Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
Software Update on
Embedded Systems
Do not brick your device
Stefano Babic
ELCE October 2014
Introduction
● Me:
– Software Engineer at DENX, Gmbh
– U-Boot Custodian for Freescale's i.MX
– Focus on Linux embedded wit...
Agenda
● Why upgrade ?
● Why is it different with a Linux-PC ?
● Upgrading strategies
● Swupdate
Why do we need to update an
embedded system ?
● It is not only hardware
● Bug fixes
● New features can be added
● Security...
Why is ES different ?
● Power failure
● Bad firmware
● Communication errors in
case of remote update
● No access to target...
Which elements must be
updated ?
● Bootloader (dangerous !)
● Kernel + DT
● Root filesystem
● Application data, other file...
Where is a new SW installed ?
NOR
NAND
FPGA
AREF
GND
RESET
3V3
L
TX
RX
USB
EXT
PWRSEL
PWR
ICSP
TX
RX
3
1
2
1
1
1
0
1
9 8
D...
Which interface ?
● Local:
– Local storage (USB, SD,..)
– Local peripheral (USB as device, UART,..)
● Remote:
– HTTP / web...
Who will update ?
X X
No expertise required
+
System upgrade solutions
● Bootloader upgrade
● Linux upgrade
– Package Manager
– Rescue image or specific application
– F...
Bootloader
Limited access to peripherals (drivers, filesystems)
Implementation in bootloader not in sync with Linux
Limite...
Linux App
Footprint
Availability of all drivers used by the product
A lot of tools/libraries
package manager as distro ?
Upgrade is not atomic
Nightmare for test engineers/support
New firmware partially written
More...
Full update
Size, Time to transfer
Atomic: it works or not
Single image delivery
Double copy strategy
BOOT LOADER
Application Software
Running copy
Application Software
Standby copy
Databases, config, us...
Single copy (rescue)
BOOT LOADER
SWUPDATE
Kernel + initrd
Application Software Databases, config, user data
swupdate: FLOSS upgrade sw
● Missing an open source upgrade software for ES
● Take care of failure mechanism
● Hardware / ...
Swupdate-2
● Scriptable (LUA), pre- and postinstall scripts
● Single image for multiple devices
● Easy for users to perfor...
Handling hardware differences
MENU ALARMS
OVERVIEW
Q UANTITY
Brandon-Alvin ViewerPane K600
HMI
Gateway
Type A-1 Type A-2
T...
One release, multiple devices
Type A-1
MENU ALARMS
OVERVIEW
QUA NTITY
Brandon-Alvin ViewerPane K600
HMI
Software for A-1
S...
Single image structure
CPIO Header
sw-description
Image 1
Image 2
Image 3
Image i
Image n
Swupdate architecture
Local Storage
WebServer
Custom protocol
INSTALLER
Default
Parser
(libconfig)
Custom
Parser
(LUA)
UBI...
Handling HW differences
software =
{
version = "0.1.0";
target-1target-1 = {
images: (
{
...
}
);
};
target-2 = {
images: ...
sw-description
software =
{
version = "0.1.0";
myboard = {
hardware-compatibility: [ "1.2", "1.3", "18#010071"];
partition...
sw-description
images: (
{
filename = "core-image-base-myboard.ubifs";
volume = "rootfs";
},
{
filename = "uboot-env";
typ...
sw-description: scripts, u-boot
scripts: (
{
filename = "test.lua";
type = "lua";
},
{
filename = "sdcard.lua";
type = "lu...
Recovery from failures
U-Boot
Swupdate
Set update
flag
Update flag set ?
Reset
update flag
run
success
Load
kernel
fail
Ke...
API for external client
Client swupdate
REQ_INSTALL
REQ_INSTALL
Status, NotificationStatus, Notification
DATA (IMAGE)DATA ...
Updating from browser
Using with Yocto
● Meta-swupdate
● It generates a ramdisk suitable for u-boot (.uboot.gz)
● “dora” and “daisy” branches
● ...
Handler in LUA
require ("swupdate")
fpga_handler = function(image)
print("Install FPGA Software ")
for k,l in pairs(image)...
swupdate todo list
● Create a community around the project
● Security: add support for signed images !
● Low resources: su...
Links
● Swupdate sources at
https://github.com/sbabic/swupdate
● Documentation at http://sbabic.github.io/swupdate
● Maili...
Questions ...
● It's your turn now...
Upcoming SlideShare
Loading in …5
×

