Another IoT Core OTA Firmware Update Demo

Back again with a demo of updating firmware - this time with the STM32 line of MCUs.  This same demo has been deployed to TI and STM devices now.  Why do I keep coming back to this?  I know its not particularly exciting.  I know you can't check your soil moisture level with this.  But I build these demos because they are hard and they are necessary.  Yes, eventually I will get to making real, useful and very cool IoT device applications that you can use right away.  And they will employ this same OTA update technology you see here.  

Updating firmware on a distributed population of IoT devices must be done over the air (truck rolls would be far too cost prohibitive) and is therefore a mandatory feature of IoT products. The STM32L1 demo shows updating firmware end-to-end over a 6LoWPAN low-power, lossy mesh network using the Constrained Application Protocol (CoAP). What's really cool about this project is that the tiny low-power device shown in this demonstration is able to communicate to a server anywhere on Earth on the Internet, natively speaking the language of the Internet - IP.

The devices I'm talking about here can be woven into fabric, packaged into Fedex envelopes, tag a smart city asset and placed on your pet's collar. This is the real IoT!

This demo is comprised of a node device, a border router device and a server. After the node starts up, a button press will trigger an OTA firmware update process that contacts an OTA update server, downloads the firmware binary, then applies it - all using the CoAP protocol.

CoAP works over UDP and is a stateless protocol. The node firmware is using the stock Contiki Erbium CoAP client (er-coap). The firmware update server is running a basic node.js script that uses the node-coap package. The CoAP block transfer mechanism is employed to move the the firmware binary bytes to the client (node). Because CoAP is stateless, the node issues a CoAP GET request for each block transfer, which is fixed to 256 bytes. All requests and responses are confirmable, which means that some reliability is added by CoAP to the inherently unreliable fire-and-forget UDP transport. The confirmable CoAP messages require the receive to send an acknowledgement response. If the expected response is not received in a certain time, the request is retried. All of this is automatically handled in the CoAP client (Contiki Erbium) and server (noap-coap) libraries.

The node device is runinng Contiki OS on an ST implementation of ARM's Cortex-M3 embedded in a STM32L152 Nucleo board. The wireless communication is provided with the x-nucleo-IDS01A5 Sub-GHz radio eval board hosting the SPIRIT1 module. The node device is running an IoT Firmware Core for 6LoWPAN with built-in OTA update capability based on the Firmware Modules' FM_Deploy product implementing the IoT Firmware Core deployment model.

In a nutshell, the IoT Firmware Core deployment model generates AES-128 encrypted, relocatable, firmware update files (.fmu format), which allow the IoT Firmware Core running on the device to store locate and execute the application firmware in one of two independent sections in *internal* device flash. No external flash is required for a very secure and robust update process. The currently runnning IoT Firmware Core application is never modified or altered and remains intact while the update is proceeding, completed and even when the updated application becomes the current application as selected by the bootloader. There is always a fall-back application available. It is not possible to brick the device because at no time does the device ever enter a state where it becomes vulnerable to an error that would render the current application un-bootable until the updated application is fully verified in flash.

There you have it - the same vendor-independent OTA firmware update technology running on another MCU device, soon to be deployed with useful IoT applications!


  • There are no comments yet. Be the first one to post a comment on this article!

Leave a comment

Please note, comments must be approved before they are published