As firmware updates over-the-air (FUOTA) are increasingly necessary, Witekio is offering FullMetalUpdate, an integrated solution for the STM32MP1. When working on a microprocessor (MPU), the ecosystem around the device is often as important as the device itself. Hence, we wanted to explore what an ST Authorized Partner could bring to engineers implementing FUOTA. Indeed, while ST offers many security features through our STM32Trust initiative, firmware updates over the air extend beyond the embedded system. Teams must configure a server and a multicasting mechanism to send the updates. They must ensure that the payload is secure and implement a way to decrypt it within the MPU without compromising the overall security or integrity. Unfortunately, it often requires tremendous investments.
Table of Contents
1. Overcoming the Implementation Challenge
Why Is FUOTA a Tricky Subject?
The main challenge is that the landscape shaping FUOTA implementations can be opaque and complex to navigate. Some solutions are proprietary, while others are open source but only handle a piece of the overall mechanism. For instance, it’s common to find products that update some aspect of the code but won’t update the operating system. Similarly, some may not feature rollback capabilities or delta updates. It’s the reason why ST works closely with partners like Witekio. Offering a comprehensive and meaningful ecosystem demands extensive knowledge of ST tools.
Why Is Open-Source a Better Approach?
FullMetalUpdate starts with Yocto, the de facto creation tool for custom embedded Linux distribution, and RunC to create the default containers. Additionally, Witekio uses OsTree, a tool developed by RedHat, to manage delta updates. FullMetalUpdate also uses Hawkbit to handle deployment on IoT devices. Hence, Witekio’s solution relies only on open source softwares that have strong community backing. FullMetalUpdate is thus a prime example of what a company can do when it uses standard tools to create new features instead of needlessly starting from scratch. Choosing open source solutions allowed Witekio to develop their solution faster and work on original implementations.
Another critical advantage that comes from choosing an open-source foundation is the inherent transparency. FullMetalUpdate doesn’t obfuscate with proprietary solutions. Customers don’t have to worry about restrictive licenses that would lock them in or frameworks with compatibility issues. FullMetalUpdate for STM32MP1 is entirely open-source. As a result, companies can also understand what’s happening behind the scenes and rely on the open-source community. Indeed, the large following behind all these software will be more apt to find and solve vulnerabilities than a single company maintaining a closed technology. Those reasons also explain ST’s desire to work with the open-source community, as we demonstrated with OpenSTLinux.
What Unique Features Does FullMetalUpdate Bring on STM32MP1?
FullMetalUpdate works by using a container system. The framework helps increase security and reliability by segregating the code from the OS. It is thus possible to deploy applications more efficiently regardless of the platform. The system also supports delta updates to keep payloads light and reduce bandwidth usage. There’s also a rollback feature to protect systems from a bug that would render them inoperable. The open and modular DNA that makes up FullMetalUpdate means the solution works on any cloud platform. The container system is also increasingly popular as the STM32MP1 now benefits from containers for Qt and TensorFlow, for instance.
2. Overcoming the Development Challenge
A quick scan on the ST Partner Program page describing Witekio shows that the company offers much more than just FullMetalUpdate. Most of their solutions and services aim to simplify development operations and reduce the time to market. It’s the reason why their integrated FUOTA solution takes advantage of the cryptographic capabilities of the STM32MP1. The company even describes how to use FullMetalUpdate on an ST MPU running a neural network. Witekio also shared how they use STM32CubeMX and STM32CubeIDE when prototyping some solutions for clients. Working closely with ST enables them to help customers focus on what they want to ship rather than how to make it.