Cloud Update icon

Mbed Cloud Update

Secure and failsafe firmware update service for deployed IoT devices, with full end-to-end orchestration of the update process.

IoT devices can be deployed widely and be expected to last many years. During this time new features, bug fixes and optimizations may be developed which could extend their useful lifetime. It is also possible that vulnerabilities are discovered which affect common libraries and new attack methods are revealed. In these circumstances, a secure remote update mechanism can protect the investment made in the IoT device and avoid costly recalls and in-field servicing.

Security is foundational

Security is at the core of the update service. Update is not reliant on the transport security, so it is suitable for a wide set of connectivity models including broadcast.

The firmware is authenticated through signed metadata. Devices will only download authenticated firmware Manifest.

The downloaded firmware image is verified to prevent altering the image during transfer.

The Manifest version is checked to block attackers sending old images to devices which may have security vulnerabilities.

The Metadata is checked against the model to avoid firmware being accepted by the wrong devices.


Updating device firmware with Mbed Cloud

Mbed Cloud Update facilitates the distribution of the image to devices, the application of the new image and recovery in case of a failure. Users of the service can organize update rollouts into Update Campaigns, setting target devices, conditions for update, monitor progress and examine errors.

In order to publish an update, a secure manifest with a signed firmware image is created and uploaded to Mbed Cloud.

The update campaign identifies the secure manifest and a filtered list of devices to be updated. Once the campaign has been initiated, Mbed Cloud Update sends notifications to each targeted device and receives status information.

On receiving the manifest, each device validates the content before downloading it. On reboot the bootloader installs the update and re-applies in the event of power failure, ensuring the device is in a usable state. Once the update is complete, the device sends a status update to Mbed Cloud.


Components of Mbed Cloud Update

Mbed Cloud Update Client

The Mbed Cloud Update client is the part of the Mbed Cloud Client, which is responsible for downloading and validating updates. The client waits for a server to push an update, rather than polling for updates continuously. This makes the device more energy efficient.

Mbed Cloud Update Service

The Mbed Cloud Update service is a set of APIs to upload firmware, initiate campaigns targeting specific devices, and monitor the results. The Mbed Cloud Portal uses these APIs to provide a ready-to-use interface to manage device updates allowing easy access to the update features. The update functionality is also available using the SDKs.

Manifest Tool

Securing the firmware image is enabled using special metadata called a Manifest. The manifest tool allows the creation and security signing of the Manifest for use in the system.

Bootloader

To provide fail-safe operation, a bootloader is required to manage the change from old to new image. Example bootloaders are provided for supported devices.