You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
30 lines
2.3 KiB
30 lines
2.3 KiB
\section{Requirements}
|
|
|
|
For the implementation of an OTA update mechanism, the following requirements were defined.
|
|
|
|
\begin{itemize}
|
|
\item The systems should be able to perform updates on the release of new software without manual interaction.
|
|
If a new firmware version is published, it should be prepared automatically for installation on the target devices.
|
|
All these devices should then fetch and install the new software version and start using it subsequently, if no errors have occurred during the update.
|
|
|
|
\item To ensure minimal maintenance effort, the update process should be insusceptible to errors as much as possible.
|
|
Even if the installation of an update fails in the middle of reprogramming the device, the system should continue to work fully functional immediately and after reboot.
|
|
|
|
\item Firmware downloads should be performed over the same WiFi connection as used during normal operation.
|
|
Fetching the firmware should be done side-by-side with operational traffic.
|
|
|
|
\item The update process can happen over any untrusted wireless network or Internet connection without being vulnerable to attackers.
|
|
To prevent possible attackers from injecting malicious software into the embedded devices, a cryptographic signature mechanism must be implemented.
|
|
New firmware only gets accepted by the device, if the cryptographic signature of the downloaded firmware image can be verified.
|
|
|
|
\item To reduce network load and aim for the maximum possible uptime of the device, the update process should only be done if a new firmware version is available.
|
|
In contrast, on the release of new firmware, the roll-out to all devices should be performed as fast as possible.
|
|
%While checking for available updates and downloading such an update, the device should continue to work as usual.
|
|
|
|
\item For easy maintenance and monitoring, each device should provide detailed information about the currently installed firmware version and other details relevant for the update process.
|
|
|
|
\item Devices are categorized by types.
|
|
Each type runs the same software and therefore provides the same functionality.
|
|
As the device type is hardly coupled to the hardware and the software interacts with it on a specific way, the update process must ensure that the correct firmware is used while reprogramming.
|
|
|
|
\end{itemize}
|