OSS Remote Firmware Updates for IoT-like ProjectsSilvano Cirujano Cuesta
Siemens Corporate Technology
Version 1.0October 2016
Unrestricted © Siemens AG 2016
Unrestricted © Siemens AG 20162016.10.11 Silvano Cirujano CuestaPage 2 Corporate Technology
About me
l Software Engineer at Siemens Corporate Technologyl Embedded Linux Corporate Competence CenterØ OSS contributorsØ Part of the OSS community (4 speakers in this event)
l Interested in enabling embedded devices to ride the „container“-wave
Unrestricted © Siemens AG 20162016.10.11 Silvano Cirujano CuestaPage 3 Corporate Technology
Agenda
l Why updating?l Architecturel Componentsl Firmware updatesl Conclusion
Why updating? Architecture Components Firmware updates Conclusion
Unrestricted © Siemens AG 20162016.10.11 Silvano Cirujano CuestaPage 4 Corporate Technology
State of Update Affairs in Industrial Domains
l Devices are either Ø disconnected orØ in isolated networks
l On-site updatesl Very long lifel Difficult to reachl Infrequent updates
Why updating? Architecture Components Firmware updates Conclusion
Unrestricted © Siemens AG 20162016.10.11 Silvano Cirujano CuestaPage 5 Corporate Technology
… but the Internet of Things is coming
l Trend: More and more devices getting connected (including industrial products)l Number of devices to manage explodes Þ remote management requiredl Attack surface increases due network exposure Þ updates frequency will increase due to
security issuesl There’s always a bug to fixl Additional expectations due to technology exposure:Ø Easy features additionØ Easy bugfixing
Why updating? Architecture Components Firmware updates Conclusion
Unrestricted © Siemens AG 20162016.10.11 Silvano Cirujano CuestaPage 6 Corporate Technology
10000 Feet Architecture
Backend hawkBit
Device SWUpdate
Why updating? Architecture Components Firmware updates Conclusion
Unrestricted © Siemens AG 20162016.10.11 Silvano Cirujano CuestaPage 7 Corporate Technology
10000 Feet Architecture
Backend hawkBit
Device SWUpdate
Backend hawkBit
Device
SWUpdate
Suricatta
HTTP
(S)
Why updating? Architecture Components Firmware updates Conclusion
Unrestricted © Siemens AG 20162016.10.11 Silvano Cirujano CuestaPage 8 Corporate Technology
Workflow
1. Devices poll requesting artifacts (firmware updates)
2. Backend can replyo either no updates availableo or list of updates with download URLs
Why updating? Architecture Components Firmware updates Conclusion
Unrestricted © Siemens AG 20162016.10.11 Silvano Cirujano CuestaPage 9 Corporate Technology
Workflow
1. Devices poll requesting artifacts (firmware updates)
2. Backend can replyo either no updates availableo or list of updates with download URLs
3. Device downloads updates4. Device processes updates5. Device report success/failure
Why updating? Architecture Components Firmware updates Conclusion
Unrestricted © Siemens AG 20162016.10.11 Silvano Cirujano CuestaPage 10 Corporate Technology
SWUpdate
l Neither convincing OSS nor commercial alternatives back thenl Make vs. “buy” OSS decisionl Developed and open-sourced by a well-established player in the OSS arena DENX with
experience in industrial domainsl Convincing feature setØ Full power of Linux userspace for updatesØ ExtensibleØ Good integration with U-Boot, support for others possibleØ …
l Battle-proof softwarel … Þ Easy decision for “buy”
Why updating? Architecture Components Firmware updates Conclusion
Unrestricted © Siemens AG 20162016.10.11 Silvano Cirujano CuestaPage 11 Corporate Technology
hawkBit
l Neither convincing OSS nor commercial alternatives back thenl Make vs. “buy” OSS decisionl Originally developed by Bosch and released as OSS under the umbrella of the IoT working
group of the Eclipse Foundationl Bosch as Siemens in industrial domainsl Shifting from device-managed provisioning to remote-managed provisioningl Convincing present and future feature set:Ø Easy integration via REST-APIsØ Direct or indirect devices connectionØ External artifacts repositoryØ Reporting and monitoring
l Young project working on stabilization and new featuresl … Þ Decision for “buy”
Why updating? Architecture Components Firmware updates Conclusion
Unrestricted © Siemens AG 20162016.10.11 Silvano Cirujano CuestaPage 12 Corporate Technology
Firmware definition
l Linux base system that makes system runnable
Bootloader Firmware
Others
(applications,
data,
config...)
……LibrariesKernel
Why updating? Architecture Components Firmware updates Conclusion
Unrestricted © Siemens AG 20162016.10.11 Silvano Cirujano CuestaPage 13 Corporate Technology
Supported update strategies
l Trade-off between time and spacel Two extremes in IoT domain:Ø With two firmware partitions (best for time, worst for space)Ø With one firmware partition (best for space, worst for time)
l Hybrid solutions possible by reducing firmware storage footprintl Minimalistic firmware images reduce the differences between both with regard to space
Why updating? Architecture Components Firmware updates Conclusion
Unrestricted © Siemens AG 20162016.10.11 Silvano Cirujano CuestaPage 14 Corporate Technology
Two Firmware Partitions
l No device bricking and rollback possibility (only 1 version back)l Double firmware storage footprintl Minimal downtime (usually only reboot)l Update cancellation in case erroneous/manipulated images, keeping working version
Bootloader Firmware Firmware
Others
(applications,
data,
config...)
