1.6 KiB
1.6 KiB
3. OTA Strategy
Overview
Over-the-Air (OTA) updates are critical for maintaining and improving industrial devices in the field. The ASF strategy focuses on safety, reliability, and automatic recovery from failed updates.
Partition Layout
For a device with 8MB of flash, the following partition layout is recommended to support safe OTA updates:
| Partition | Size | Purpose |
|---|---|---|
| bootloader | - | Initial boot code |
| partition_table | - | Defines the flash layout |
| factory | - | Optional minimal rescue firmware |
| ota_0 | 3.5 MB | Primary application slot |
| ota_1 | 3.5 MB | Secondary application slot for updates |
| nvs | 64 KB | Encrypted Non-Volatile Storage for config |
| phy_init | - | Physical layer initialization data |
| coredump | 64 KB | Storage for crash logs and debugging |
OTA Policy
A formal policy ensures that updates are downloaded correctly and that the system can roll back if the new firmware is unstable.
| Step | Rule |
|---|---|
| Download | Conducted via HTTPS or MQTT in chunks. |
| Chunk Size | 4096 bytes (optimized for flash page size). |
| Integrity | Verified using a full image SHA-256 hash. |
| Validation | System must boot and send a health report. |
| Confirmation | The application must confirm stability within 60 seconds. |
| Failure | Automatic rollback to the previous known-good version. |
Closing the Gaps
This strategy directly addresses the following gaps:
- GAP-OTA-001: Reliable image delivery.
- GAP-OTA-002: Integrity and authenticity verification.
- GAP-OTA-003: Safe rollback mechanisms.