Firmware Over The Air (FOTA) Updates for IoT and Automotive devices
Whether it is an automotive ECU product or field-deployed Industrial Automation devices, integration of Firmware over the Air (FOTA) update feature has become a mission-critical process.
FOTA/OTA updates are necessary to ensure secure and robust operations throughout the product development and deployment life-cycle.
Leverage our IoT and Automotive domain expertise of more than 12 years, for custom development of hardware and software components for integration of FOTA/OTA update.
Features of our FOTA/OTA Update Service for Remote Device Management:
This enables your team to focus on core product development activities
Design and Development Services for FOTA/OTA Integration
- Flash Memory Selection -NOT, NAND & more, based on your project requirements.
- Integration of Wi-Fi/Bluetooth/GPRS/GSM modules for secure communication between the FOTA server and the target devices.
- Design and development of Firmware Software and integration with IoT protocols such as MQTT, CoAP ; HTTPS & SSL for secure data exchange; FTP/FTPS for file transfer.
- Selection of specific encryption methods to check the sanity of the update package.
- Deciding the level of FOTA update required (At the whole system level, OS& the application level , or at the application level).
- Bootloader development to enable firmware download and reprogramming on the application device.
- Design and development of the FOTA management server interface and other GUIs to build/schedule/deploy/manage the update package
- Design and development of the interface (GUI) to build/schedule/deploy/manage the update package.
- Tracking as well as reporting the successful instances of firmware updates.
- Integration of Firmware Rollback mechanism to mitigate any failure or bug detected during the FOTA/OTA update.
- Development of Automated test frameworks to enable devices to perform self-test & send status reports, at the end of an update.
After design and development of the FOTA feature for your connected devices, the hardware and software components are subjected to the following pre-production test-case scenarios:
- Power Failure
- Communication Failure
- Memory Corruption
- Failure to boot the new firmware image
- Flashing of a corrupted firmware image
- Failure to retrieve the information about the configuration & last status of the firmware
We also perform Image self-tests to check if all the firmware functions are working properly.
Meet Our IoT Leaders
Components of FOTA System
FOTA/OTA Updates for your Connected Systems: Business Benefits
- Safeguard your applications against any possible security vulnerability
- Efficient and remote management of your critical work product and site equipment.
- OPTIMIZE DATA COSTS and minimize system downtime by updating numerous changes in one go, over-the-air.
- Update your firmware in line with your SCALING business.
- Reduce on-field MAINTENANCE COSTS by updating firmware on device, post-deployment
- With FOTA you can do:
- Feature updates
- Functional updates
Anytime, on Any number of connected systems
FAQs Regarding FOTA/OTA Updates: IoT and Automotive Devices
Q. In your FOTA update solution, you have mentioned about two strategies for firmware flashing – directly from the server and via an intermittent Gateway device? How do I choose between the two?
- A. This decision regarding the method of firmware flashing will depend on the following factors:
- Number of devices to be updated ( A Gateway device is preferred if the number of deployed target devices is on the higher side)
- The type of communication interfaces available
- The operating environment of the deployed devices
- Desired cost-effectiveness of the FOTA feature
Q. Can you share details regarding the built-in security features of your FOTA solution?
- A. We had ensured to make security features part of the FOTA solution at the design stage of the SDLC.
Following are the details regarding our FOTA security features:
- Integrated HTTPS & SSL certifications: to ensure Secure data exchange
- Encryption Keys and security certificates for secure communication between server and target devices
- Role based Access Control to avoid any unauthorized data access
- Code Signing: to verify the authenticity and integrity of firmware executables and scripts and to safeguard them against any malicious tampering by unauthorized agents.
Q. Subscribe-Publish or Polling mechanism: which one would be ideal for my business use case?
- A. Based on our experience, a subscribe –publish mechanism for FOTA upgrade is ideal for large scale implementations. Additionally, a subscribe –publish mechanism offers following advantages over the Polling mechanism:
- Cost effective
- Minimizes data usage
Reason – field-deployed devices are not required to check for new firmware update every now & then . Any new firmware update package or image that gets published in the server, is notified to the devices as per the schedule.
Polling mechanism is easier to implement but consumes more data.
Q. Please share some details regarding the reusable components of your FOTA reference design, if any?
- A. The following components, of our FOTA reference design, can be reused in order to save development time and cost of your customized FOTA solution:
- Ready to deploy Bootloader Software
- Software components deployed for secure file transfer, update notifications.
- Reusable Algorithms for accurately
- updating the new firmware,
- Identifying the update requirements
- Validating the existing firmware versions
Additionally, Gateway device (Linux based) can also be reused if the target application is also based on Linux.
