IARIA-Paper-2017
/
esper-ota
4
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
15 Commits
1 Branch
0 Tags
7.9 MiB
Tree: 60fd8039b8
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '60fd8039b8'
${ noResults }
esper-ota/4-requirements.tex

32 lines
2.5 KiB
Raw Blame History

\section{Requirements}
The following requirements are defined as global project goals and have been refined during the work on the project multiple times.
\begin{itemize}
\item The systems should be able to perform updates on the release of new software without administrative interaction.
If a new version of the firmware is published, it should be prepared automatically for installation to the target devices.
All these devices should then download and install the new software version and start using it subsequently, if no errors have occurred during the process.
\item To ensure minimal maintenance effort, the update process should be insusceptible to errors as most as possible.
Even if the installation of an update fails in the middle of reprogramming the controller, the system should continue to work fully functional immediately and after a reboot.
\item Downloading the updated firmware should be done over the WiFi interface using the same network connection as used during normal operation.
Fetching the firmware should be done side-by-side with other traffic produced during operation.
\item The update process can happen over any untrusted wireless network or Internet connection without being vulnerable to attackers.
To prevent possible attackers from injecting malicious software into the embedded devices, a cryptographic signature mechanism must be implemented.
New firmware only gets accepted by the device, if the cryptographic signature of the downloaded firmware image can be verified.
\item Reducing network load and aiming for the maximum possible device uptime is critical.
Therefore, the update process should only be done if a new version is available.
In contrast, the release of a new update should be rolled out to all devices as fast as possible.
While checking for available updates and downloading such an update, the device should continue to work as usual.
\item For easy maintenance and monitoring, each device should provide detailed information about the currently installed firmware version and other details relevant for the update process.
\item Devices are categorized by types.
Each type runs the same software and therefore provides the same functionality.
As the device type is hardly coupled to the hardware and the software interacts with it on a specific way, the update process must ensure that the correct firmware is used while reprogramming.
The according device type is provided as a string through a global constant at compile time and it must never be changed during operation.
\end{itemize}