System update strategies – how to update an embedded system safely and efficiently?

Updating an embedded system reliably can be challenging. Often the devices are in the field in places where troubleshooting is painful if something goes wrong. Methods for failed update recovery are therefore often built into these systems.??

One of the most common strategies is what’s known as A/B partitioning, where the system is overprovisioned and the storage split into two partitions. The system is booted from one partition and the other partition is kept as a backup. When the system is updated, one of the partitions is updated and the other one is kept in a known state to ensure that if something goes wrong with the update, the system can revert to the version on the other partition. This is a well-known method and can be valuable if something goes wrong. However, it may require twice the storage space to store the full backup, which can be costly.??

Another alternative for facilitating robust system updates is to take advantage of advanced file system features. These include transaction points or snapshots that can ensure the consistency of the system in case of a failed update without having to duplicate the data that does not change in the update.??

This method works by storing a known good system state on the disk. During a system update, the old state is preserved by the file system using the copy-on-write approach, allowing a system update to be performed without overwriting the old state. System files are updated and verified and only when the system update is complete is the new system marked as a known good state. If the system update is successful, the system boots to the new state, but if anything goes wrong during the update or the update is interrupted, the old state is automatically restored.??

Using advanced file system features to update a system in this fashion provides similar advantages in that it provides robustness to the system update while ensuring efficient use of storage without having to duplicate. This can be a significant cost advantage and also make bootloaders simpler.??

Want more about system update strategies? Our whitepaper “Avoiding the brick: seamless updates in embedded devices” covers similar topics and offers insights into how updates can go wrong, as well as what protections are available in even a minimal embedded environment. If you’re interested in getting in touch, reach out to us!???