What are firmware updates?
In a nutshell, a firmware update replaces the built-in software that controls how your embedded system operates. It’s essential for improving performance, fixing bugs, and adding new features. While firmware updates can enhance security and extend device lifespan, they must be applied carefully to avoid system failures.
2 ways to deliver your firmware update
When considering how to deliver firmware updates, organizations often face the choice between remote and local update mechanisms. Each method comes with its own set of advantages and drawbacks, tailored to different operational needs and constraints.
1 - Remote updates
Remote update mechanisms, facilitated through IoT device management platforms or firmware management solutions, enable updates to be deployed across entire fleets of devices simultaneously, regardless of their geographical locations. This scalability is especially beneficial for large-scale deployments, saving both time and resources compared to manual, on-site updates.
Moreover, remote updates allow for proactive management, as progress can be monitored in real-time, completion rates tracked, and any issues promptly addressed.
However, remote update mechanisms also rely heavily on stable internet connectivity, which may not always be available or reliable in certain environments. In settings with limited or intermittent network access, alternative strategies or backup mechanisms may be necessary to ensure successful updates.
Additionally, remote updates introduce security risks, as data may be vulnerable to interception or tampering by malicious actors. Thus, ensuring the authenticity and integrity of updates is crucial, requiring robust encryption, authentication, and secure communication protocols to mitigate potential threats.
2 - Local updates
On the other hand, local firmware update mechanisms like USB or local networks provide a solution when remote access is limited. This offline accessibility is particularly valuable in industrial settings or remote locations where remote connectivity may be impractical or insecure.
However, local updates often require manual intervention, as technicians must physically access each device. This manual labor can be time-consuming and resource-intensive, especially for large fleets of devices distributed across multiple locations.
Unlike remote firmware update mechanisms, local updates may lack real-time visibility and monitoring capabilities, making it challenging to track progress or identify issues promptly.
Binary image, partitions, files: what should you update?
Firmware updates can target various components and groups of components of a system, including the full binary image, partitions, and files. But how do you choose the right one to update?
Option 1: updating the full binary image
Updating the full binary image involves replacing the entire firmware image with a new version. This approach offers simplicity and ensures that all components are updated simultaneously.
However, it may require more storage space and bandwidth for distribution, especially if the firmware image is large.
Additionally, updating the full binary image can be riskier, as any errors or interruptions during the update process may leave the device in an unusable state.
Option 2: system partitions updates
Partition-level updates involve updating specific partitions within the firmware image. This approach allows for more granular control over updates, as only the necessary partitions are replaced, reducing the risk of errors and minimizing the update size.
However, managing multiple partitions can be complex, requiring careful coordination to ensure compatibility and integrity across partitions.
Option 3: update individual files
Updating individual files within the firmware image offers the highest level of granularity, allowing organizations to target specific components or functionalities for updates. This approach minimizes the size of updates and reduces the risk of unintended consequences by focusing only on the necessary changes.
However, managing file-level updates can be challenging, particularly in large and complex firmware images, requiring robust version control and dependency management systems.
3 options to ensure your firmware update robustness
To ensure the robustness of your firmware updates, you have three options: no backup, golden image, and A/B partitioning.
1 - The "no backup" plan
The “no backup” approach involves updating firmware without any backup mechanism in place. While this method is simple and straightforward, it leaves devices vulnerable to potential failures during the update process. If an update fails or causes unexpected issues, recovering the device to its previous state may be difficult or impossible without a backup.
2 - The "golden image"
On the other hand, the “golden image” strategy entails maintaining a known working version of the firmware, often referred to as the “golden image”. Before performing an update, the current firmware state is backed up, allowing for easy rollback in case of failure. This approach provides a safety net against update failures, ensuring that devices can be quickly restored to a stable state. However, it requires additional storage space to store backup images and entails extra complexity in managing multiple firmware versions.
3 - A/B partitions
A/B partitioning is another robust firmware update strategy that involves having two identical partitions on the device: A and B. During an update, the new firmware is installed on the inactive partition while the device remains operational on the active partition. Once the update is complete and verified, the device switches to the updated partition, ensuring uninterrupted operation. A/B partitioning offers seamless failover and rollback capabilities, minimizing downtime and reducing the risk of bricking devices. However, it requires more storage space and entails additional complexity in managing dual partitions and handling switchovers.
Read more in our article on A/B partitions.
Should you sign your firmware updates?
One key aspect of secure firmware updates is ensuring the authenticity and integrity of the updates themselves. By verifying that updates come from trusted sources and have not been tampered with, organizations can mitigate the risk of deploying compromised firmware.
Authentication mechanisms, such as digital signatures, enable the verification of the authenticity of firmware updates. By digitally signing updates with private keys held only by trusted entities, organizations can ensure that updates originate from legitimate sources. On the device side, public keys are used to verify the signatures, allowing devices to confirm the authenticity of incoming updates before installation. However, while signed updates offer robust authentication capabilities, they also introduce complexities, such as the need to manage private keys securely.
In contrast, unsigned updates do not require digital signatures or key management, simplifying the update process. However, they lack the assurance of authenticity provided by signed updates, making them more susceptible to corruption.
Additionally, measures such as secure communication protocols and secure boot mechanisms further enhance the security of firmware updates.
Update solutions to get started
Numerous firmware update solutions and frameworks are available on the market, each offering unique features and capabilities. Whether it’s remote update platforms, local update mechanisms, or consent management solutions, evaluating these options based on scalability, flexibility, and security features is crucial for choosing the right solution for your embedded devices.
Defining the best firmware update strategy for your embedded system involves considering delivery mechanisms, component updates, robustness, security, and available solutions. By prioritizing efficiency, security, and compatibility, you can create a strategy tailored to the specific needs of your system. Leveraging secure and efficient update mechanisms, along with robust security measures, ensures that firmware updates are delivered seamlessly while safeguarding against potential threats.
Watch the webinar
At The Embedded Kit, we’ve pre-integrated all these options to allow you to deploy your firmware update strategy faster. Get in touch to discover how we can help you.
