In today's highly-connected and fast-to-market world, the ability to update software, applications and other critical files on the edge device is a requirement. Xively's Secure File Transport feature allows the product owner to perform over-the-air (OTA) updates of device software easily, reliably and securely.
Xively provides over-the-air updates as fully automated service to every device that is connected to the platform.
- Production rollouts can be scheduled to start at a pre-selected date and time.
- Monitor roll-outs at a high level from the management app dashboards, with roll-ups of the progress of a deployment, down to the per-device and per-file-version level.
- Progress of a deployment, including per-device and per-file version level reports.
- Verification of successful delivery at a per-device level.
- The ability to deploy test firmware to a small set of devices prior to product-wide deployment.
- One or more devices can be selected and notified of the availability of updated files when they next check in.
- These devices download and install the test firmware and then tested to ensure that the firmware is functioning correctly prior to a product-wide deployment.
- Upon a successful test, a product-wide deployment can be initiated by an appropriately credentialed admin (developer, operations specialist, product manager). All devices are notified of the availability of updated files the next time the check in.
- Production rollouts are spread over hours or days to manage the load on the content hosting service.
- Packages contain multiple files (firmware, certificates, applications, etc)
- Revision strings are tracked separately for each file to manage larger packages of aggregate files.
- The service is agnostic to the type of file, so while it is typically used to deliver firmware, it can be used to distribute any type of file to connected devices.
- Delivery is accomplished using MQTT, so the device's normal operations are never interrupted during the delivery process.
- Updates are client driven to support a diverse set of device capabilities, such as
- The device initiates the download of new packages when desired.
- The device can download files when it is idle, in the middle of the night, or immediately as desired.
- The device controls the size of data blocks downloaded.
- The device controls the pace of downloading the files.
- Delivery uses a TLS-encrypted channel so files cannot be modified or copied by an attacker during transfer.
- Files have individual integrity strings which can be checksum, hash or cryptographic signatures depending on device capabilities.
The Xively client can handle file updates in the background
The Xively embedded client (written in C), is the only embedded client on the market that is capable of multitasking while remaining sigle-threaded.
This means that unlike all other lightweight embedded clients that use MQTT, it is capable of downloading file updates in the background without having to drop its current subscriptions, interrupt the download to publish a message, or handle user interaction from buttons and interfaces on the device.
Firmware packages are uploaded by product owners and distributed first to a trial set of devices and then to all devices of a particular device template.
To get started with firmware management, follow the guides below:
- Learn how product owners upload, test, and monitor the rollout of new firmware updates.
- Learn how devices receive notifications, download files, verify and report on the status of their files.
Using Xively is meant to help you with problems. Supporting OTA updates has significant challenges. These include:
- Code size and memory to contain downloader and new image
- Recovery from reimaging failures
- Whether the upgrade is a pull or push
- Devices at differing firmware versions (not everyone may upgrade)
- Upgrading through multiple versions to get devices on current version
- Ensuring security of the distribution process
Security of the distribution process is critical. Otherwise, an attacker could inject malicious code into the firmware during transport or could receive a copy of the firmware during transport.
Securing firmware distribution includes:
- Giving devices a way to verify the host delivering the firmware.
- Giving devices a way to verify the integrity of the files to ensure it has not been placed on the distribution point by a malicious party or been modified in transit.
- Ensuring the product and software development lifecycle is secure, so a malicious party can't compromise the firmware before it gets uploaded to the distribution location.
- Ensuring the processes to upload images and make them available to devices is secure.
The Xively platform provides a foundation for secure firmware distribution. Devices can leverage their existing two-way connections to the Xively messaging service to support firmware update flows so additional resources are not required on the device such as supporting an additional HTTPS transport mechanism. Through Xively, applications can receive information needed to make upgrade decisions, and devices can receive file fingerprints used to verify firmware integrity. Xively services can also be used to host the firmware image, or the hosting could be performed through a non-Xively hosting service to provide additional security through separation of duties and multi-person controls.