Paper Title (use style: paper title)



Remote Firmware Update for Constrained Embedded Systems

Goran Jurković* and Vlado Sruk**

* Department of Intelligent Transportation Systems, Faculty of Transport and Traffic Sciences, University of Zagreb, Vukelićeva 4, HR-10000 Zagreb, Croatia

** Department of Electronics, Microelectronics, Computer and Intelligent Systems, Faculty of Electrical Engineering and Computing, University of Zagreb, Unska 3, HR-10000 Zagreb, Croatia

goran.jurkovic@fpz.hr vlado.sruk@fer.hr

Abstract - In this work, we present the architecture of firmware software update infrastructure, which uses a centralized server to distribute adequate firmware updates to a large number of embedded devices. These updates enable transparent proactive management of everyday bugs and other vulnerabilities inherent in software-based systems, as well as embedded system evolution. Presented firmware update mechanism utilizes a network connectivity nowadays already presented in a wide range of embedded systems.

Introduction

Ubiquity of embedded computer systems in every pore of human life gets the credits from flexibility and faster product development from an idea to the final product. Technological development of microcontrollers is focused on specialization to different type of embedded systems. One of the goals is fast and flexible replacement of embedded software also called firmware [1]. Due to this fact that firmware within the embedded system is largely defining product’s role, capabilities and its functionality, it shortens time of a development from idea to the final product. In such environment the hardware can be designed as final product in early stages of this development bringing it faster to final stage, as software would in the end define this final product functionality. This creates another problem, as a very little time is left for detailed testing of a product and very often companies place mini batch of products on market which have not been thoroughly tested. In such cases end users become beta testers of the product. In such environment we need to provide an improved level of flexibility in automated and transparent firmware changes in the embedded system already installed at end users, to enable transparent and straightforward software update to prevent possible malfunctions.

Rising trend of wide spreading use of GSM and GPRS technology and its price drop opens possibility to affordably equip embedded computers with appropriate components to enable self-maintenance at any place. Presuming such environment, embedded system could achieve access to Internet and straight connection to the device manufacturer for maintenance purpose or dynamic replacement of a firmware [2].

In following section an algorithm for automatic software or firmware upgrade is described. Third section presents developed and implemented firmware upgrade algorithms. Forth section presents test environment and performance comparison.

Related work

The possibility of embedded system to upgrade running firmware over the Internet, also called Firmware Over The Air [3] (FOTA) is well known and widely used on very powerful embedded systems running ARM processors and operating system. However, this paper analyzes the use and the specifics of software agents in the process of upgrading software of the smaller embedded computer without operating system. Given the limitations of memory, it analyses the advantages and disadvantages of software agents with direct entry into the program memory and agents with the use of additional memory resources.

Implementation of the system software upgrade is based on software agents to enter directly into the program memory, and on-board computer was built in the system based on ATMEL processor [4] equipped with self-modifying program memory. Connectivity to the Internet was done with GPRS module that enables communication with the server. It describes the implementation of software algorithms, software agents, in detail. It evaluates the implementation process of dynamic upgrades of software described by a series of measurements that give insight into the properties and characteristics of deviation. An application of dynamic software upgrade by software agents is also suitable for implementation in a limited region of embedded computer systems of limited resources.

firmware upgrade Algorithm

In first case we used embedded computer based on AVR family of micro-processors made by Atmel and GSM/GPRS module Wismo228 [5]. This case represents embedded systems where communication module doesn’t contain memory for temporal storage, Figure 1. In this environment an algorithm for automatic software or firmware upgrade (called Agent) used an Intel HEX file format [6] for transferring of the new software that was supposed to replace existing ones. In this case the binary firmware was packed into Intel Hex file format and downloaded from the server using Hyper Text Terminal Protocol. As used micro-processor ATmega128 is fairly small and inexpensive, but built on AVR core with strong processing capabilities and a lot of integrated features and interfaces, it is often used in industry for production of consumer electronics and other embedded systems. Since this was an extremely undemanding embedded computer without any additional memory, Agent downloaded and upgraded main software in segments sized 2KB, while main program and embedded system functions were stopped and the product in which computer is embedded in was put out of operation. Figure 3 presents memory organization for algorithm in case when there is not available memory buffer. Entire flash update agent without memory buffer is presented in Figure 2.

Replacing transferring format of new software into customized Base64 encoding [7] and storing it in segments of 2KB, where each has basic checksum, the file that is transferred via GPRS connection generally was reduced in size, almost halved. A binary segment of the 2048B (2KB) packed in Intel Hex format increased the binary to 5325B (5.2KB) while the same in customized Base64 format was reduced to 2735B (2.67KB).

The Agent itself occupies 8KB of program memory (FLASH memory) reserved for in system FLASH updating algorithm routines presented on Figure 3, and 120KB of program memory remains for the main software or firmware (from 128KB of FLASH which ATmega128 has). Although the processor has built in self changing FLASH memory with program routines inside the same FLASH, it has one limitation. 120KB of FLASH memory is not readable while calling FLASH writing routines. Only upper part of the FLASH program memory reserved for Agent routines is always readable and Agent program can run normally while writing FLASH.

