Article by : Mohamed BELOUARGA
Adding a feature, fixing a bug, or correcting a security breach are all part of the life cycle of software, a library, or a firmware. However, for architects and developers, performing these tasks still comes with its technical drawbacks and its load of possible unwanted outcomes (more bugs, rollbacks etc.)
Until now, the industry, and particularly the embedded systems industry, continues to send their technicians on-site to perform updates on their products. These procedures are time-consuming, require heavy-duty logistics, are expensive and are therefore often overlooked, causing a great deal of contempt for clients and users.
Remote updates, also called Over The Air (OTA) updates, are more suitable to the future needs of most industrials, manufacturers and their future products.
This article discusses remote updates for embedded Linux systems.
OTA updates allow software modifications to be made to a system without making physical contact with the system. These updates can be performed using several open-source solutions, but their implementation is not always straightforward.
As manufacturers look at update options, the first solution they consider is to update by packet. This solution is the least suitable for embedded systems for several reasons:
👉 Examples include Mender, Ostree, RAUC…
Nevertheless, there are other solutions that can avoid all these drawbacks, such as SWUpdate, Mender, OsTree, RAUC, etc.
Each solution has its own way of dealing with updates, we will only discuss Stefano Babic’s SWUpdate in this article.
Unlike the end-to-end solution Mender, which comes with its requirements, its constraints and limitations, SWUpdate can create a custom version of Mender, of adding or removing features. Creating an update solution that will perfectly match the client’s needs.
The disadvantage is that the update file can be considerable, which will raise network prices. However, this issue can also be avoided by using compressed rootfs when updating, or by using delta update. We will develop this later on.
Before implementing an update solution, an update strategy needs to be defined. This strategy is abiding to a product’s lifespan and is very difficult to modify.
Some examples of updates strategy include:
The update procedure goes as follows. While the product is working with rootfs1 and kernel1, swupdate updates rootfs2 or kernel2 and then reboots on rootfs2 and kernel2.
If the update is successful, the product remains as is. But if that is not the case (rootfs2 is corrupted or kernel2 panics) the u-boot executes a rollback operation back to rootfs1 and kernel1.
The rescue kernel is limited to the necessary drivers, and the rescue rootfs is limited to the necessary libraries and swupdate. The other rootfs and kernel are the production firmware.
When an update is ready, the image reboots on the rescue image and from the rescue image the rootfs and kernel are updated. Once updated, the image reboots on the production kernel and rootfs.
In any case, if the update fails, the rescue kernel and rootfs serve as backups.
As discussed before, SWUpdate being a framework, with it anything is possible. Its only limitations are the imagination of its users.
SWUpdate must work with the bootloader, meaning that when the device or product needs to change the rootfs, the bootloader will change the command line that the kernel receives. Making this conjunction vital to the update system.
Now that we saw update strategies, and bootloader interface, let’s see the different tools that SWUpdate provides to send an actual update.
The interface could look like this:
SWUpdate in Mangoose mode includes an embedded web server that allows us to send the update file through a web interface.
Once SWUpdate is configured correctly, this interface allows the user to send an update file (.swu) to the target. The interface also shows insights such as update status and logs.
SWUpdate in Surricata mode asks a remote server for updates, pulls them, and installs them, then reports the results.
Mostly used for large amounts of cards, Surricata mode centralizes and monitors the controls of the update system. From the server side, we can use Eclipse hawkBit to monitor the status of a park of cards.
Currently, only Eclipse hawkBit is supported but, thanks to the open-source nature of these solutions, a customized server can be added and serve as a work-around.
SWUpdate acting like a framework provides users with many more features and tools. For exemple, in the situation where a user would like to input a .swu update using another application. The file can be sent to the SWUpdate deamon using the tool SWUpdate-client. Furthermore, with SWUpdate-progress, that same application can retrieve the update progress data, making external monitoring possible.
There are many other features available, and all are very well documented.
If you have a specific need, such as how to install a certain update or update a microcontroller linked to the target, SWUpdate allows you to add your own handler.
Security remains important for SWUpdate. The capacity to use HTTPS with the surricata mode already showcases this but we also can sign .swu files. SWUpdate will then be in capacity to verify that the received updates come from an authorized source (private key/public key).
The most expensive part of an update procedure is in most cases the cost of bandwidth. Updating a rootfs for large amounts of targets also requires large amounts of bandwidth. To solve and reduce costs, SWUpdate permits you to use compressed rootfs.
The price of bandwidth remains high even after compression, which is why SWUpdate proposes another solution based on deltas.
This solution will be discussed in a future article.
In conclusion, SWUpdate is a massive framework able to solve many specific situations. When well configured, SWUpdate can reduce your update costs while making updating Linux based systems much simpler for all.
Fabien LAHOUDERE, T&S Linux Practice Leader
Martin COUSSERANS, Business manager
Ask your questions and find solutions for your product development
Contact usThis article explores how a V.I.E. contract can jumpstart your career. Through the stories of Cérine and Meiyun, two V.I.E. employees, you'll discover how the program can help you develop essential skills, build a global network, and gain the confidence to thrive in an international work environment.
READ MORETechnology & Strategy (T&S) is committed to environmental sustainability, transforming environmental objectives into economic development drivers. T&S conducts an annual carbon footprint assessment, embracing a low-carbon approach and positioning itself as a key contributor to the ecological transition. In 2023, T&S’s total carbon footprint was 11,699 tCO2e, with emissions spanning across three scopes. T&S is deploying initiatives to control environmental impact and combat climate change, setting emission reduction targets in accordance with the Science-Based Targets Initiative (SBTi). All branches of T&S have made an environmental commitment, actively participating in assessing the company’s carbon footprint and following a low-carbon path in alignment with SBTi.
READ MOREThe article discusses the growing trend of ‘boomerang employees’ who leave a company only to return later. It explores whether this is a temporary fad or a deep-seated trend, and how companies can leverage it. In France, there’s been a 36% increase in boomerang employees over three years. The phenomenon aligns with changing employee aspirations for meaningful work-life balance. Boomerang employees bring valuable experience, deep company knowledge, and heightened motivation. Companies like Technology&Strategy are embracing this trend by fostering a strong employer brand and a supportive work environment. The article includes insights from T&S employees and HR Manager France, Cheima Hammi, on the benefits and motivations behind the boomerang trend.
READ MORE