IoT Project Lifecycle: Key considerations for OTA updates at scale [Part IV]

From entertainment to security, automation is now pervasive. Intelligent devices are transforming our homes while enriching our lives, making them more efficient, productive and environmentally friendly.

Most embedded devices run Linux, and their number is poised to keep growing. As we move into a world where our houses are full of devices storing personal information and with cameras and microphones attached to them, it’s important to celebrate the role of free software in powering such a revolution. Whilst we strongly believe in the power of open source to unleash creativity, this enormous success brings profound responsibilities to the Linux community.

Legacy embedded systems were largely unconnected, with manually applied updates at most comprising functional fixes. The new wave of devices is connected to the internet, allowing hackers to exploit eventual bugs. Is the current paradigm capable of delivering reliable software updates to low-powered, inaccessible, and often remotely administered embedded Linux devices in the field?

Legacy update mechanisms are not suitable for IoT devices

Most updates rely on tarballs and shell scripts, paralleling the evolution of early Linux distros with packages in tarballs without dependencies. A scripted update is not robust, as it lacks atomicity and can’t update the kernel in raw flash memory [1].

Modern tools and package managers like dpkg and RPM solve some problems by including a complete set of dependencies but still provide non-atomic, incremental updates. A package manager usually replaces existing files and binaries on the system, often in long interdependent chains that can leave the updated machine in a non-working state. If the handcrafted package-based releases require specific pre/post-install scripts, they risk rendering the system inconsistent [2]. 

When you need to revert to the previous software, downloading an old version from a package repo and installing it over a broken system may require a complex set of scripts from a package maintainer. Developers often obtain newer or older versions of the dependent packages to solve the challenge of installed libraries having dependencies on specific software, potentially breaking compatibility further and pushing the problem to another set of packages [3]. 

Furthermore, whereas an apt-get update works fine for servers within a secure environment, intermittent power and network outages for devices in the field mean an update will likely be interrupted. Whether driven by a software bug, power outage or filesystem issue, the system may become inconsistent and require costly, expert manual intervention to recover.

Also, as we discussed in Part IV of this series, the next generation of IoT innovations is moving too fast compared to the release cadence of standard Linux distros.

Key considerations for OTA updates

IoT devices need a robust, production-grade software distribution mechanism capable of shipping unattended, over-the-air (OTA) updates. Not only are OTA updates needed to keep the devices safe in the field by fixing bugs, but also to deploy new features for enhanced performance. 

Building a fail-safe mechanism for update recovery and scalable infrastructure for OTA is quite expensive and time-consuming. Furthermore, an updater must meet a few requirements to be effective at scale. First, the remote nature of many embedded devices means:

• They need to roll back in case of faulty updates
• The service needs to deliver robust, automated updates 
• The system must have enough redundancy to handle autonomous re-provisioning and network-free bootstrapping.

The provisioning of critical updates is also crucial, as the devices may need urgent bug fixes and vulnerability patching beyond the regular update cadence. Furthermore, unattended updates must be atomic to prevent rendering the device unusable, and they need to preserve user data.

Solving the software updates challenge for IoT devices

At Canonical, we know we stand on the shoulders of giants in building Ubuntu. We are now raising the bar of what is possible in the world of free software while delivering it with phenomenal security. 

With Ubuntu Core, we built the lightest and most secure version of Ubuntu for IoT devices. As Ubuntu Core is the premier embedded Linux choice by innovators, we are committed to keeping it secure by automatically delivering OTA updates on day zero.

The update mechanism of Ubuntu Core is faster, more efficient and more reliable than the traditional package-based approach to IoT devices. Ubuntu Core allows atomic transactional updates in the system. The kernel, the rootfs and any application on top are all transactionally updated, allowing for faster, more reliable updates.

The system attempts to apply OTA delta diffs to conserve bandwidth. It moves forward on success or automatically rolls back in case of failure. Ubuntu Core mitigates data corruption caused by modification during application update failures. It maintains the original data before the upgrade, allowing seamless rollbacks as needed. Unlike alternative or more traditional package managers, a failed update never leaves the system in an unpredictable state.

Furthermore, with each software release, developers can bundle everything their IoT device needs into one package, eliminating the risk of missing dependencies.

From the tiniest devices up to the heaviest x86 server, developers can now prototype, build and ship production-ready devices that will automatically update themselves to their latest version; with all the security fixes they expect from Ubuntu. Ubuntu Core and its robust OTA update mechanism enable the next generation of secure, open and extensible IoT devices, from set-top boxes and home hubs to robots and drones, unleashing a new wave of creativity and innovation.

Further reading

Why is Linux the OS of choice for IoT devices? Find out with the official guide to Linux for embedded applications. 

Working on a new IoT project, but unsure which OS to pick? Learn about the trade-offs between Yocto and Ubuntu Core.

Read our whitepaper on IoT lifecycle management for more insights. 

Join the conversation on IoT Discourse to discuss everything related to IoT and tightly connected, embedded devices.