Q. What are the various types of IoT gateway devices that support FOTA upgrade feature?
- A. IoT gateway devices that support firmware OTA flashing on connected devices can belong to one of the following categories:
- Processor and OS based Gateway: preferred for large scale (industrial) deployments. These are easily scalable and depend on application processor and the base OS ( Android/Linux).
Cost of such IoT gateway devices is also comparatively higher.
- Microcontroller based Gateways: These are preferred for applications which require specific functionalities like – better device connectivity, reduced memory and power consumption; and involve lower BOM cost.
- Mobile Device as a Gateway: These are preferred when target devices are fewer in number and individually owned.
At Embitel, we have developed IoT gateway devices at various scales and for different application domains, specifically for telematics and industrial automation systems.
Q. What are the different components of the backend server architecture of your FOTA solution?
- A. Following are the details regarding our backend server architecture:
- We have deployed Postgress relational database to leverage the following benefits:
- Open Source nature and support for an enterprise-class performance
- Cross platform compatibility ( UNIX, Windows, Native Windows)
- Responsive in high volume environments
- Exhaustive library and framework support
- Full database encryption to ensure security
- Our solution is backed by an Nginx server for file transfer. Our team took this decision based on the following features of an Nginx server:
- Versatile, efficient and light-weight web server
- Easy and simpler installations
- Ideal for serving static files pdf, zip, html, mp4 & others
- Support for high concurrent traffic
- Compatible with commonly-used web apps like WordPress, ruby, python, Joomla, drupal etc.
- We have also leveraged Django framework for developing interfaces for the target devices. The Django framework is known for its scalability, security and ease of execution – features that make it a favorite among the web developers.
Q. How does your solution ensure security of the Backend operations during the FOTA upgrade?
- A. In order to ensure security of backend operations in the server and to avoid unauthorized access of the backend data, we implement:
- Password based authentication control, or
- Certificate based authentication (CA)
Q. How does the server keep a track of software image version? How can we revert the updated firmware image, if some bugs are detected after deployment?
- A. All details related to firmware file and each of the versions (previous and the new) are stored systematically in the tables of the relational database.
The tables would include information such as the file name, the version number, and the action required (upgrade or delete) pertaining to each firmware package.
This ensures accurate version management of the firmware package, which is being deployed in the target devices.
In case a new version of the firmware has a bug or does not meet the desired expectations, there are provisions to roll back to the previous firmware version, using the information in the backend database.
Q. How scalable is the backend infrastructure? How can we plan to manage the increase in number of devices to be updated using FOTA feature?
- A. We use the Nginx server for backend operations which provides robust support for load balancing The NGINX server is an efficient (HTTP) load balancer, suitable for wide range of web applications.
The NGINX server has an event-driven (event as in any communication request) architecture that empowers it to manage thousands of connections within a single process with efficient use of hardware and memory.
Thus, even if the number of connected devices that needs a FOTA upgrade increases post initial-deployment, the NGINX server can easily process their connection request without creating traffic spikes.
Q. Can you share information regarding the skill-sets of your team involved in FOTA solution development for IoT and Automotive applications?
- A. Our experienced solution development is a vibrant bunch of Industrial Automation and Automotive domain experts, with the following core skill-sets:
- Expertise in IoT communication protocols (MQTT, CoAP, HTTPS)
- Testing and validation expertise
- Experience in Bootloader Software Development
- Know-how and hands-on in system security best practices
FOTA Installation is a Three Step Process
- New update or the new version of the software/firmware is made available in the cloud server by the device owners.
- The latest firmware update is downloaded and made available to the network of the IoT or automotive devices ( e.g a Telematics unit in the car or a IoT enabled equipment in a manufacturing plant).
- The FOTA server stores all the information related to the devices in the network such as the current status, the existing version of the firmware in use, within a large database.
- The server also manages the process such as sending the firmware to the target application as and when they are published (or based on a schedule); Identifying any bug in the firmware, Reporting any fault or bug in the firmware code.
- The end devices or the application pull the upgrades from the server based on either the subscribe-publish mechanism or a polling mechanism over a secure wireless ( Wi-Fi/ BLE)connection.
- Installing new firmware and updating of software in the end-user application with the help of a bootloader
Learn More About Firmware Over The Air (FOTA) Update Process
In the subscribe- publish mechanism, all the updates are published on the server side by the OEM. All the connected devices in the network subscribe to these firmware upgrades from the server. The devices can be connected directly to the server to receive the updates. In an alternative model, there can be an intermittent gateway, to which all the devices will be connected. The gateway will subscribe to all the updates from the server in this case.