suit-based firmware update architecture · suit-based firmware update architecture emmanuel...
TRANSCRIPT
![Page 1: SUIT-based firmware update architecture · SUIT-based firmware update architecture Emmanuel Baccelli Kaspar Schleiser Koen Zandberg](https://reader034.vdocuments.us/reader034/viewer/2022052518/5f0984bf7e708231d4273565/html5/thumbnails/1.jpg)
SUIT-based firmware updatearchitecture
Emmanuel BaccelliKaspar SchleiserKoen Zandberg
![Page 2: SUIT-based firmware update architecture · SUIT-based firmware update architecture Emmanuel Baccelli Kaspar Schleiser Koen Zandberg](https://reader034.vdocuments.us/reader034/viewer/2022052518/5f0984bf7e708231d4273565/html5/thumbnails/2.jpg)
Outline• Intro
• Update architecture overview
• Device Software Components
• Bootloader
• Project Ideas
![Page 3: SUIT-based firmware update architecture · SUIT-based firmware update architecture Emmanuel Baccelli Kaspar Schleiser Koen Zandberg](https://reader034.vdocuments.us/reader034/viewer/2022052518/5f0984bf7e708231d4273565/html5/thumbnails/3.jpg)
Intro
• 32/16/8 bit MCU
• Open standards
• Internet of Things
![Page 4: SUIT-based firmware update architecture · SUIT-based firmware update architecture Emmanuel Baccelli Kaspar Schleiser Koen Zandberg](https://reader034.vdocuments.us/reader034/viewer/2022052518/5f0984bf7e708231d4273565/html5/thumbnails/4.jpg)
Intro• RIOT SUIT example: https://git.io/suit-updater
• SUIT VM (3.3GB):http://demo-fit.saclay.inria.fr/vms/RIOT-VM.ova
• Instructions: https://git.io/suit-hackathon
![Page 5: SUIT-based firmware update architecture · SUIT-based firmware update architecture Emmanuel Baccelli Kaspar Schleiser Koen Zandberg](https://reader034.vdocuments.us/reader034/viewer/2022052518/5f0984bf7e708231d4273565/html5/thumbnails/5.jpg)
Update architecture overview
StorageServer
1. Provide firmware& manifest
Gateway
2. Notify Device
Firmware Manager
3. Request Manifest
4.Request firmware
Device
![Page 6: SUIT-based firmware update architecture · SUIT-based firmware update architecture Emmanuel Baccelli Kaspar Schleiser Koen Zandberg](https://reader034.vdocuments.us/reader034/viewer/2022052518/5f0984bf7e708231d4273565/html5/thumbnails/6.jpg)
Update architecture overviewFocus on the storage server
• Provides image and and manifest over CoAP
![Page 7: SUIT-based firmware update architecture · SUIT-based firmware update architecture Emmanuel Baccelli Kaspar Schleiser Koen Zandberg](https://reader034.vdocuments.us/reader034/viewer/2022052518/5f0984bf7e708231d4273565/html5/thumbnails/7.jpg)
Update architecture overviewManagement station:
• Allows remote firmware management and triggersdeployments.
![Page 8: SUIT-based firmware update architecture · SUIT-based firmware update architecture Emmanuel Baccelli Kaspar Schleiser Koen Zandberg](https://reader034.vdocuments.us/reader034/viewer/2022052518/5f0984bf7e708231d4273565/html5/thumbnails/8.jpg)
Update architecture overviewNode:
• Receives manifest trigger over CoAP
• Fetches manifest
• Fetches firmware update
![Page 9: SUIT-based firmware update architecture · SUIT-based firmware update architecture Emmanuel Baccelli Kaspar Schleiser Koen Zandberg](https://reader034.vdocuments.us/reader034/viewer/2022052518/5f0984bf7e708231d4273565/html5/thumbnails/9.jpg)
Device Software Components• Manifest recap
• Software component overview
• Chosen implementations
![Page 10: SUIT-based firmware update architecture · SUIT-based firmware update architecture Emmanuel Baccelli Kaspar Schleiser Koen Zandberg](https://reader034.vdocuments.us/reader034/viewer/2022052518/5f0984bf7e708231d4273565/html5/thumbnails/10.jpg)
Device Software ComponentsSUIT Outer Wrapper
COSE authentication
Manifest
Components
Manifest Version
Common
Fetch & Install
![Page 11: SUIT-based firmware update architecture · SUIT-based firmware update architecture Emmanuel Baccelli Kaspar Schleiser Koen Zandberg](https://reader034.vdocuments.us/reader034/viewer/2022052518/5f0984bf7e708231d4273565/html5/thumbnails/11.jpg)
Device Software ComponentsRIOT
CoAP
SUIT
Componentwriter
Network
