You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

23 lines
2.6 KiB

In this article, we have presented a concept for building and publishing cryptographically secure \textit{Over The Air} updates for embedded devices based on ESP8266 microcontrollers.
A proof of concept implementation has been developed, which is now an essential part of the home-automation development and deployment in the \textit{Magrathea Laboratories e.V.} hackerspace.
All of the devices running the OTA-enabled firmware have undergone multiple major updates without any problems.
This includes a major network configuration change and an important stability fix for the network communication stack.
All devices applied the update successfully and started to work without any manual interaction required afterwards.
While the devices from various manufacturers in the hackerspace are all delivered with a pre-installed firmware, which is thought to be ready for smart home application, none of them has been provided with updates by the manufacturer so far.
It is not visible to the users if the current firmware of these devices is at the latest version nor which versions are installed or how to update them.
The update infrastructure has been the crucial point for most of our members towards the framework.
Enabling the developers to do updates in combination with the shared configuration and behavior provided by the framework resulted in a massive speedup when it comes to project deployment.
Before that, the cost for applying changes after deployment was estimated so high, that most projects tend to delay deployment until all required and wanted features were implemented.
Now, as the devices are deployed as soon as the hardware is considered stable, these devices start to provide functionality early and therefore the developers can get better feedback on the provided functionality.
The project will be continued to extend the functionality and security with features already being in development.
The latest development includes further security enhancements by implementing checksum verification during startup where the hash of the firmware image is checked on each boot by the bootloader to detect tempering and defects.
It also considers including the device identifier into the signature to prevent confounding of images between different device types.
Last, the standby ROM slot will be updated right after each successful update to be more failsafe.
In addition, the information provided by the device about the firmware status will be enhanced to allow better control and reduce maintenance effort even more.
A web interface to review the published information is currently in development.