IARIA-Paper-2017
/
esper-ota
4
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
47 Commits
1 Branch
0 Tags
7.9 MiB
Tree: 0e465beea0
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '0e465beea0'
${ noResults }
esper-ota/4-requirements.tex

40 lines
2.6 KiB
Raw Blame History

\section{Requirements}\label{req}
\makeatletter
\renewcommand{\@IEEEsectpunct}{\,}% Modified from {:\ \,}
\makeatother
For the implementation of an OTA update mechanism, the following requirements were defined.
\subsubsection{}\label{req1}
The systems should be able to perform updates on the release of new software without manual interaction.
If a new firmware version is published, it should be prepared automatically for installation on the target devices.
All these devices should then fetch and install the new software version and start using it subsequently, if no errors have occurred during the update.
\subsubsection{}\label{req2}
To ensure minimal maintenance effort, the update process should be insusceptible to errors as much as possible.
Even if the installation of an update fails in the middle of reprogramming the device, the system should continue to work fully functional immediately and after reboot.
\subsubsection{}\label{req3}
Firmware downloads should be performed over the same WiFi connection as used during normal operation.
Fetching the firmware should be done side-by-side with operational traffic.
\subsubsection{}\label{req4}
The update process can happen over any untrusted wireless network or Internet connection and therefor must not being vulnerable to attackers.
To prevent possible attackers from injecting malicious software into the embedded devices, a cryptographic signature mechanism must be implemented.
New firmware only gets accepted by the device, iff the cryptographic signature of the downloaded firmware image can be verified.
\subsubsection{}\label{req5}
To reduce network load and aim for the maximum possible uptime of the device, the update process should be done only if a new firmware version is available.
In contrast, on the release of new firmware, the roll-out to all devices should be performed as fast as possible.
While checking for available updates and downloading such an update, the device should continue to work as usual.
\subsubsection{}\label{req6}
For easy maintenance and monitoring, each device should provide detailed information about the currently installed firmware version and other details relevant for the update process.
\subsubsection{}\label{req7}
Devices are categorized by types.
Each type runs the same software and therefore provides the same functionality.
As the device type is hardly coupled to the hardware and the software interacts with it on a specific way, the update process must ensure that the correct firmware is used while reprogramming.
\makeatletter
\renewcommand{\@IEEEsectpunct}{:\ \,}
\makeatother