After deploying an embedded system, it is desirable to be able to upgrade the firmware, in order to add new features or to solve bugs. However, it is often difficult and expensive for a technician to get physical access to the device(s). Therefore, it should be possible to perform the upgrade remotely, which also means that it should be secure and survive any kind of failure. In the course of their career the consultants at Essensium/Mind have encountered many failure paths and solutions of how to deal with them. This includes issues like bad firmware, power failure, communication problems, security issues, flash corruption and bootloader bugs. Solutions include fall-back firmware, watchdogs, journalling filesystems, backup media and package managers. But in the end, it turns out that there is no silver bullet and that the best upgrade approach mostly depends on how the system is used.
Speakers: Arnout Vandecappelle