Embitel

Search
Close this search box.

FOTA Update | Firmware Over The Air – For IoT And Automotive Devices

Whether it is an automotive ECU product or field-deployed Industrial Automation devices, integration of Firmware over the Air / FOTA update feature has become a mission-critical process.

Firmware Over the Air update is necessary to ensure secure and robust operations of remote devices in Industry 4.0, automotive and healthcare domains.

Leverage our IoT and Automotive domain expertise of more than 12 years, for custom development of hardware and software components for FOTA update.

Firmware Over the Air – Success Stories

Features of Our FOTA Update Solution for Remote Device Management

Our end-to-end FOTA solution can be customised to facilitate the following:
Remote device management


  • Remote device management through OTA software updates
  • Scheduling, release and reporting of the firmware build versions through a web server interface solution

Controlled and customized OTA


  • Controlled and customized OTA software release management, through logical device grouping based on project requirements

data integrity & source authentication


  • Code signing to ensure trustworthiness (data integrity & source authentication) of each firmware image being updated

downtime is minimized


  • Ensuring that device downtime is minimized during updates

FOTA update


  • Ensuring that every session of FOTA update is complete and atomic; so that the firmware update does not end in an incomplete/broken state

Firmware Over the Air – Services We Offer

Ready-to-Deploy FOTA Micro Stack for Automotive Applications

We have developed a ready-to-deploy FOTA micro stack for expediting the development activities of automotive applications such as In-Vehicle Infotainment System, Digital Instrument Cluster, Digital Cockpit, etc. Introduction of new software features or update of existing software can be accomplished through the FOTA micro stack. The stack facilitates Cloud based OTA in which the updates can be scheduled at a specific time. And at that time, the binaries are downloaded from the cloud. On system restart, the changes are installed and executed. End to end implementation of an automotive FOTA solution takes 60-70 days. The ready-to-deploy stack enables the implementation of the FOTA solution within 18 days.

How Does the FOTA Micro Stack Work?

OTA updates are installed in the root file system of the automotive application. For instance, in Linux OS, there are three parts – U-Boot, Kernel and RootFS.

  • Whenever the system reboots, it will load the bootloader, kernel and then check which partition to boot with, i.e., partition A or B.
  • To update partition A, the firmware is downloaded and stored in persistent memory. The firmware is then extracted and installed in partition A. The system is then rebooted.
  • Once it reboots, the same process is followed to update the firmware in partition B.
FOTA Workflow

The FOTA micro stack consists of three modules:

  1. FOTA Gateway
  2. Download Engine
  3. Update Engine

The functions of each module are explained in the diagram below:

System Diagram

Error Handling Features of FOTA Micro Stack

  1. Error handling on connectivity loss with FOTA Server
  2. Error handling for firmware version (expected greater version than existing version of firmware)
  3. Error handling for download failure
  4. Error handling for installation failure (Recovery)

Smart Cluster Architecture with FOTA Micro Stack

The detailed layered architecture of a smart cluster with the FOTA micro stack implemented is shown below.
detailed layered architecture

[Video] What Makes Firmware Over the Air (FOTA) an Automotive Superhero?

Components of FOTA Update System

FOTA Update System

OTA Update for Your Connected System: Business Benefits

Anytime, on Any number of connected systems

FAQs Regarding FOTA Update: IoT and Automotive Devices

In your FOTA update solution, you have mentioned about two strategies for firmware flashing - directly from the server and via an intermittent Gateway device? How do I choose between the two?

Ans. This decision regarding the method of firmware flashing will depend on the following factors:

 

  • Number of devices to be updated ( A Gateway device is preferred if the number of deployed target devices is on the higher side)
  • The type of communication interfaces available
  • The operating environment of the deployed devices
  • Desired cost-effectiveness of the FOTA feature
Can you share details regarding the built-in security features of your FOTA solution?

Ans: We had ensured to make security features part of the FOTA solution at the design stage of the SDLC.

