Remote Updates for Embedded Devices

Software Updates

Modern embedded solutions, ranging from IoT trackers to advanced industrial embedded systems, increasingly rely on software. Introducing features that enable users to update software after a device has been manufactured has become a standard practice, delivering significant business and technological benefits. For manufacturers of new embedded devices, implementing effective update mechanisms can be a decisive factor in gaining a competitive edge.

Fixing Issues Without a Service Visit

The ability to remotely fix software issues significantly reduces the risk of delivering a device with a software bug to the customer. This eliminates the need for service campaigns or sending a technician to the customer, dramatically reducing technical support costs and enhancing user satisfaction.

For instance, many modern devices are shipped with a mobile app that performs a software update during the device's first use after unboxing, a process known as provisioning. As a result, the user receives a fully functional device with all known issues already resolved, even if the device was manufactured months before its first use.

Adding New Features and Quickly Adopting New Versions

Remote updates enable the introduction of new features to devices that have already been manufactured and sold, which can attract new customers or increase the satisfaction of existing users. It also presents an excellent opportunity to offer paid updates, creating an additional revenue stream.

Moreover, an easy, fast, and user-friendly update process encourages users to adopt the latest version. New features and improvements to existing functionalities further motivate users to update their devices themselves. As a result, a larger portion of devices operate on the latest, most refined version, reducing the costs of supporting and maintaining older versions.

Starting Production Before Finalizing Development

Thanks to the ability to perform automatic remote updates or user-initiated updates, it is possible to initiate device production without completing the final version of the software. The software only needs to be developed enough to allow for an update to the desired version before the device's first use by the customer.

The production and distribution process for devices often takes several months, and in a traditional approach, these two steps must occur sequentially. Leveraging the capability to update devices after production allows the entire process to be parallelized. The time saved can be used to reduce the product's time-to-market or to develop additional functionalities.

Updates in the Embedded World

The traditional approach to uploading software to a microcontroller's memory involves using a dedicated programmer. This method is primarily used during production and development stages. An additional advantage of this approach is the ability to repair a device with damaged memory, commonly referred to as "bricked."

However, due to the need for specialized equipment, this method is not practical when the operator is the end-user. For this reason, more accessible alternatives are typically used in practice.

Wired Update

One of the simplest solutions is a wired update, which typically allows the process to be performed via a serial port or USB port. This enables users to carry out the operation using their own equipment. Occasionally, solutions using USB storage devices, such as flash drives, are also employed.

The advantage of this approach is its low additional implementation cost, especially in cases where the device lacks other communication interfaces that could be used for updates. The only tool a user needs to perform the update is a computer with a USB port.

Wireless Update

If a device supports wireless connectivity, this communication channel can be used to perform software updates. This is often the most convenient method for users.

For devices equipped with Bluetooth, adding software update functionality to the accompanying mobile app is an excellent solution. This approach significantly enhances the user experience (UX). A manufacturer-controlled app can automate the process of downloading the latest software version from servers and notify users about available updates in a convenient manner. Features such as progress bars, estimated time to completion, and marketing content can further enrich the mobile app.

Devices that connect directly to the internet, for example via WiFi, LTE, LoRa, or other technologies, enable fully automated updates without user intervention. This is an ideal solution for applications operating in hard-to-reach or remote locations, such as wind farms or weather stations.

Advanced scenarios

Some advanced wireless communication protocols support innovative update procedures for connected devices. One such solution is Bluetooth Mesh, where devices share new software versions among themselves without the need for a central hub. This allows the update to reach every node in the network, even those outside direct range.

The process begins with a notification about the available update, which devices verify for compatibility and necessity. The firmware is then distributed in small chunks that traverse the network with the help of intermediary devices. Once all chunks reach the recipient, the software is reassembled, validated for integrity, and installed. The greatest advantage of this approach is its scalability. By leveraging network-wide propagation, it becomes possible to update thousands of devices simultaneously without overloading a single point.

