthersBlue

BootloaderOthersFlashing ...

Blue


Others

Firmware v1SWUpdate

2hawkBit

1



Two Firmware Partitions: Checks and Activation


OthersBlue


Others


Firmware v1SWUpdate

hawkBit


BootloaderOthers

GreenFirmware v1

SWUpdateFirmware v2

21

3


Two Firmware Partitions: End

BootloaderFirmware v1

Firmware v2SWUpdate

OthersGreen


OthersBlue


Others


Firmware v1SWUpdate

hawkBit


BootloaderOthers

Firmware v1SWUpdate

Firmware v2

1


One Firmware Partition

l No device brickingl Single firmware storage footprintl Relatively long downtimel Only rescue from erroneous/manipulated images is recovery mode

Bootloader

Lightweight

Linux (LWL)

+ SWUpdate

Firmware

Others

(applications,

data,

config...)



One Firmware Partition: Start

Bootloader Lightweight LinuxFirmware v1 Others

LWL 23

hawkBit1



One Firmware Partition: Download and Flashing



Lightweight LinuxSWUpdateLWL

2hawkBit

1



One Firmware Partition: Checks and Activation

BootloaderFirmware v1 Others



Lightweight LinuxSWUpdate

Lightweight LinuxSWUpdateFW

3

12

Lightweight Linux

hawkBit



One Firmware Partition: End







FW

Lightweight Linux

hawkBit


1


Conclusion

l 100% Open Source Softwarel Open communitiesØ We were welcomed in both

l Current focus on firmware updates, but software provisioning in general possiblel Modular architecture:Ø hawkBit can be contacted by other clients, via other protocols, …Ø SWUpdate can be extended to support other servers, via other protocols, …

l Future features:Ø Split preparation/realization to fit into maintenance windowsØ Synchronization of Device and BackendØ Asymmetric key signatures



Contact Information

Silvano Cirujano Cuesta

Software Engineer

Corporate TechnologyEmbedded Linux Corporate Competence Center

E-mail:[email protected]

Internetsiemens.com/corporate-technology

Intranetintranet.ct.siemens.com

Documents

OSS Remote Firmware Updates for IoT-like Projects