Failsafe Firmware Updates and Performance Enhancing Upgrades
IoT devices can be deployed widely and be expected to last many years. During this time new features, bug fixes and ML model optimizations may be developed which could extend their useful lifetime. Also, vulnerabilities in common libraries or new threat models may be discovered. In these circumstances, a secure remote update mechanism can protect the investment made in the IoT devices and avoid costly recalls and in-field servicing.
Security is at the core of Pelion Device Management updates. As the updates do not rely on transport security, they are suitable for various update models including broadcast.
The firmware is authenticated through signed metadata known as a Manifest. Devices will only download firmware which has been authenticated through the Manifest.
The Manifest version is checked to block attackers sending old images to devices which may have security vulnerabilities.
The downloaded firmware image is verified to prevent altering the image during transfer.
The Metadata is checked against the model to avoid firmware being accepted by the wrong devices.
Pelion Device Management facilitates the distribution of the image to devices, the application of the new image and recovery in case of a failure. Users of the service can organize update rollouts into Update Campaigns, setting target devices, conditions for update, monitor progress and examine errors.