Why updating? Architecture Components Firmware updates Conclusion
Unrestricted © Siemens AG 20162016.10.11 Silvano Cirujano CuestaPage 15 Corporate Technology
Two Firmware Partitions: Start
Bootloader Firmware v1SWUpdate
OthersBlue
Bootloader Firmware v1SWUpdate
OthersBlue
hawkBit1
Why updating? Architecture Components Firmware updates Conclusion
Unrestricted © Siemens AG 20162016.10.11 Silvano Cirujano CuestaPage 16 Corporate Technology
Two Firmware Partitions: Download and Flashing
Bootloader Firmware v1SWUpdate
OthersBlue
BootloaderOthersFlashing ...
Blue
Bootloader Firmware v1SWUpdate
Others
Firmware v1SWUpdate
2hawkBit
1
Why updating? Architecture Components Firmware updates Conclusion
Unrestricted © Siemens AG 20162016.10.11 Silvano Cirujano CuestaPage 17 Corporate Technology
Two Firmware Partitions: Checks and Activation
Bootloader Firmware v1SWUpdate
OthersBlue
Bootloader Firmware v1SWUpdate
Others
BootloaderOthersFlashing ...
Firmware v1SWUpdate
hawkBit
Why updating? Architecture Components Firmware updates Conclusion
BootloaderOthers
GreenFirmware v1
SWUpdateFirmware v2
21
3
Unrestricted © Siemens AG 20162016.10.11 Silvano Cirujano CuestaPage 18 Corporate Technology
Two Firmware Partitions: End
BootloaderFirmware v1
Firmware v2SWUpdate
OthersGreen
Bootloader Firmware v1SWUpdate
OthersBlue
Bootloader Firmware v1SWUpdate
Others
BootloaderOthersFlashing ...
Firmware v1SWUpdate
hawkBit
Why updating? Architecture Components Firmware updates Conclusion
BootloaderOthers
Firmware v1SWUpdate
Firmware v2
1
Unrestricted © Siemens AG 20162016.10.11 Silvano Cirujano CuestaPage 19 Corporate Technology
One Firmware Partition
l No device brickingl Single firmware storage footprintl Relatively long downtimel Only rescue from erroneous/manipulated images is recovery mode
Bootloader
Lightweight
Linux (LWL)
+ SWUpdate
Firmware
Others
(applications,
data,
config...)
Why updating? Architecture Components Firmware updates Conclusion
Unrestricted © Siemens AG 20162016.10.11 Silvano Cirujano CuestaPage 20 Corporate Technology
One Firmware Partition: Start
Bootloader Lightweight LinuxFirmware v1 Others
LWL 23
hawkBit1
Why updating? Architecture Components Firmware updates Conclusion
Unrestricted © Siemens AG 20162016.10.11 Silvano Cirujano CuestaPage 21 Corporate Technology
One Firmware Partition: Download and Flashing
Bootloader Lightweight LinuxFirmware v1 Others
BootloaderOthersFlashing ...
Lightweight LinuxSWUpdateLWL
2hawkBit
1
Why updating? Architecture Components Firmware updates Conclusion
Unrestricted © Siemens AG 20162016.10.11 Silvano Cirujano CuestaPage 22 Corporate Technology
One Firmware Partition: Checks and Activation
BootloaderFirmware v1 Others
BootloaderOthersFlashing ...
BootloaderFirmware v2 Others
Lightweight LinuxSWUpdate
Lightweight LinuxSWUpdateFW
3
12
Lightweight Linux
hawkBit
Why updating? Architecture Components Firmware updates Conclusion
Unrestricted © Siemens AG 20162016.10.11 Silvano Cirujano CuestaPage 23 Corporate Technology
One Firmware Partition: End
BootloaderFirmware v1 Others
BootloaderOthersFlashing ...
BootloaderFirmware v2 Others
Lightweight LinuxSWUpdate
Lightweight LinuxSWUpdate
Bootloader Lightweight LinuxFirmware v2 Others
FW
Lightweight Linux
hawkBit
Why updating? Architecture Components Firmware updates Conclusion
1
Unrestricted © Siemens AG 20162016.10.11 Silvano Cirujano CuestaPage 24 Corporate Technology
Conclusion
l 100% Open Source Softwarel Open communitiesØ We were welcomed in both
l Current focus on firmware updates, but software provisioning in general possiblel Modular architecture:Ø hawkBit can be contacted by other clients, via other protocols, …Ø SWUpdate can be extended to support other servers, via other protocols, …
l Future features:Ø Split preparation/realization to fit into maintenance windowsØ Synchronization of Device and BackendØ Asymmetric key signatures
Why updating? Architecture Components Firmware updates Conclusion
Unrestricted © Siemens AG 20162016.10.11 Silvano Cirujano CuestaPage 25 Corporate Technology
Contact Information
Silvano Cirujano Cuesta
Software Engineer
Corporate TechnologyEmbedded Linux Corporate Competence Center
E-mail:[email protected]
Internetsiemens.com/corporate-technology
Intranetintranet.ct.siemens.com