As more and more resource-constrained IoT devices are being deployed, firmware updates over the air (FOTA) are becoming increasingly important. As physical access is often expensive, or even impossible to realize when operating large deployments in remote, hard-to-reach locations, FOTA provides a way to fix bugs, patch security vulnerabilities, or add functionality throughout the lifespan of a connected device. Lightweight M2M (LwM2M) defines the process for remote firmware updates in detail. When following the standardized guidelines provided by the protocol, updating the firmware of resource-constrained devices remotely can be accomplished effortlessly, regardless of the device or platform used.
“As more and more resource-constrained IoT devices are being deployed, firmware updates over the air (FOTA) are becoming increasingly important.“
Updating Firmware with LwM2M
Every platform or device vendor can develop a custom FOTA mechanism, also known as FUOTA (Firmware Update OTA) or DFU (Device Firmware Upgrade). As there is no globally unified method to update device firmware, many different implementations can be found on the market.
Embedded developers can simply get one of the available libraries from their specific hardware vendor or cloud service provider to manage the update process. However, these implementations are specific to the vendor or platform and cannot be easily ported to other systems. Adopting a new platform usually means redesigning the FOTA process from scratch.
The problem of vendor compatibility can be resolved by adopting the LwM2M standard, which is hardware agnostic and can be implemented on any hardware platform. The standard provides clear guidelines on how devices should report their data, how remote configuration can be performed using server commands, and how firmware updates can be executed, regardless of the device manufacturer, firmware version, or hardware platform used.
Firmware Update Process
Generally speaking, the LwM2M firmware update process consists of four steps:
- The IoT device (referred to as the LwM2M Client) is triggered to initiate the firmware update process.
- The LwM2M Client downloads the firmware and reports to the LwM2M Server when the download is finished.
- The LwM2M Client performs the firmware update after validating the integrity and authenticity of the new firmware which is done through a process called secure boot.
- The Client attempts to run the new firmware and reports the status to the Server. If succeeded, the device starts running the new firmware, if an error is encountered the device performs a rollback to the earlier firmware version.
This procedure is defined in detail in the LwM2M specifications (see LwM2M specifications). To add firmware update capabilities to a device, the Firmware Update Object /5 needs to be implemented containing all essential functionalities for conducting the update and reporting the status. Several LwM2M Clients natively support this Firmware Update Object.
Downloading New Firmware
Timing is critical when it comes to firmware updates. If the radio signal quality is poor, transferring data can take a lot of time due to low throughput caused by lost data packets that need to get retransmitted. Since the device’s radio module must be in the connected state for a long time, downloading the file in such circumstances results in a faster battery drain.
The LwM2M standard defines two methods to perform a firmware update, allowing either the Server or the Client to decide on the best moment to initiate the firmware download process. The two methods are PULL and PUSH:
With the p0ull method, a device receives the location of the file that is to be downloaded and pulls the file from it. In the PULL scenario, the LwM2M Server provides the device with the address of the server containing the firmware file known as the package URI. The device subsequently downloads the firmware from the so-called firmware repository at the earliest available opportunity.
An LwM2M Server pushes the firmware file to the device. In the PUSH scenario, the LwM2M Server determines the moment to initiate the firmware download, ideally based on the connectivity conditions. The device must have access to information such as Radio Signal Strength and Link Quality to support such server-side decision-making these resources are available in the LwM2M Connectivity Monitoring Object /4.
Firmware Update Object
The FOTA process is defined in the Firmware Update Object /5. This Object defines the update process using four states(defined by Resource/5/*/3), as well as multiple update results(defined by Resource/5/*/5) representing the most common outcomes of the firmware update process.
Firmware Update Object States
State 0: Idle
Before downloading and after successfully updating the firmware, the device reports its state as idle.
State 1: Downloading
The new firmware is on the way from the firmware repository to the Client.
Possible Update Results Errors:
URI resolution failed due to:
Unsupported package type (result 6)
Invalid URI (result 7)
Unsupported protocol (result 9)
Download failed due to:
Insufficient flash memory (result 2)
Insufficient RAM (result 3)
Connection loss (result 4)
Integrity check failed (result 5)
State 2: Downloaded
The firmware download is completed and all packets are received successfully.
State 3: Updating
When the update resource is triggered, the LwM2M Client starts updating its firmware. If the update was performed successfully, the state changes back to Idle (state 0).
Possible Update Results:
Firmware update failed (result 8)
Integrity check failed (result 5)
Firmware updated successfully (result 1)
State 0: Idle
After successfully updating the firmware, the device reports its state as idle and its Update Result as Firmware Updated Successfully.
Essential Device Updates
Remote IoT device updates are essential for the long-term success of IoT applications. Software bugs and security vulnerabilities will be found when deploying devices in the field which should be operational for years. As physical access to devices is often impossible to realize, FOTA is required for each, if not all IoT deployments.
Updating firmware remotely poses some serious challenges. Devices are constrained in terms of (flash) memory, battery capacity, and available bandwidth, and often use unstable connections to the cloud. The LwM2M standard proposes a method to update the firmware of resource-constrained IoT devices. Through a structured approach with standardized states and error codes, developers can be assured that new firmware images can be safely sent to their fleet of devices in the field, regardless of the hardware vendor or cloud platform used.