DFU in Low-Power IoT Devices

The principle of software updates is similar across all microcontrollers that support running only bare-metal applications or an RTOS. Examples of such device families include Nordic nRF, STM32, ESP32, and others. Due to the lack of an operating system, the responsibility for executing the update process directly in the device's memory lies entirely with the programmer.

Bootloader

A bootloader is essential for performing firmware updates. It is a special program that runs during the device's startup and then initializes the main application. The bootloader is a separate application stored in the device's memory.

Typically, the bootloader cannot be updated, as it becomes immutable once written to the device by the manufacturer. This immutability allows it to securely store cryptographic keys. The bootloader can be used to verify the digital signature of an application using public-key cryptography.

A digital signature is used to verify the origin of the application on the device. To enable updates with a digital signature, the manufacturer generates a private key, which is used to derive a corresponding public key. During production, the public key is embedded in the bootloader, while updates are signed with the private key. When the device receives an update, the bootloader can verify its authenticity by checking the signature against the public key stored on the device. This security measure is critical to mitigate the risk of application tampering during the update process.

Additionally, the bootloader can provide other safeguards, such as preventing the installation of an older version of the software than the one currently installed on the device.

Reliability

An unexpected interruption during the update process or accidentally uploading an incorrect application image can render the device inoperable, preventing it from receiving another image. To ensure the reliability of the process and enable firmware updates while the application is running, the device's memory is divided into slots that store both the current and the new application images. If, after downloading, the application image is found to have an invalid signature, is corrupted, or fails to run, the device can still revert to the previous image.

Using a dual-slot mechanism reduces the amount of memory available for the application on the device by half. If the available memory proves insufficient, it is possible to use compression for one of the images or dynamically partition the device's memory. In cases where the microcontroller's entire memory must be allocated for the application, the new image can be stored in external FLASH memory.

Flexibility

Various configurations of the process allow updates to be performed even in complex scenarios. It is possible to receive updates for other microcontrollers through a selected channel via the main microcontroller. The images can also be used to update components such as modems or audio codecs and may include other types of data, such as application translation information.

Mobile Application

If a device cannot download updates directly from the internet but is equipped with Bluetooth, it is possible to perform wireless firmware updates using the manufacturer's mobile application. The app can include various additional user-supporting features, such as automatic update downloads and notifications. It is also possible to make the update process conditional on user payment or account verification.

Updates can be performed from both Android and Apple devices. Although both platforms require separate implementations, it is typically unnecessary to create entirely separate apps for iOS and Android. A hybrid application can be developed, allowing most of the code to be shared between platforms. Examples of hybrid application technologies include Flutter and React Native.

Backend

The part of the application that runs on the device manufacturer's server is the backend. New firmware versions must be made available online. It is also possible to collect statistics on the update process for all manufactured devices. If user authorization is required for the update, the backend is responsible for storing user account data and managing payments or billing.

The infrastructure hosting the server application can either be maintained as a physical server at the manufacturer's premises or on a virtual server with any cloud service provider. This flexibility allows for cost-effective maintenance of a small server or rapid scaling to a full cluster to handle very high traffic when necessary.

CICD

Performing remote software updates requires special attention from the development team. Deciding to release an update to users involves ensuring that the update will not degrade the functionality of the target device. It is also necessary to perform numerous repetitive tasks, such as publishing the new application image.

To prevent errors and reduce the costs associated with updates, a Continuous Integration and Continuous Delivery (CI/CD) system is configured. A collection of scripts automating various tasks, automated tests, and proper workflow organization ensures that the application works correctly after every update and facilitates frequent releases of new software versions.

How It Works at bluesBrackets

We specialize in building mobile and embedded solutions that cover the entire range of advanced projects. Through a comprehensive approach and the integration of the entire technology stack, we’ve expanded the traditional "full-stack" approach to include embedded solutions. This eliminates time wasted on communication between teams, ensuring every system component is developed with consideration for all others.

With us, you can consult on the entire project — from selecting a microcontroller to deploying the backend on cloud providers like AWS. Implementation is handled by a cohesive team of specialists focused on optimizing the process.