In today's highly-connected and fast-to-market world, the ability to update software, applications and other critical files on the edge device is a requirement. Xively's Secure File Transport feature allows the product owner to perform over-the-air (OTA) updates of device software easily, reliably and securely.
Xively provides over-the-air updates as fully automated service to every device that is connected to the platform.
- Production rollouts can be scheduled to start on a day and time
- Monitor roll-outs at a high level from the management app dashboards, with rollups of the progress of a deployment, down to the per-device and per-file-version level
- Progress of a deployment, including per-device and per-file version level reports are available
- Verification of successful delivery at a per-device level
- The ability to deploy test firmware to a small set of devices prior to product-wide deployment
- One or more devices can be selected and will be notified of the availability of updated files the next time they check in
- These devices will download and install the test firmware and can be tested for correct functioning of the firmware prior to a product-wide deployment
- Upon a successful test, a product-wide deployment can be initiated by an approriately credentialed admin (developer, operations specialist, product manager). All devices will be notified of the availability of updated files the next time the check in
- Productions rollouts will be spread over hours or days to manage the load on the content hosting service.
- Packages can contain multiple files (firmware, certificates, applications, etc)
- Revision strings are tracked separately for each file to manage larger packages of aggregate files
- The service is agnostic to the type of file, so while it is typically used to deliver firmware, it can be used to distribute any type of file to connected devices
- Delivery is accomplished using MQTT, so the device's normal operations need never be interrupted during the delivery process
- Updates are client driven to support a diverse set of device capabilities
- Device initiates the download of new packages when desired
- Device can download files when it is idle, in the middle of the night, or immediately as desired.
- Device controls the size of data blocks downloaded
- Device controls the pace of downloading the files
- Delivery uses a TLS-encrypted channel so files cannot be modified or copied by an attacker during transfer
- Files have individual integrity strings which can be checksum, hash or cryptographic signatures depending on device capabilities
The Xively client can handle file updates in the background
The Xively embedded client (written in C), is the only embedded client on the market that is capable of multitasking while remaining sigle-threaded.
This means that unlike all other lightweight embedded clients that use MQTT, it is capable of downloading file updates in the background without having to drop its current subscriptions, interrupt the download to publish a message, or handle user interaction from buttons and interfaces on the device.
Firmware packages are uploaded by product owners and distributed first to a trial set of devices and then to all devices of a particular device template.
To get started with firmware management, follow the guides below:
- Learn how product owners upload, test, and monitor the rollout of new firmware updates
- Learn how devices receive notifications, download files, verify and report on the status of their files
It's a great question, and using Xively is meant to help you with problems like this.
Supporting OTA updates has significant challenges. These include:
- Code size and memory to contain downloader and new image
- Recovery from reimaging failures
- Whether the upgrade is a pull or push
- Devices at differing firmware versions (not everyone may upgrade)
- Upgrading through multiple versions to get devices on current version
- Ensuring security of the distribution process
Security of the distribution process is critical. Otherwise, an attacker could inject malicious code into the firmware during transport or could receive a copy of the firmware during transport
Securing firmware distribution includes:
- Giving devices a way to verify the host delivering the firmware
- Giving devices a way to verify the integrity of the files to ensure it has not been placed on the distribution point by a malicious party or been modified in transit
- Ensuring the product and software development lifecycle is secure, so a malicious party can't compromise the firmware before it gets uploaded to the distribution location
- Ensuring the processes to upload images and make them available to devices is secure
The Xively platform provides a foundation for secure firmware distribution. Devices can leverage their existing two-way connections to the Xively messaging service to support firmware update flows so additional resources are not required on the device such as supporting an additional HTTPS transport mechanism. Through Xively, applications can receive information needed to make upgrade decisions, and devices can receive file fingerprints used to verify firmware integrity. Xively services can also be used to host the firmware image, or the hosting could be performed through a non-Xively hosting service to provide additional security through separation of duties and multi-person controls.