Software update for embedded systems - elce2014

Nowadays updating an embedded system is a mandatory feature. Not only due to security reasons, but bug fixes and new features are available after the release of a product, and in many cases an update
must be done in field. My presentation will show advantages and disadvantages for different ways for updating (using a bootloader, rescue system, etc.), taking into account reliability typical for embedded. The second part of the presentation will cover the OSS Project
"SWupdate", that I started some months ago, to provide a ready-to-use environment for updating, both local and in field, and mainly how this project can be used with Yocto.

  • Login to see the comments

Software update for embedded systems - elce2014

  1. 1. Software Update on Embedded Systems Do not brick your device Stefano Babic ELCE October 2014
  2. 2. Introduction ● Me: – Software Engineer at DENX, Gmbh – U-Boot Custodian for Freescale's i.MX – Focus on Linux embedded with PowerPC and ARM processors.
  3. 3. Agenda ● Why upgrade ? ● Why is it different with a Linux-PC ? ● Upgrading strategies ● Swupdate
  4. 4. Why do we need to update an embedded system ? ● It is not only hardware ● Bug fixes ● New features can be added ● Security issues : heartbleed, bad implementation...
  5. 5. Why is ES different ? ● Power failure ● Bad firmware ● Communication errors in case of remote update ● No access to target Target must recover from errors !
  6. 6. Which elements must be updated ? ● Bootloader (dangerous !) ● Kernel + DT ● Root filesystem ● Application data, other filesystems.. ● Customer data (migration ) ● Specific software (FPGA bitstream,...)
  7. 7. Where is a new SW installed ? NOR NAND FPGA AREF GND RESET 3V3 L TX RX USB EXT PWRSEL PWR ICSP TX RX 3 1 2 1 1 1 0 1 9 8 DIGITAL 7 6 5 4 3 2 1 0 1 5V Gnd POWER www.adruino.cc ANALOG IN Vin 0 1 2 3 4 5 d0 47 25V d0 47 25V ADRUINO
  8. 8. Which interface ? ● Local: – Local storage (USB, SD,..) – Local peripheral (USB as device, UART,..) ● Remote: – HTTP / web based – FTP – Proprietary protocol – Many more...
  9. 9. Who will update ? X X
  10. 10. No expertise required +
  11. 11. System upgrade solutions ● Bootloader upgrade ● Linux upgrade – Package Manager – Rescue image or specific application – From the running application
  12. 12. Bootloader Limited access to peripherals (drivers, filesystems) Implementation in bootloader not in sync with Linux Limited network support (UDP, not TCP) Limited UI with an operator Update is simpler Smaller footprint
  13. 13. Linux App Footprint Availability of all drivers used by the product A lot of tools/libraries
  14. 14. package manager as distro ? Upgrade is not atomic Nightmare for test engineers/support New firmware partially written More places where things can go wrong Small update image
  15. 15. Full update Size, Time to transfer Atomic: it works or not Single image delivery
  16. 16. Double copy strategy BOOT LOADER Application Software Running copy Application Software Standby copy Databases, config, user data BOOT LOADER Application Software Standby copy Application Software Running copy Databases, config, user data
  17. 17. Single copy (rescue) BOOT LOADER SWUPDATE Kernel + initrd Application Software Databases, config, user data
  18. 18. swupdate: FLOSS upgrade sw ● Missing an open source upgrade software for ES ● Take care of failure mechanism ● Hardware / software compatibility ● Proof correctness images to be installed (chksum,..) ● Partitioning storage ● Local or remote install
