Update Process
Update Pack Format
Software Update API
Use Software Update
This topic provides detailed info about the Software Update process.
Summary
Software update is primarily carried out by the Update Daemon, but the Supervisor and the start-up code also affect rolling-back when updates fail.
The Update Daemon accepts update pack files that contain software/firmware update instructions and associated data (e.g., libraries, executables, resource files).
Update packs can be fed to the Update Daemon through the Software Update API or through the update tool.
System update packs are created by mksys.
App update packs are created by mkapp.
App removal update packs can be created using update-pack.
Firmware update packs can be created from a firmware (.cwe) file using update-pack.
See the Update Pack Format file format info.
Security
The Update Daemon includes hooks that allow update packs to be digitally signed and/or encrypted for security reasons. To use this feature, you must build your own signing/encryption tool and replace the file security-unpack
in the framework with a program that knows how to check the signature and/or decrypt the signed/encrypted update pack.
The signing/encryption tool must sign/encrypt a complete update pack file. This secure version of the update pack is then passed to the Update Daemon. The Update Daemon:
- launches the security-unpack program
- feeds the secure update pack through its standard input stream
- reads the decrypted update pack from the security-unpack process's standard output stream.
If the security-unpack program detects anything wrong with the update pack, it must exit with a non-zero exit code. The Update Daemon responds by cancelling the update. The exit code EXIT_SUCCESS
(1) is used to specifically indicate a security violation, such as a failed digital signature check.
Golden System
Legato start-up code also supports using a full golden system found in a read-only file system mounted at /mnt/legato. This /mnt/legato system has to be updated through some external mechanism (e.g., a modem firmware update (FOTA) or factory programming tool). The Legato start-up code recognizes that a new system has been placed in /mnt/legato. It will use that system assuming it's good (i.e., it will never roll-back from this system to an older system). Rolling-back past this point isn't possible because the previous good system may have included apps from the old (replaced) /mnt/legato image.
Copyright (C) Sierra Wireless Inc.