OTA Update - Documentation Linux

Homepage Software Accelerators OTA Update Solution OTA Update – Documentation Linux

In this guide, you will deploy an end to end solution for rolling out software updates to edge devices. As a first step, you will build on your computer a full-blown backend server. It will include everything you need to manage and deploy updates to remote IoT devices. As a second step, you will build a Linux distribution for one of the supported board by FullMetalUpdate and several containers. As the last step, we will start rolling out updates to your IoT devices. As a part of this introduction, we would like to welcome you to the age of Edge Computing!

Hardware currently supported

Device Name Machine Name Yocto Version Supported
SABRE Platform, i.MX 6Quad/6Dual imx6qdlsabresd Rocko
NXP® i.MX 8MQuad Evaluation Kit imx8mqevk Warrior, Zeus
STM32MP157C-DK2 Discovery Kit stm32mp1-disco Thud
Raspberry Pi 3 raspberrypi3 Rocko

Set up the server

Before you start, you might need to install a couple of additional software on your computer:

Linux

  • Docker
  • Git
  • Curl
  • Python2 or 3 and Pip
  • On Debian and Ubuntu: golang-docker-credential-helpers

Windows 10

  • Docker for Windows: https://hub.docker.com/editions/community/docker-ce-desktop-windows
  • Git for Windows: https://gitforwindows.org/
  • Python3 and PIP: https://www.python.org/downloads/release/python-373/

 

Start the server

Let’s get started!

Linux

Start your favorite terminal.

Windows 10

Look for Git BASH in the start menu and start it.

In a working directory, use git to download the latest version of FullMetalUpdate:

$ git clone -b v1.0 https://github.com/FullMetalUpdate/fullmetalupdate-cloud-demo.git

$ cd fullmetalupdate-cloud-demo

FullMetalUpdate comes with a script that brings up automatically the environment. Running this script will setup everything needed on your computer to start FullMetalUpdate server:

$ ./StartServer.sh

The first time you run this command it can take up to 10 minutes (depending of your internet connection) then the following times it will not take longer than 60 seconds. When your FullMetalUpdate server is fully started you should read in your terminal:

org.eclipse.hawkbit.app.Start : Started Start in 24.46 seconds (JVM running for 27.168)

Configure and test the server

A wrap up script is provided to automatically configure the server:

$ ./ConfigureServer.sh

You can now test your installation by connecting on:

http://localhost:8080

The login is admin and the password is admin.

Congratulations! You have finished the FullMetalUpdate server setup!

Install an image

Your first image

It is time to install a first image on your target. This image will be used to boot your board. At first, it includes only a simple hello world container. Before you can install an image, you need either to build one from scratch or download a pre-built image:

Download an image

Target Link
SABRE Platform, i.MX 6Quad/6Dual fullmetalupdate-os-package-imx6qdlsabresd.wic

Build from scratch

In a working directory, use git to download and install the latest version of FullMetalUpdate:

$ git clone https://github.com/FullMetalUpdate/fullmetalupdate-yocto-demo.git

$ cd fullmetalupdate-yocto-demo

 

Then you need to configure the build to connect your target to the server. You can achieve this step by running the script below:

$ ./ConfigureBuild.sh

FullMetalUpdate comes with a script that automatically bring up the environment and start the build:

$ ./StartBuild.sh sync imx6qdlsabresd rocko dev

$ ./StartBuild.sh all

The first time you will run this command, the build process will take a couple of hours and therefore, it is strongly recommended to run this step overnight.

The result of the build process is located in the directory “images”.

Flash your image

Depending of your Operating System :

Linux

Assuming that you are in the images directory, you can write the image to an SDCARD by using the dd command:

$ sudo dd if=fullmetalupdate-os-package-<TARGET>.wic of=/dev/<DEVICE> bs=1M iflag=fullblock oflag=direct conv=fsync status=progress && sudo sync

Usually the <DEVICE> is either sdx or mmcblkx. If you are uncertain, follow the link below to get further information on this topic:

https://www.raspberrypi.org/documentation/installation/installing-images/linux.md

Windows

  • Insert the SD card into your SD card reader. You can use the SD card slot if you have one, or an SD adapter in a USB port. Note the drive letter assigned to the SD card. You can see the drive letter in the left hand column of Windows Explorer, for example G:
  • Download the Win32DiskImager: https://sourceforge.net/projects/win32diskimager/ utility from the Sourceforge Project page as an installer file, and run it to install the software.
  • Select the image file fullmetalupdate-os-package-<TARGET>.wic in the images directory.
  • In the device box, select the drive letter of the SD card. Be careful to select the correct drive: if you choose the wrong drive you could destroy the data on your computer’s hard disk! If you are using an SD card slot in your computer, and can’t see the drive in the Win32DiskImager window, try using an external SD adapter.
  • Click ‘Write’ and wait for the write to complete.
  • Exit the imager and eject the SD card.

