analysis
This commit is contained in:
@@ -0,0 +1,36 @@
|
||||
# 3. OTA Strategy
|
||||
|
||||
## Overview
|
||||
Over-the-Air (OTA) updates are critical for maintaining and improving industrial devices in the field. The ASF strategy focuses on safety, reliability, and automatic recovery from failed updates.
|
||||
|
||||
## Partition Layout
|
||||
For a device with **8MB of flash**, the following partition layout is recommended to support safe OTA updates:
|
||||
|
||||
| Partition | Size | Purpose |
|
||||
| :--- | :--- | :--- |
|
||||
| **bootloader** | - | Initial boot code |
|
||||
| **partition_table** | - | Defines the flash layout |
|
||||
| **factory** | - | Optional minimal rescue firmware |
|
||||
| **ota_0** | 3.5 MB | Primary application slot |
|
||||
| **ota_1** | 3.5 MB | Secondary application slot for updates |
|
||||
| **nvs** | 64 KB | Encrypted Non-Volatile Storage for config |
|
||||
| **phy_init** | - | Physical layer initialization data |
|
||||
| **coredump** | 64 KB | Storage for crash logs and debugging |
|
||||
|
||||
## OTA Policy
|
||||
A formal policy ensures that updates are downloaded correctly and that the system can roll back if the new firmware is unstable.
|
||||
|
||||
| Step | Rule |
|
||||
| :--- | :--- |
|
||||
| **Download** | Conducted via HTTPS or MQTT in chunks. |
|
||||
| **Chunk Size** | 4096 bytes (optimized for flash page size). |
|
||||
| **Integrity** | Verified using a full image SHA-256 hash. |
|
||||
| **Validation** | System must boot and send a health report. |
|
||||
| **Confirmation** | The application must confirm stability within 60 seconds. |
|
||||
| **Failure** | Automatic rollback to the previous known-good version. |
|
||||
|
||||
### Closing the Gaps
|
||||
This strategy directly addresses the following gaps:
|
||||
* **GAP-OTA-001:** Reliable image delivery.
|
||||
* **GAP-OTA-002:** Integrity and authenticity verification.
|
||||
* **GAP-OTA-003:** Safe rollback mechanisms.
|
||||
Reference in New Issue
Block a user