You've come up with the great IoT product and sold thousands of them. Fantastic! But, what if you need to fix a bug in the firmware or want to add a feature? This is where the ability to easily update a device comes in handy. It sure wouldn't be cost effective or practical to service them all personally. What if you could get your users to update their own devices? This is where Over the Air (OTA) updates come in handy.
OTA updates can come in over many methods: Wi-Fi, cellular data, Bluetooth and others. You've probably updated your mobile phone and its apps many times. The concept is no different for firmware updates for embedded devices. This is where the concept of a bootloader comes in. When powering up or coming out of reset, a the bootloader runs once looking for an update. If the update is present, it performs the update. If not, control is then passed to the application firmware.
Bootloaders are implemented in many ways and often denoted as device firmware update (DFU). When considering DFU services, be sure to look for these features:
- Fail-safe - Can the device can be recovered if the update fails for some reason?
- Secure - How is your IP protected? Can the update be stolen? Can someone take over my device?
- Patch capable - How quick can I perform the update?
Here at Rigado, we considered the desired features and designed a robust and secure bootloader, RigDFU:
- RigDFU is independent of the application firmware and always runs on reset or power cycle. This allows you to recover from a corrupt or interrupted update that would otherwise brick the module.
- We double-buffer the update and do not write the new firmware image to the executable vector until the entire update has been received. This allows you to revert to the current version if the update failed.
- Security through encryption
- We provide end-to-end encryption where keys are not shared over Bluetooth. The encryption key on the module is programmed through a hardware connection during device manufacturing. Even if the connection is compromised, the firmware file is encrypted and useless without the key. No rogue firmware can be loaded on the device.
- Patch capable
- This sends only the changes to an image and not the full file and significantly reduces update times for field fixes. RigDFU is patch capable now. The patch creation tools are due to be released before the end of 2016.
The RigDFU datasheet is at this link.