Search by Tags

Torizon Updates Overview

 

Article updated at 05 Jul 2022
Compare with Revision



Introduction

Torizon Platform allows you to have secure and reliable updates on your embedded products. Torizon updates features are ready-to-use and works seamlessly with devices running TorizonCore OS and its development environment — TorizonCore Builder and IDE extensions for Torizon.

Main Features

With the Torizon Updates feature it is possible to:

In both cases, Torizon Platform enables you to:

  • Execute full-stack, secure and reliable updates
  • Perform synchronous updates - both the OS and the Application as a single component
  • Automatically trigger the update whenever a new update is available
  • Automatically rollback to the last working version of the OS or the application in case the update fails
  • Block updates from happening from the application’s side, in case you have a critical application that cannot stop for an update to take place

Security, Reliability and Ease-To-Use

By bringing your update packages to the Torizon Platform Services domain, you enable the Torizon Platform to manage security, reliability, traceability, and ease of the update process.

The Torizon Platform Services builds security metadata when you create update packages. Device provisioning assigns the devices with the matching information to validate and deploy the updates. This ensures that only trustworthy updates are executed.

On the device side, the automatic search for updates and deployment process, along with rollback capabilities, ensures the ease and reliability of the process. That eliminates the need for skilled labor and the possibility of undefined states for the device.

Offline Updates vs Remote Updates

The Offline and Remote OTA Updates features share the technology stack. Both of them allow updating the OS and/or the application in a deployed device. Their main difference is where the update comes from.

  • For the Remote Update, the device regularly checks the Torizon Platform Services for new updates through the internet. Once the update is found, the device reaches for files in different sources and then deploys the update.
  • For the Offline Updates, the device monitors a local directory — mounted from a USB drive, for example — for the new update. All the files are sourced during the medium preparation and are contained within the medium.

Note: You will need a provisioned device in order to securely update it, regardless of choosing Remote or Offline Update.

Note that you currently cannot have both sources of updates enabled at once. The device must be configured to receive either Offline or Remote Updates. By default, devices disable Offline Updates in favor of Remote Updates.

How it Works

To make secure and reliable updates possible, Torizon Platform uses 3 main components.

  • Torizon Platform Services: the cloud infrastructure that manages the user's accounts, devices, fleets, packages, security metadata, and update process.

  • TorizonCore: the OS used by the devices, which has the services needed for registering the device in the Torizon Platform. It's also responsible for searching, downloading, validating, and deploying the updates.

  • TorizonCore builder: the tool used to push packages and OS images from the host machine to the Torizon Platform Services.

Under-The-Hood Technologies

For more information about the technology stack shared by Offline and Remote updates, it is recommended to read the Torizon Remote Updates Technical Overview article. It highlights the roles of:

  • OSTree as the system that handles updates to the filesystem tree.
  • Uptane as the standard Toradex follows for secure updates.
  • Aktualizr as the client-side implementation for Uptane.

Webinars

Toradex has presented webinars about Secure Offline and Online Updates and you can watch them on demand.

Secure Offline and Online Updates for Linux Devices

Learn more about this webinar on the landing page, or watch it below: