Remotely updating the firmware of embedded devices is a delicate operation prone to both operational and security risks. In this post, we present a safe and easy mechanism to seamlessly update the Python firmware of Zerynth powered devices connected to Amazon Web Services (AWS) IoT endpoints.

Considerations about FOTA updates

First of all, some considerations on the implications of supporting firmware over the air (FOTA) updates. In order to be able to change its own firmware, a device:

Needs a partitioned internal flash with at least two separate slots to store both the current running firmware and the new one Must reserve a zone of flash or other non-volatile memory to store information about which firmware has to be run after device reset, together with any additional information on its properties Must withstand connectivity issues in retrieving and storing the new firmware Should employ an encrypted channel to retrieve the firmware Must be able to correctly communicate with the cloud endpoint in every phase of the FOTA flow

In the case at hand, thanks to the integration of Zerynth and AWS IoT, point 1 and 2 are implemented under the hood by the FOTA enabled Zerynth Virtual Machine. The other points can be addressed by using the appropriate AWS modules provided by Zerynth.

FOTA updates for AWS: overview and workflow

The standard AWS mechanism to let devices perform tasks is represented by IoT Jobs. A job can be viewed as a set of information (called the job document) that is sent to a device with instruction on the task to perform. The device can, in turn, change the status of the job to reflect the various phases of task execution (see point 5). The nice thing about IoT Jobs is that the document can contain links to files in an S3 bucket that are “pre-signed”. This means that only the device receiving the job document can correctly retrieve the new firmware through a secure HTTPS connection.

The FOTA flow, therefore, requires the device to:

Retrieve the list of jobs Check if there is a FOTA job in progress If the current firmware is matching the one described in the job, the job is marked as successful Otherwise is marked as failed Check if there is a new FOTA job not yet started Retrieve the job document Mark the job as in progress Download the new firmware Check that the CRC of the downloaded firmware matches the one in the job document Reset the device Publish data to the MQTT and periodically check for new jobs (back to 1)

Getting started with FOTA updates for Amazon Web Services

Let’s follow the entire FOTA flow through a working example.

1. Download Zerynth Studio

First of all, you need to download and install Zerynth Studio, our free and cross-platform IDE for programming microcontrollers in Python or C/Python language.

2. Connect an ESP32 board

Then connect one of the ESP32 based devices supported by Zerynth to your PC. Here is the list of supported boards (search for “ESP32”). For example, you can use an ESP32 DevKitC. You can find here more info about this board.

3. Virtualize the ESP32 board

Now you have to register and virtualize your ESP32 board. In this case, you have to create and use a FOTA enabled Zerynth Virtual Machine.

Take note of the VM uid printed in the console during the VM creation phase. You’ll need it later.

4. Clone the example “FOTA AWS”

Zerynth Studio includes a huge list of useful examples that you can “clone” (aka copy) with just a few clicks.

In this case, you have to clone the example FOTA AWS. You can find it searching for “FOTA AWS” in the “Examples Browser” panel.

Let’s take a look at the main.py file: