Remote Firmware Updates for IoT Devices

As more and more resource-constrained IoT devices are being deployed, firmware updates over the air (FOTA) are becoming increasingly important. As physical access is often expensive, or even impossible to realize when operating large deployments in remote, hard-to-reach locations, FOTA provides a way to fix bugs, patch security vulnerabilities, or add functionality throughout the lifespan of a connected device.

Lightweight M2M (LwM2M) defines the process for remote firmware updates in detail. When following the standardized guidelines provided by the protocol, updating the firmware of resource-constrained devices remotely can be accomplished effortlessly, regardless of the device or platform used.

The LwM2M way of updating firmware 

Every platform or device vendor can develop a custom FOTA mechanism, also known as FUOTA (Firmware Update OTA) or DFU (Device Firmware Upgrade). As there is no globally unified method to update device firmware, many different implementations can be found on the market.

Embedded developers can simply get one of the available libraries from their specific hardware vendor or cloud service provider to manage the update process. However, these implementations are specific to the vendor or platform and cannot be easily ported to other systems. Adopting a new platform usually means redesigning the FOTA process from scratch.

The problem of vendor compatibility can be resolved by adopting the LwM2M standard, which is hardware agnostic and can be implemented on any hardware platform. The standard provides clear guidelines on how devices should report their data, how remote configuration can be performed using server commands, and how firmware updates can be executed, regardless of the device manufacturer, firmware version, or hardware platform used.

Firmware update process

Generally speaking, the LwM2M firmware update process consists of four steps:

1. The IoT device (referred to as the LwM2M Client) is triggered to initiate the firmware update process.

2. The LwM2M Client downloads the firmware and reports to the LwM2M Server when the download is finished.

3. The LwM2M Client performs the firmware update after validating the integrity and authenticity of the new firmware which is done through a process called secure boot.

4. The Client attempts to run the new firmware and reports the status to the Server. If succeeded, the device starts running the new firmware, if an error is encountered the device performs a rollback to the earlier firmware version.

This procedure is defined in detail in the LwM2M specifications (see LwM2M specifications). To add firmware update capabilities to a device, the Firmware Update Object /5 needs to be implemented containing all essential functionalities for conducting the update and reporting the status. Several LwM2M Clients natively support this Firmware Update Object, including AVSystem’s Anjay.

Updating a device’s firmware using AVSystem’s LwM2M Server called Coiote IoT Device Management Platform

Downloading new firmware

Timing is critical when it comes to firmware updates. If the radio signal quality is poor, transferring data can take a lot of time due to low throughput caused by lost data packets that need to get retransmitted. Since the device’s radio module must be in the connected state for a long time, downloading the file in such circumstances results in a faster battery drain.

The LwM2M standard defines two methods to perform a firmware update, allowing either the Server or the Client to decide on the best moment to initiate the firmware download process. 

The two methods are PULL and PUSH.

1. PULL method:A device receives the location of the file that is to be downloaded and pulls the file from it.

2. PUSH method: A LwM2M Server pushes the firmware file to the device.

PULL method
In the PULL scenario, the LwM2M Server provides the device with the address of the server containing the firmware file known as the package URI. The device subsequently downloads the firmware from the so-called firmware repository at the earliest available opportunity.

PUSH method
In the PUSH scenario, the LwM2M Server determines the moment to initiate the firmware download, ideally based on the connectivity conditions. The device must have access to information such as Radio Signal Strength and Link Quality to support such server-side decision-making these resources are available in the LwM2M Connectivity Monitoring Object /4.

Firmware Delivery Methods

Firmware Update Object

The FOTA process is defined in the Firmware Update Object /5. This Object defines the update process using four states(defined by Resource/5/*/3), as well as multiple update results(defined by Resource/5/*/5) representing the most common outcomes of the firmware update process.

Learn more about the Firmware Update Object on the OMA LwM2M Object and Resource Registry.

Firmware Update Process

Conclusion 

Remote IoT device updates are essential for the long-term success of IoT applications. Software bugs and security vulnerabilities will be found when deploying devices in the field which should be operational for years. As physical access to devices is often impossible to realize, FOTA is required for each, if not all IoT deployments.

Updating firmware remotely poses some serious challenges. Devices are constrained in terms of (flash) memory, battery capacity, and available bandwidth, and often use unstable connections to the cloud. The LwM2M standard proposes a method to update the firmware of resource-constrained IoT devices. Through a structured approach with standardized states and error codes, developers can be assured that new firmware images can be safely sent to their fleet of devices in the field, regardless of the hardware vendor or cloud platform used.

________________________________________________________

If you want to receive more tips as those presented in this guide, subscribe to our IoT newsletter here.