This article uses content from the eLinux wiki page RPi_Easy_SD_Card_Setup, which is shared under the Creative Commons Attribution-ShareAlike 3.0 Unported license

Remove SD card from card reader, insert it in your Board. You are ready to add and update containers to your board!

Add a TensorFlow container

It is time to add a new container to your embedded system. If you already build the image from scratch you can go right away to the Step 2

Step 1

Follow the steps in the section Install an image -> Build from scratch. Stop right after $ ./StartBuild.sh sync … and move on to Step 2.

Step 2

Let’s build a container including TensorFlow Lite to test an image classification solution with a pre-trained model:

$ ./StartBuild.sh build-container container-tensorflow-lite-label-image

Depending whether you are running the build on Windows 10 or on Linux, how powerful you computer is and if you already build your image from scratch it can take between 20 minutes and several hours. Then for the next builds it will only take a couple of minutes.

Step 3

Connect on:

http://localhost:8080

The login is admin and the password is admin. Follow the steps in the video below to add the container to your embedded system:

Step 4

Let’s log into the container to update the bitbake recipe used to build the application:

$ ./StartBuild.sh bash

$ cd ../sources/meta-fullmetalupdate-extra/recipes-containers/container-qt-evcs/

 

You can use nano to edit the recipe:

$ nano evcs_1.0.bb

Edit the file and change “step1” by “step2”. Then press CTRL^X to leave the editor, press y when prompted to save the file. Finally, you can exit the build environment:

$ exit

The last step, consist in rebuilding the container:

$ ./StartBuild.sh build-container container-qt-evcs

Redo Step 4 one more time, but this time in evcs_1.0.bb change “step2” by “step3”.

Step 5

Connect on:

http://localhost:8080

The login is admin and the password is admin. Follow the steps in the video below to update the container-qt-evcs:

Update the Linux OS

As a last step, we will update the Linux OS. If you already build the image from scratch you can go right away to the Step 2

Step 1

Follow the steps in the section Install an image -> Build from scratch.

Step 2

Let’s log into the build to update the bitbake recipe used to build the Linux OS:

$ ./StartBuild.sh bash

$ cd ../sources/meta-fullmetalupdate-extra/recipes-core/images/

 

You can use nano to edit the recipe:

$ nano fullmetalupdate-os-package.bbappend

Modify the line IMAGE_INSTALL_append and add strace:

IMAGE_INSTALL_append = ” \
mdns \
libnss-mdns \
strace \

Finally, you can exit the build environment:

$ exit

The last step, consist in rebuilding the Linux OS:

$ ./StartBuild.sh fullmetalupdate-os

Depending whether you are running the build on Windows 10 or on Linux, how powerful you computer is and if you already build your image from scratch it can take between 20 minutes and several hours. Then for the next builds it will only take a couple of minutes.

Step 3

Connect on:

http://localhost:8080

The login is admin and the password is admin. Follow the steps in the video below to update the OS on your IoT device:

What’s next?

In this Getting Started guide you learned how to update/deploy Containers and OS on many IoT devices. But what should be your next move to transform this demo into a production ready environment? Foremost, you should think about security. Thus, security is paramount but there is no generic solution fitting any type of devices. It is a trade off between how much money and time a hacker will be willing to invest in hacking your device. Opposed to the amount of money and time you will be willing to invest to secure it:

 

For instance, if you develop a temperature sensor or a lock for a secure vault, the solutions used to secure these devices will be quite different. In fact, the level of security needed for a secure vault is so high that it is not reusable for a temperature sensor. It would increase its price to a degree where it will not be possible to sell it anymore. Thus, it is mandatory to assess what level of security is necessary for your specific type of product.

Production ready

FullMetalUpdate implements everything you need to enable the right level of security for your product. On the embedded side, Yocto gives you access to the secure boot, data encryption and trust zone. On the server side, OsTree is the solution used by Redhat to update its servers. Hawkbit is the solution developed by Bosch to update all their IoT products. These solutions are all industrial grades. They have been tested for years on many projects! But, of course they need a certain level of adaptation to offer your product the right level of security. You can find plenty of documentation on internet to realize this setup yourself. But if you need some help, feel free to contact us.

Your On-Demand
IoT Software Partner

Get in Touch How we can help you