Software updates for connected Linux devices: key requirements
10-21, 15:30–15:55 (UTC), Galerie

A key requirement for connected Linux devices is the ability to deploy remote software updates to them so that bugs, vulnerabilities and new features can be addressed while devices live in the field for up to 10 years.

As part of the Mender.io project, we have interviewed more than 100 embedded developers to understand best practices and the current state of enabling software updates for connected devices today. The key requirements found during this study can be split into the following areas we cover:

  • Robustness
  • Ease
  • Performant
  • Secure
  • Extensible

In order to address these requirements, design trade-offs need to be made.

In this presentation, we will cover the most common update strategies, such as using A/B dual rootfs, maintenance-mode updates, package managers, tarballs, and see the trade-offs of each approach.

Remote Software Updates for Connected Devices: Key Considerations

A key requirement for connected devices is the ability to deploy remote software updates to them so that bugs, vulnerabilities and new features can be addressed while devices live in the field for up to 10 years.

As part of the Mender.io project, we have interviewed more than 100 embedded developers to understand best practices and the current state of enabling software updates for connected devices today.

The key requirements found during this study can be split into the following areas:

Robust - the cost of bricking devices is high
Ease - teams generally do not have much time to invest in an updater mechanism
Performant - bandwidth is the key limiting resource for connected devices, but other system resources should also be conserved during the update process. Downtime during the update process should be kept to a minimum.
Secure - the update process must not enable attackers to deploy malicious software to the devices
Extensible - connected devices vary greatly and the updater must be generic and extensible to support the majority of them

In order to address these requirements, design tradeoffs need to be made.

In this presentation, we will cover the most common update strategies, such as using A/B dual rootfs, maintenance-mode updates, package managers, tarballs, and see the tradeoffs of each approach.

We will also consider other important design aspects of an updater, such as validating deployment compatibility, integrity, authenticity, sanity-checking after the update, handling update failures, identifying extension points, device portability, persistent user-data, and reducing bandwidth consumption and downtime.