 

Following are the details regarding our FOTA security features:

 

  • Integrated HTTPS & SSL certifications: to ensure Secure data exchange
  • Encryption Keys and security certificates for secure communication between server and target devices
  • Role based Access Control to avoid any unauthorized data access
  • Code Signing: to verify the authenticity and integrity of firmware executables and scripts and to safeguard them against any malicious tampering by unauthorized agents.
Firmware Over the Air Subscribe-Publish or Polling mechanism: which one would be ideal for my business use case?

Ans: Based on our experience, a subscribe –publish mechanism for FOTA upgrade is ideal for large scale implementations. Additionally, a subscribe –publish mechanism offers following advantages over the Polling mechanism:

 

  • Cost effective
  • Minimizes data usage

Reason – field-deployed devices are not required to check for new firmware update every now & then . Any new firmware update package or image that gets published in the server, is notified to the devices as per the schedule.

 

Polling mechanism is easier to implement but consumes more data.

Please share some details regarding the reusable components of your FOTA reference design, if any?
Ans: The following components, of our FOTA reference design, can be reused in order to save development time and cost of your customized FOTA solution:
  • Ready to deploy Bootloader Software
  • Software components deployed for secure file transfer, update notifications.
  • Reusable Algorithms for accurately
    • updating the new firmware,
    • Identifying the update requirements
    • Validating the existing firmware versions
Additionally, Gateway device (Linux based) can also be reused if the target application is also based on Linux.
What are the various types of IoT gateway devices that support FOTA upgrade feature?

Ans: IoT gateway devices that support firmware OTA flashing on connected devices can belong to one of the following categories:

 

  • Processor and OS based Gateway: preferred for large scale (industrial) deployments. These are easily scalable and depend on application processor and the base OS ( Android/Linux).Cost of such IoT gateway devices is also comparatively higher.
  • Microcontroller based Gateways: These are preferred for applications which require specific functionalities like – better device connectivity, reduced memory and power consumption; and involve lower BOM cost.
  • Mobile Device as a Gateway: These are preferred when target devices are fewer in number and individually owned.

At Embitel, we have developed IoT gateway devices at various scales and for different application domains, specifically for telematics and industrial automation systems.

What are the different components of the backend server architecture of your Firmware over the Air solution?

Ans: Following are the details regarding our backend server architecture:

 

  • We have deployed Postgress relational database to leverage the following benefits:
    • Open Source nature and support for an enterprise-class performance
    • Cross platform compatibility ( UNIX, Windows, Native Windows)
    • Responsive in high volume environments
    • Exhaustive library and framework support
    • Full database encryption to ensure security
  • Our solution is backed by an Nginx server for file transfer. Our team took this decision based on the following features of an Nginx server:
    • Versatile, efficient and light-weight web server
    • Easy and simpler installations
    • Ideal for serving static files pdf, zip, html, mp4 & others
    • Support for high concurrent traffic
    • Compatible with commonly-used web apps like WordPress, ruby, python, Joomla, drupal etc.
  • We have also leveraged Django framework for developing interfaces for the target devices. The Django framework is known for its scalability, security and ease of execution – features that make it a favorite among the web developers.
How does your solution ensure security of the Backend operations during the FOTA upgrade?

Ans: In order to ensure security of backend operations in the server and to avoid unauthorized access of the backend data, we implement:

 

  • Password based authentication control, or
  • Certificate based authentication (CA)
How does the server keep a track of software image version? How can we revert the updated firmware image, if some bugs are detected after deployment?

Ans.All details related to firmware file and each of the versions (previous and the new) are stored systematically in the tables of the relational database.

 

The tables would include information such as the file name, the version number, and the action required (upgrade or delete) pertaining to each firmware package.

This ensures accurate version management  of the firmware package, which is being deployed in the target devices.

In case a new version of the firmware has a bug or does not meet the desired expectations, there are provisions to roll back to the previous firmware version, using the information in the backend database.

How scalable is the backend infrastructure? How can we plan to manage the increase in number of devices to be updated using FOTA feature?

Ans. We use the Nginx server for backend operations which provides robust support for load balancing The NGINX server is an efficient (HTTP) load balancer, suitable for wide range of web applications.