  19. 19. Swupdate-2 ● Scriptable (LUA), pre- and postinstall scripts ● Single image for multiple devices ● Easy for users to perform update ● Missing : signed images !
  20. 20. Handling hardware differences MENU ALARMS OVERVIEW Q UANTITY Brandon-Alvin ViewerPane K600 HMI Gateway Type A-1 Type A-2 Type A-3 Type A-4
  21. 21. One release, multiple devices Type A-1 MENU ALARMS OVERVIEW QUA NTITY Brandon-Alvin ViewerPane K600 HMI Software for A-1 Software for A-3 Software for HMI Release XX.YY for device family Type A-3
  22. 22. Single image structure CPIO Header sw-description Image 1 Image 2 Image 3 Image i Image n
  23. 23. Swupdate architecture Local Storage WebServer Custom protocol INSTALLER Default Parser (libconfig) Custom Parser (LUA) UBI MTD RAW U-Boot ENV Custom LUA Handler API Handler manager Notifier
  24. 24. Handling HW differences software = { version = "0.1.0"; target-1target-1 = { images: ( { ... } ); }; target-2 = { images: ( { ... } ); }; }
  25. 25. sw-description software = { version = "0.1.0"; myboard = { hardware-compatibility: [ "1.2", "1.3", "18#010071"]; partitions: ( /* UBI Volumes */ { name = "rootfs"; device = "mtd10"; size = 104896512; /* in bytes */ }, { name = "kernel"; device = "mtd9"; size = 4194304; /* in bytes */ } );
  26. 26. sw-description images: ( { filename = "core-image-base-myboard.ubifs"; volume = "rootfs"; }, { filename = "uboot-env"; type = "uboot"; }, { filename = "uImage"; volume = "kernel"; }, { filename = "fpga.bin"; type = "fpga"; } );
  27. 27. sw-description: scripts, u-boot scripts: ( { filename = "test.lua"; type = "lua"; }, { filename = "sdcard.lua"; type = "lua"; }, { filename = "test_shell.sh"; type = "shellscript"; } ); uboot: ( { name = "vram"; value = "4M"; }
  28. 28. Recovery from failures U-Boot Swupdate Set update flag Update flag set ? Reset update flag run success Load kernel fail Kernel boots Application Reset bootcounter Bootcounter ? Panic, watchdog,..
  29. 29. API for external client Client swupdate REQ_INSTALL REQ_INSTALL Status, NotificationStatus, Notification DATA (IMAGE)DATA (IMAGE) DATA (IMAGE)DATA (IMAGE) DATA (IMAGE)DATA (IMAGE) DATA (IMAGE)DATA (IMAGE) DATA (IMAGE)DATA (IMAGE) DATA (IMAGE)DATA (IMAGE) DATA (IMAGE)DATA (IMAGE) DATA (IMAGE)DATA (IMAGE) GET STATUS GET STATUS ACKACK Status, NotificationStatus, Notification GET STATUS GET STATUS
  30. 30. Updating from browser
  31. 31. Using with Yocto ● Meta-swupdate ● It generates a ramdisk suitable for u-boot (.uboot.gz) ● “dora” and “daisy” branches ● Footprint RAMDISK (gzipped) : 2.6 – 7 MB – Typical: ~4MB
  32. 32. Handler in LUA require ("swupdate") fpga_handler = function(image) print("Install FPGA Software ") for k,l in pairs(image) do print("image[" .. tostring(k) .. "] = " .. tostring(l) ) swupdate.notify(swupdate.RECOVERY_STATUS.RUN,0, "image[" .. tostring(k) .. "] = " .. tostring(l)) end return 0 end swupdate.register_handler("fpga",fpga_handler)
  33. 33. swupdate todo list ● Create a community around the project ● Security: add support for signed images ! ● Low resources: support for full streamable image ● New handlers
  34. 34. Links ● Swupdate sources at https://github.com/sbabic/swupdate ● Documentation at http://sbabic.github.io/swupdate ● Mailing list: swupdate@googlegroups.com ● http://www.denx.de/
  35. 35. Questions ... ● It's your turn now...

×