[P-5] Considerations for device system upgrades

System upgrades include local upgrades and remote upgrades.

The current running application is not able to upgrade itself directly, otherwise it is highly likely to cause system corruption.
Therefore, you can consider a small independent program to complete the function, you can consider implementing a bootloader program, mainly used to detect the completion of the system upgrade function
Local, can be upgraded via UART connection or ble OTA
For the data transfer involved in the upgrade, in order to ensure that the upgrade is reliable, can not download side upgrade, but should be fully transmitted after the authenticity and integrity of the data to be verified later upgrade.

This involves two types of problems

The first category: Due to the unreliable network transmission, data delay and disorderly reach, so the transmission process may exist data errors or data loss may
If you do not check and the upgrade will cause system damage, you must consider how to solve these data reliability and integrity problems, you can design a reasonable data
Detection of the interaction process to achieve.

Type II: Security services: For system transfers and upgrades, there may be issues such as the following

(1) Whether there is man-made damage during data transmission

(2) If I receive a file from a device I trust

(3) Confidentiality of file data,

For any security system, there are at least a few security services (see Cryptography):

The system can be based on their own needs to achieve one or several of the above, as long as the requirements can be met.

Considering the limited resources of IoT devices and the insecure transmission data of the network, it is decided to improve the following security features:

1 confidentiality
2. Integrity
3. Message Authentication
4. Authentication
5. Access Control

Not to be continued

[P-5] Considerations for device system upgrades