In-Field Update

---

TinyCLR OS allows for secure, encrypted, In-Field Update (IFU). The new to-be-updated application or firmware are fetched through a Stream. Streams can be memory, storage file or network. The system requires a temporarily local buffer to hold new application (or firmware) for authentication and processing. Internal or external can be used when available. If not, external flash can be used as well.

The constructor for IFU takes the two stream and a flag to require IFU to use the external flash for buffering. InFieldUpdate(Stream applicationStream, Stream firmwareStream, bool useExternalFlash)

When external flash is used for buffering, IFU will overwrite the flash, minus the first 2MB and the area reserved for extending the application deployment area, as explained under External Flash External Memory page. A Tiny File System usage of the first 2MB of external flash will survive IFU even when useExternalFlash is enabled.

Tip

The application and the firmware are buffered in external memories in encrypted fashion and has no security implication, keeping IFU done securely.

Warning

Power interruption during FlashAndReset will cause the update to fail, requiring a manual update. However, it is safe during Build.

var fwBuf = YourFirmwareBuffer;
var appBuf = YourApplicationBuffer;

var memoryStreamFirmware = new MemoryStream(fwBuf);
var memoryStreamApplication = new MemoryStream(appBuf);
var useExternalFlash = true;

// key is generated along with the application from TinyCLR Config tool
var appKey = new byte[] { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };

updater = new InFieldUpdate(memoryStreamFirmware, memoryStreamApplication, appKey, useExternalFlash);

updater.Build(true, true); // Build both firmware and application

Debug.WriteLine("Firmware version: " + updater.FirmwareVersion);
Debug.WriteLine("Application version: " + updater.ApplicaltionVersion);

updater.FlashAndReset();

It might be desired to only Build one stream at a time, but if IFU is constructed with two streams then both Build must be completed before FlashAndReset.

updater.Build(true, false);
// do something
// ...
updater.Build(false, true);

Tip

Running IFU in a thread is desired to keep the system running while IFU finish Build. But once FlashAndReset is called the system is locked till done and reset automatically.

---

Without External Memory

When no external memories are present (Flash nor RAM), only the application can be updated and only using file stream.

Note

Very tiny applications can be theoretically be updated using memory streams, assuming the memory is enough to hold the entire new application.

---

Network Consideration

Network stream determines the end of file transfer after a specific timeout, defaulted to 5 seconds. This can be increased in a slower network or decreased in a controlled network.

updater.ReadDataTimeout = TimeSpan.FromSeconds(5); // 5 seconds

The server providing the data needs to consider that IFU will need time to Build one stream a time, which can take a while especially when external flash buffering is enabled. For example, a 6MB Application buffered to external flash will need about 2 minutes.

---

Firmware and Application Matching

It is important that the loaded firmware is the same version expected by the application. It is usually best to update both when possible.