CBOR
COSE
Crypto libraryStorage
External libs
![Page 12: SUIT-based firmware update architecture · SUIT-based firmware update architecture Emmanuel Baccelli Kaspar Schleiser Koen Zandberg](https://reader034.vdocuments.us/reader034/viewer/2022052518/5f0984bf7e708231d4273565/html5/thumbnails/12.jpg)
Device Software Components• SUIT parser
• libcose
• NanoCBOR
![Page 13: SUIT-based firmware update architecture · SUIT-based firmware update architecture Emmanuel Baccelli Kaspar Schleiser Koen Zandberg](https://reader034.vdocuments.us/reader034/viewer/2022052518/5f0984bf7e708231d4273565/html5/thumbnails/13.jpg)
Device Software ComponentsRIOT
Nanocoap
suit_v4
Flashwrite
Network
NanoCBOR
libcose
Crypto libraryMCU Flash
External libs
![Page 14: SUIT-based firmware update architecture · SUIT-based firmware update architecture Emmanuel Baccelli Kaspar Schleiser Koen Zandberg](https://reader034.vdocuments.us/reader034/viewer/2022052518/5f0984bf7e708231d4273565/html5/thumbnails/14.jpg)
Device Software Components
NanoCBOR
• Pull style parser
• 600B - 800B decoder
• Optimized for parsing known structures
https://github.com/bergzand/NanoCBOR
![Page 15: SUIT-based firmware update architecture · SUIT-based firmware update architecture Emmanuel Baccelli Kaspar Schleiser Koen Zandberg](https://reader034.vdocuments.us/reader034/viewer/2022052518/5f0984bf7e708231d4273565/html5/thumbnails/15.jpg)
Device Software Components
Libcose
• Embedded COSE library
• Multiple crypto backend support
https://github.com/bergzand/libcose
![Page 16: SUIT-based firmware update architecture · SUIT-based firmware update architecture Emmanuel Baccelli Kaspar Schleiser Koen Zandberg](https://reader034.vdocuments.us/reader034/viewer/2022052518/5f0984bf7e708231d4273565/html5/thumbnails/16.jpg)
Device Software Components
SUIT parser
• Based on NanoCBOR
• libcose for verification
![Page 17: SUIT-based firmware update architecture · SUIT-based firmware update architecture Emmanuel Baccelli Kaspar Schleiser Koen Zandberg](https://reader034.vdocuments.us/reader034/viewer/2022052518/5f0984bf7e708231d4273565/html5/thumbnails/17.jpg)
Device Software Components
SUIT parser design
• Iterate over the map
• Multiple jump table based on map key
![Page 18: SUIT-based firmware update architecture · SUIT-based firmware update architecture Emmanuel Baccelli Kaspar Schleiser Koen Zandberg](https://reader034.vdocuments.us/reader034/viewer/2022052518/5f0984bf7e708231d4273565/html5/thumbnails/18.jpg)
Device Software Components
Flash layout
ABootloader
Header A
B
Header B
![Page 19: SUIT-based firmware update architecture · SUIT-based firmware update architecture Emmanuel Baccelli Kaspar Schleiser Koen Zandberg](https://reader034.vdocuments.us/reader034/viewer/2022052518/5f0984bf7e708231d4273565/html5/thumbnails/19.jpg)
Device Software Components
Flash partition writertypedef struct { uint32_t magic_number; /**< Magic number */ uint32_t version; /**< Sequence No */ uint32_t start_addr; /**< Address */ uint32_t chksum; /**< Checksum */} riotboot_hdr_t;
![Page 20: SUIT-based firmware update architecture · SUIT-based firmware update architecture Emmanuel Baccelli Kaspar Schleiser Koen Zandberg](https://reader034.vdocuments.us/reader034/viewer/2022052518/5f0984bf7e708231d4273565/html5/thumbnails/20.jpg)
![Page 21: SUIT-based firmware update architecture · SUIT-based firmware update architecture Emmanuel Baccelli Kaspar Schleiser Koen Zandberg](https://reader034.vdocuments.us/reader034/viewer/2022052518/5f0984bf7e708231d4273565/html5/thumbnails/21.jpg)
BootloaderJust another RIOT application
1. Iterate over all headers
2. Determine whether the header is valid
3. Determine highest valid sequence number
4. Boot firmware
![Page 22: SUIT-based firmware update architecture · SUIT-based firmware update architecture Emmanuel Baccelli Kaspar Schleiser Koen Zandberg](https://reader034.vdocuments.us/reader034/viewer/2022052518/5f0984bf7e708231d4273565/html5/thumbnails/22.jpg)
Project Ideas• Extend manifest parsing
• MCUboot interoperability
• Infrastructure improvements