Updating Firmware at the Edge Using Amazon FreeRTOS

By Jacob Beningo

Contributed By Digi-Key's North American Editors

Amazon FreeRTOS helps developers simplify the process of connecting an Internet of Things (IoT) device to the cloud. However, even with a simpler cloud connection, a major hurdle that many developers will be facing is how to update their devices’ firmware in the field.

Firmware updates are often done using a bootloader which can come in many different forms based on the device architecture and the communication peripherals available. Since bootloaders are commonplace and included in nearly every embedded system, developers need to leverage existing solutions instead of developing one from scratch. This allows them to spend more time focused on their own product’s differentiators and features.

This article will examine how developers can leverage the bootloader capabilities built into Amazon FreeRTOS (a:FreeRTOS), often referred to over-the-air updates (OTA), to quickly get a bootloader solution running on their IoT device.

Amazon FreeRTOS’ OTA update overview

Amazon FreeRTOS is a real-time operating system that includes all the libraries necessary to easily connect to Amazon Web Services (AWS). Amazon FreeRTOS is essentially the FreeRTOS kernel which now has connectivity and security libraries included that facilitate secure communication with AWS. The OTA features are included in a separate OTA library and must be separately configured in order to be included in the a:FreeRTOS download.

The a:FreeRTOS OTA update service contains the software necessary to allow a developer to:

  • Digitally sign and encrypt firmware before deployment
  • Securely deploy new firmware images to a single device, a device group, or an entire device fleet
  • Deploy firmware to devices as they are added to groups, restarted or re-provisioned
  • Verify the authenticity and integrity of new firmware after it’s deployed to devices
  • Monitor the progress of a deployment
  • Debug a failed deployment

These features are provided through a wide range of running AWS services such as the:

  • OTA Manager Service
  • AWS IoT Jobs Service
  • Streaming Service
  • Code Signing for Amazon FreeRTOS Service
  • OTA Library and Agent

For developers, the steps necessary to get all these pieces working together are considerable and impossible to cover in full detail in a single article. Instead, this article will focus on how to get started along with lessons learned and tips for getting the a:FreeRTOS setup working in the lab.

Selecting OTA test hardware

There are several different development boards that are currently supported by a:FreeRTOS. These development kits include:

Image of Texas Instruments' CC3220SF-LaunchXL

Figure 1: Texas Instruments' CC3220SF-LaunchXL is a fully integrated solution to get started with Amazon FreeRTOS OTA. This microcontroller has an integrated Wi-Fi module which minimizes physical size and minimizes energy consumption. (Image source: Texas Instruments)

This article will be focusing on the SimpleLink Wi-Fi CC3220SF for several different reasons. First, the CC3220SF is currently the only a:FreeRTOS microcontroller that has an integrated Wi-Fi module. While the other development boards have Wi-Fi modules on-board, the CC3220SF saves both board space and energy by having the controller and Wi-Fi functions integrated into a single chip.

Second, the security features on the CC3220SF are interesting and more complex due to its external memory device which can store the firmware image and restore the image during the boot process. If the reader can successfully set up OTA on the CC3220SF, they will have no problem getting it operational on other platforms.

Finally, the CC3220SF was the first supported processor for the OTA demo application so designers can be confident it’s fully vetted on the CC3220SF.

Image of Segger Microcontroller J-Link Ultra+ professional debugger

Figure 2: The J-Link Ultra+ is a fully featured professional debugger that includes unlimited break points and extremely fast SWO and interface clock rates. The J-Link Ultra+ can be used by developers to perform application tracing so that they can understand how the OTA example behaves. (Image source: Segger Microcontroller Systems)

In addition to selecting a development board, a developer may also decide that they want to forego the on-board programmer and use a professional programmer such as a J-Link Ultra+ from Segger Microcontroller Systems. A professional programmer will decrease program speeds and provide additional debugging capabilities, such as application tracing and RTOS aware debugging, which can be critical for understanding a black box application. Developers will also want to easily connect this to the target board using a TC2015 10-pin plug-of-nails from Tag-Connect. A TC2050-ARM2010 20-pin-to-TC2050 adapter may be required on the debugger in order to adapt to the board side cable.

Image of TC2050-IDC 10-pin plug-of-nails from Tag-Connect

Figure 3: The TC2050-IDC 10-pin plug-of-nails from Tag-Connect (left) is an adapter cable that can minimize the connector footprint on a development board or production circuit board. When used with a SEGGER J-LINK, a TC2050-ARM2010 20-pin to TC2050 adapter may be required. (Image source: Tag-Connect LLC)

Configuring Amazon FreeRTOS for OTA updates

By default, the OTA library is not included in a pre-configured a:FreeRTOS package. A developer must instead manually configure the libraries and the application. This can be done by logging into the AWS IoT Console and going into the Amazon FreeRTOS menu. A developer can then click on the “Create new” button to start creating their custom configuration (Figure 4).

