Self Replicating IoT Firmware Update System


Regular price $5,000.00

The Self Replicating Firmware Update System implements the concept of Self Replicating Firmware: one single image - your app - is all that needs to be deployed onto the device and delivered as a firmware update.

This system works on Cortex-M0, M3, M4 MCUs.  It does not require a bootloader, as it is embedded into your application.  All that is needed is a few linker script tweaks, integration of the bootloader and update client, and inclusion of the Python-based firmware manifest and patch generator tool.

The patches are delivered as "delta updates" which can result in very small OTA update packages saving your devices download time and bandwidth.

This firmware update system is offered for $5000 CAD. All source code is provided under the BSD-3-Clause license, with the only additional restriction that it be used only in physical products that your company designs and sells. I will perform the integration of this system to your project in your on-line Git-based repository, as there are some linker and build script changes required. 

What you get:

  • Full source code to all components including firmware and build-machine firmware post-process and patch generation tool.
  • User guide.
  • Firmware patch and manifest generation tool. This tool is written in Python and run in that environment.
  • My time to glue it into your project.
  • Support for 30 days after integration to ensure things are working right for you.

Architecture Overview

  • Bootloader is actually part of the main application, so there is no need for managing separate builds, and no need for generating "combined" images for manufacturing. This also allows updating of the bootloader function along with the main application.
  • Bootloader resides at the start of the flash, right after the vector table and before application main(). The linker script is modified to ensure all bootloader functionality is located in the first 4K sector of flash
  • Bootloader always runs first and checks the designated flash area for the presence of a valid image. If such an image is found, it starts the update.
  • The bootloader kernel is loaded into RAM to handle the firmware installation. The installation begins at the last sector of the app and works downward such that the bootloader sector is the last to be updated. If the device reboots or fails at any time during the update, as long as the first sector in flash remains intact, the bootloader will start again. The attempts are recorded in RAM and a limit can be set to avoid repeated updates.
  • There is an API you use to "install" the firmware patch file, which you obtain through means outside the scope of this bootloader and firmware update system. The API accepts chunks of downloaded firmware, and will reconstruct the complete firmware based on what is currently stored in the device and the downloaded patch file. The reconstructed firmware is placed into wherever the update-storing API is bound, e.g. an external SPI flash, SPI FRAM, or internal flash. There could be a file system that you provide for that, but in the absence of one the firmware staging area is written/read directly at a fixed offset with APIs I provide.
  • I also provide basic integrity around the firmware update in the form of a CRC and optionally enhanced security in the form of elliptic curve firmware signature (ECDSA) with optional AES encryption. The signatures are the most robust way to protect your system, and I would recommend that you use that scheme especially if you use external flash to stage the update image. However, additional code space is required to store the ECDSA algorithms.
  • Works with ARM Cortex-M0, M3, M4 and beyond MCU cores.

If you have further questions about this or any other requirements you wish to discuss, or to purchase, please contact us.