SSZT556 January   2019

 

  1.   1
  2.   2
    1.     3
    2.     OTA Out of the Box
    3.     Additional Resources
    4.     To Learn More about Amazon FreeRTOS and TI’s SimpleLink Wi-Fi Devices:

Nick Lethaby

GUID-10C071EB-4094-4146-A638-197739F492D2-low.jpg

Over-the-air (OTA) updates enable remote patching of bugs or security flaws and are an important asset to connected devices. A poorly implemented OTA process, however, introduces significant risk to both original equipment manufacturers (OEMs) and consumers. Because a flawed update can “brick” (render nonfunctional) a connected device, OTA updates offer an opportunity for the introduction of malware that can compromise security for both consumers and the OEM.

I recently had an OTA update go wrong when my Android phone hung during the early stages of an update. There was no way to force a reset manually, and I had to wait 12 hours until the battery died. After resetting, my phone began correctly using the previously installed version of Android.

Fortunately I was at home at the time, so having a phone was not critical. However, had I been out meeting engineers and relying on my phone’s navigation to get around, I would have been in serious trouble. I was thankful that my phone had one key OTA safety-net feature built-in: the ability to revert to the previous software version so that my device worked again. I would just rather not have had to wait 12 hours for that reversion to occur!

There have been publicized cases of Internet of Things (IoT) products such as smartlocks that were rendered permanently unusable by OTA updates unless they were sent back to the manufacturer to be fixed. So when designing a connected device, it’s important to implement OTA updates in a manner that avoids reliability or security problems.

OTA Out of the Box

Since an OTA implementation requires the interaction of cloud-based software services with embedded software on the connected device, providing a pre-integrated solution requires cooperation between the cloud-computing vendor and the semiconductor provider. Amazon Web Services (AWS) and Texas Instruments (TI) have worked together to provide an end-to-end OTA solution that reduces the probability of security breaches or bricked devices. This solution combines the AWS IoT Core service, Amazon FreeRTOS and TI’s SimpleLink™ Wi-Fi®-connected microcontrollers (MCUs).

Amazon FreeRTOS is an embedded software stack based on the FreeRTOS operating system, optimized to run on MCUs with limited memory. Amazon FreeRTOS includes embedded software components that communicate with the cloud-based AWS IoT platform, which provides device management and telemetry. Device-management services include support for OTA updates, which in turn leverage other AWS services such as Amazon Certificate Management for code signing. The embedded software stack provides an OTA agent that executes on the MCU as a FreeRTOS task, coordinating OTA operations such as downloading a new image from the cloud, authenticating the image and handling any interruptions during download.

SimpleLink Wi-Fi MCUs and the associated SimpleLink software development kit (SDK) include wireless networking, security, storage, bootloader and OTA image-management software. Amazon FreeRTOS uses these SimpleLink software components to implement its OTA update mechanism (see Figure 1).

GUID-8DC31CB4-A757-47D2-954E-BF53F8F0C6AB-low.png Figure 1 Amazon FreeRTOS (Red) Leverages Many SimpleLink Features (Blue) in Its OTA Update Solution

SimpleLink Wi-Fi devices offer a complete Transmission Control Protocol/Internet Protocol and Wi-Fi stack with Transport Layer Security to enable a secure, encrypted Message Queuing Telemetry Transport connection to the AWS cloud. SimpleLink Wi-Fi on-chip cryptographic accelerators enable the AWS OTA agent to efficiently authenticate the origin and integrity of the OTA image and guard against man-in-the-middle attacks attempting to substitute malware.

The OTA agent uses the SimpleLink Wi-Fi file system to securely store OTA images so hackers cannot access them and enables a test boot of the OTA image. In cases where the OTA image hangs or fails its self-test, the device automatically reverts to the previous image version available, thus preventing a bricked device.

SimpleLink Wi-Fi MCUs also include special pins for use in your design that enable consumers to force the IoT product to boot using its original factory image. This would have been very useful for my phone to have, as I could have had it working again immediately rather than waiting 12 hours.

Additional Resources