Image of a:FreeRTOS device software within the AWS IoT Console

Figure 4: From within the AWS IoT Console, the a:FreeRTOS device software can be customized by clicking the “Create new” button in the software configuration menu. (Image source: Beningo Embedded Group)

Within the configuration, there are only a few settings that a developer needs to set in order to configure the OTA feature. These include:

  • Selecting the hardware
  • Selecting the included a:FreeRTOS libraries
  • Setting a configuration name

For this example, a developer would select the CC3220SF-LAUNCHXL (Figure 5). Selecting the hardware platform in this manner will pull in all the board-specific files, including the drivers. Selecting the board, though, will not automatically bring in the OTA features. Under the libraries section, a developer needs to add the OTA Library as shown (Figure 6). This will include all the OTA libraries, including a demonstration example that developers can reference or incorporate.

Image of hardware configuration that will be used with a:FreeRTOS OTA features

Figure 5: Selecting the hardware configuration that will be used with a:FreeRTOS OTA features. (Image source: Beningo Embedded Group)

Image of adding the OTA Update library into the a:FreeRTOS configuration

Figure 6: Adding the OTA Update library into the a:FreeRTOS configuration. (Image source: Beningo Embedded Group)

Once this has been completed, a developer can then create the configuration, download it, and import the aws_demo project into Code Composer Studio.

Setting up the OTA example code

Once the aws_demos OTA example has been imported, there are several tasks that need to be performed. First, configure the end-point, certificate and security keys. This can be done by following the steps in the a:FreeRTOS getting started guide. Following this guide and running the aws_demos project as is will allow the connection to AWS to be confirmed before going any further.

Modifying the demo for the OTA is then simple. Open the aws_demo_runner.c module and find the DEMO_RUNNER_RunDemos function located at the end of the module. The vStartMQTTEchoDemo call should then be commented out while the vStartOTAUpdateDemoTask call should be uncommented. A quick compile will then build the project and it will be ready to execute with bootloader capabilities enabled.

Image of adding the OTA demonstration task into the aws_demos application

Figure 7: Adding the OTA demonstration task into the aws_demos application. (Image source: a:FreeRTOS example code)

Configuring Amazon Web Services for OTA

For embedded software developers, this is where getting the OTA example running pushes the boundaries up into the cloud. In order to successfully run the OTA example, developers need to configure AWS according to the OTA prerequisites guide. This requires developers to:

  • Create an Amazon S3 bucket
  • Grant OTA Update Permission to the AWS account
  • Create an OTA service role
  • Create an OTA User Policy
  • Grant Access to the Code Signing Service 

Once these are done, follow the final user guide instructions to run the OTA a:FreeRTOS example.

Tips and tricks for using Amazon FreeRTOS’ OTA features

There are several tips and tricks that developers can follow in order to minimize potential issues that they may encounter when using the bootloader functionality included in a:FreeRTOS. These include:

  • Read “Connecting to the Cloud Using Amazon FreeRTOS” for general tips and information about how to get started with a:FreeRTOS.
  • Read through the Amazon OTA documentation which can be found here.
  • During development, purchase six development boards and set them up into three groups of two devices. This will allow experimentation with the different ways that devices and groups can be updated in the field.
  • Deploy firmware updates to smaller device groups first in order to ensure there are no issues with firmware updates before updating an entire device fleet.
  • Use the AWS Amazon Certificate Manager to create certificates and sign firmware. A third-party certificate authority can be used, but the process is simplified if it is all done within AWS.
  • Consider using the PIC32MZEF Curiosity board for OTA experimentation since it is the second a:FreeRTOS development kit to support the OTA beta demo.

Conclusion

The Amazon FreeRTOS ecosystem provides developers with an example on how to update their firmware in the field. This example can be easily scaled for developers who may have different requirements or system configurations. Utilizing an existing bootloader can save developers considerable development time and allow them to focus instead on their product differentiators and value propositions.

As shown, Amazon FreeRTOS does have an over-the-air update solution that is currently available for the Texas Instruments CC3220, and will undoubtedly become available for other Amazon FreeRTOS products in the future.

Disclaimer: The opinions, beliefs, and viewpoints expressed by the various authors and/or forum participants on this website do not necessarily reflect the opinions, beliefs, and viewpoints of Digi-Key Electronics or official policies of Digi-Key Electronics.

About this author

Jacob Beningo

Jacob Beningo is an embedded software consultant who currently works with clients in more than a dozen countries to dramatically transform their businesses by improving product quality, cost and time to market. He has published more than 200 articles on embedded software development techniques, is a sought-after speaker and technical trainer and holds three degrees which include a Masters of Engineering from the University of Michigan. Feel free to contact him at jacob@beningo.com, at his website www.beningo.com, and sign-up for his monthly Embedded Bytes Newsletter.

About this publisher

Digi-Key's North American Editors