 

The NGINX server has an event-driven (event as in any communication request) architecture that empowers it to manage thousands of connections within a single process with efficient use of hardware and memory.

 

Thus, even if the number of connected devices that needs a FOTA upgrade increases post initial-deployment, the NGINX server can easily process their connection request without creating traffic spikes.

Can you share information regarding the skill-sets of your team involved in FOTA solution development for IoT and Automotive applications?

Ans. Our experienced solution development is a vibrant bunch of Industrial Automation and Automotive domain experts, with the following core skill-sets:

 

Expertise in IoT communication protocols (MQTT, CoAP, HTTPS)

Testing and validation expertise
Experience in Bootloader Software Development
Know-how and hands-on in system security best practices

Knowledge bytes

IoT devices deployed at remote locations or on an expansive field can be upgraded through the FOTA update feature. This applies to all connected devices at industries/enterprises and automotive applications. There are three ways in which the device can be updated:
  • Gateway-to-Cloud FOTA Update – A group of devices are connected to an IoT gateway. The FOTA update is sent to the gateway that is connected to the internet. The firmware on the individual devices do not undergo any changes, and only the gateway is updated with the new firmware. This is more commonly seen in use cases where the IoT devices are not internet-enabled and do not have too much computing power. In such cases, the individual devices are also protected from the internet by the gateway.
  • Edge-to-Gateway-to-Cloud FOTA Update – In this method, the firmware on the individual IoT devices connected to the gateway are updated. However, the gateway itself may not be updated with new firmware at that point of time. The IoT devices in these use cases have enough computing capabilities and can perform the FOTA update without the need for internet connectivity.
  • Edge-to-Cloud FOTA Update – This method of FOTA update is more prevalent in consumer IoT devices as they are in the proximity of WiFi signals at small commercial buildings or homes. The device receives the updates directly from a remote server through the Internet and the updates are installed.
The modern car, truck or even a two-wheeler is powered by millions of lines of software code. New vehicles are embedded with more mini computers than ever before. Most of the operations in a vehicle are controlled by automotive ECUs – the cabin climate control, automotive lighting systems, safety modules, in-vehicle infotainment, and much more. Software update is, hence, a necessity for all modern vehicles as it keeps the automobile in perfect working condition. Most service stations update the software in a vehicle when it is brought in for servicing. Through the vehicle’s VIN number, the service centre personnel can identify the version of software that is used in the vehicle and whether it needs any update. The software is then downloaded and updated on the vehicle through a special cable that fits into the car’s mini computer. However, a more convenient way to update the software on a vehicle is through the internet. This is referred to as FOTA update. Firmware over the Air (FOTA) is a boon for all modern vehicles, as it enables automotive ECU software update. From the automotive OEM’s point of view, enabling FOTA update feature can minimize product recall expenses, improve product quality, increase operational efficiency and also deliver enhanced post-sale services to customers.

The reasons are many. Some of the most common needs are mentioned below:

  • A software update reformats the vehicle’s ECU and hence, rectifies factory software issues that may be causing some inconvenience to the driver.
  • When auto manufacturers identify opportunities to improve the efficiency or durability of the car’s ECU, they deploy FOTA updates to implement these firmware changes.
  • FOTA update can also rectify latent safety issues that were not accounted for in the factory software.
FOTA Installation is a Three Step Process:
  • New update or the new version of the software/firmware is made available in the cloud server by the device owners.
  • The latest firmware update is downloaded and made available to the network of the IoT or automotive devices (For e.g., a Vehicle Telematics system in a car or an IoT enabled equipment in a manufacturing plant).
    • The FOTA server stores all the information related to the devices in the network such as the current status and the existing version of the firmware in use, within a large database.
    • The server also manages the process of sending the firmware to the target application as and when it is published or based on a schedule. The FOTA server identifies any bug in the firmware and reports it as well.
    • The end devices or the applications pull the upgrades from the FOTA server based on either the subscribe-publish mechanism or a polling mechanism over a secure wireless (Wi-Fi/ BLE) connection.
  • The firmware is then installed in the end-user application with the help of a bootloader.
Scroll to Top