Software update

In this section of our Tech Tour, we will focus on Welma software update mechanism.

Software updates are a critical function in any modern embedded product. Welma integrates a robust mechanism that allows updating the entire system: bootloader, Linux kernel, system services, and business applications.

Updates are performed at the partition level, providing fine-grained control over the software lifecycle through an interface directly accessible from your business application.

This function is critical: a poorly designed update can make a device unusable. That’s why Welma includes rigorous security and control mechanisms. Let’s take a closer look!

Why updates matter?

Operational maintenance: regular updates of applications and stacks.
Feature evolution: continuous adaptation to user needs.
Vulnerability management: compliance with regulations such as the Cyber Resilience Act
Product longevity: a product that doesn’t update quickly feels obsolete, more particularly in customer-facing contexts.

A/B system with automatic rollback

Welma is built on an A/B update architecture designed to ensure system resilience. Two partitions are maintained: one active (A), the other targeted for update (B). When an update is initiated, it is written on partition B without affecting A. Activation is performed through an atomic operation, ensuring a robust switch. This model ensures the system remains stable.

If the system fails to boot or the business application does not confirm the update, Welma automatically triggers a rollback to the previous version, ensuring service continuity without manual intervention.

Welma supports multiple proven open-source solutions, like SWUpdate and Mender, allowing you to choose the software update option that best fits your needs.

Partition-level updates

Welma’s update mechanism relies on flexible partitioning. Each update targets one or more partitions, allowing precise modification of components such as the kernel, system services, or business applications.

Configurable granularity

Welma allows you to adjust the granularity of software updates based on project needs. You can group all components into a monolithic image or segment the system into dedicated partitions (kernel, application, OS, filesystem…).

This modularity enables targeted updates, reduces risk, and optimizes deployment time.

Incremental updates

For bandwidth-constrained environments, Welma also supports incremental updates. Instead of transferring an entire partition, only the difference between the current version and the target version is sent.

This significantly reduces the size of the artifacts to deploy while maintaining compatibility with other critical system features.

Secure update

If you want to go further, Welma also supports secure updates, adding an extra layer of signature verification before installation.

Using an asymmetric key pair (private key for signing, public key embedded in the system for verification), each package is validated before being applied, strengthening the overall security of the update process.

Secure boot compatibility

Whether performing a full system update or an incremental one, Welma update is fully compatible with secure boot. Packaged partition can be signed using your own secure boot keys, ensuring system authenticity. Welma provides the necessary tools to generate and integrate these signatures and automatically adapts the update system to your partitioning and security configuration.

Interaction with business applications

Software updates in Welma are driven by the business application, which retains full control over the lifecycle: download, installation and confirmation.

Welma provides two interfaces:

update-ctl: a command-line agent for shell-based operations.
D-Bus API: a documented interface for integrating update operations directly into your application.

These tools allow the application to trigger updates at the right time, verify success, and handle failures.

Confirmation of the operation must be taken seriously to ensure the firmware update is completed with full confidence. During this step you should perform all necessary checks to verify that the system is functioning correctly with the newly installed version. It also enables a rollback in case any part of the embedded system malfunctions.

If you prefer not to reimplement update distribution system, Welma is compatible with device management platforms such as Kamea or Mender.
Even in these cases, Welma enforces explicit authorization from the application for downloading, installing, and confirming updates, ensuring full control over the process.

In conclusion, Welma provides a flexible and robust update system that can be tailored to your specific requirements. Its seamless integration with your business apps ensures you retain complete control over the update process, removing the critical concerns often associated with implementing a firmware update mechanism.