# 3. OTA Strategy

## Overview
Over-the-Air (OTA) updates are critical for maintaining and improving industrial devices in the field. The ASF strategy focuses on safety, reliability, and automatic recovery from failed updates.

## Partition Layout
For a device with **8MB of flash**, the following partition layout is recommended to support safe OTA updates:

| Partition | Size | Purpose |
| :--- | :--- | :--- |
| **bootloader** | - | Initial boot code |
| **partition_table** | - | Defines the flash layout |
| **factory** | - | Optional minimal rescue firmware |
| **ota_0** | 3.5 MB | Primary application slot |
| **ota_1** | 3.5 MB | Secondary application slot for updates |
| **nvs** | 64 KB | Encrypted Non-Volatile Storage for config |
| **phy_init** | - | Physical layer initialization data |
| **coredump** | 64 KB | Storage for crash logs and debugging |

## OTA Policy
A formal policy ensures that updates are downloaded correctly and that the system can roll back if the new firmware is unstable.

| Step | Rule |
| :--- | :--- |
| **Download** | Conducted via HTTPS or MQTT in chunks. |
| **Chunk Size** | 4096 bytes (optimized for flash page size). |
| **Integrity** | Verified using a full image SHA-256 hash. |
| **Validation** | System must boot and send a health report. |
| **Confirmation** | The application must confirm stability within 60 seconds. |
| **Failure** | Automatic rollback to the previous known-good version. |

### Closing the Gaps
This strategy directly addresses the following gaps:
*   **GAP-OTA-001:** Reliable image delivery.
*   **GAP-OTA-002:** Integrity and authenticity verification.
*   **GAP-OTA-003:** Safe rollback mechanisms.