Another advancement of an Agent was achieved by replacing GSM/GPRS module model WISMO228 with GSM/GPRS module model SIM908 [8] made by SimCom. This new GPRS module has built in http client engine and by using this integrated HTTP protocol with buffer memory of 160KB within a GPRS module; it became possible to download the entire new firmware, the main software at once without the segmentation.

Also, it is now possible to initiate download within the main software while embedded computer and device performs main functions of the product in which it is built-in. Once new software was downloaded via GPRS and Internet network and stored in memory buffer of the SIM908 module, downloaded Base64 packed file would be checked segment by segment with checksum calculations for correct download of the new main software. Checking of a downloaded Base64 file takes 23 seconds every time over local 64Kbps connection, and it doesn’t depend on GPRS and network connection. This is just another precaution that takes a small amount of time and makes an Agent more robust and the software upgrade routines more transparent and reliable.

In a case when new downloaded software packed in Base64 is correct, the main program stops and calls stand-alone Agent routines to make program memory (FLASH) upgrade from a buffer which takes about 25 seconds over local 64Kbps connection that is a bit increased with a write FLASH time.

So it is known in advance exactly how much system would be out of operation (25 seconds for nearly the biggest program that fits FLASH) and it no longer depends on the effects of availability of GSM and GPRS networks and internet once the new software packed Base64 file is downloaded in SIM908 buffer.

Selected test embedded computer is normally built into the GNSS system for tracking, securing of vehicle from grand theft auto and remote engine start, called SMS Commander Genie made by Globis presented at Figure 4. This embedded system is quite flexible and used in a broad of applications. Embedded System is based on ATmega128 micro-processor by Atmel, GSM/GPRS/GPS Module model SIM908 by SimCom, switching power stabilizer for voltage regulation at 5V based MP1591 integrated circuit made by Monolithic Power Systems, 3V linear regulator for micro-processor based on TPS76930 by Texas Instruments, crystal oscillator of 7.37MHz frequency for micro-processors clock, MEMS motion sensor based on ADXL343 by Analog Devices, Lithium Polymer 3.7V backup battery, outside world outputs based on ULN2003D made by Texas Instruments, outside high power P-channel MOSFET outputs based on ZXMP6A18K made by ZETEX Semiconductors, CANBUS interface controller and logic converter based on MCP2515 and MCP2551 by Microchip, and other glue logic and interface to the outside world, which is the vehicle. As the embedded system operates 24/7 and it is supplied primarily from vehicle battery, maximum attention is dedicated to the smaller dimensions (108x54mm), and small energy consumption. To gain small energy consumption micro-processor is powered by 3V and MEMS motion sensor is used to disable GPS functions in GPS module SIM908 when the vehicle is not moving as the biggest power consumer is GPS function on the embedded system.

For testing and validating thesis of this paper only a micro-processor, oscillator, GPRS module and power supply circuit are needed and the electrical schematic for such embedded system is presented on the Figure 1.

Testing and Comparison

Testing environment is presented at Figure 5, for live testing in a real world environment. Embedded system is equipped with an Agent. Tested embedded systems is additionally modified to enable a continuous 24 hour testing downloads. The real environment includes exploits commercial GPRS network and Internet, and as well on the other side server computer running Linux with Apache http service and PHP with MySQL database. Server is a real time production server used for embedded systems made by Globis, and it is only altered in a way to record starting and ending times of new firmware download. This way it recorded sample times of each download.

To test the new upgraded Agent versus previous work and results measurements from before, to compare upgraded Agent to the old one, the test was conducted using a new software binary sized 110KB just as the first test. But there is a big difference. The old Agent was working with binary files packed in Intel Hex format and the new Agent is working with binary files packed in customized Base64 format. So now the size of new file being transferred over the network is almost halved, and expected download time would be smaller. What goes in favor of the new upgraded Agent is a new way of downloading as it is no longer downloaded in segments, because of a memory buffer inside GPRS device. In this case download speeds could reach the theoretical maximum of GPRS connection class 10 which is 80Kbps for download and 20Kbps for upload.

Firmware Package Download Times

|FIRMWARE PACKAGE FORMAT |INTEL HEX |BASE64 |

|SEGMENT SIZE: |2KB |N/A A |

|FIRMWARE PACKED SIZE (BINARY 110KB)B: |282KB |147KB |

|THEORETICAL DOWNLOAD TIME (60/40KBPS)C: |48.3S |25.1S |

|THEORETICAL DOWNLOAD TIME (80/20KBPS)D: |25.5S |18.8S |

|BEST ACHIEVED DOWNLOAD TIME: |84.0S |19.0S |

|AVERAGE ACHIEVED DOWNLOAD TIME: |103.8S |36.9S |

|WORST DOWNLOAD TIME: |1335S |219S |

|NUMBER OF TESTED SAMPLES: |624 |313 |

|NUMBER OF SAMPLES WITH RETRIES: |86 |N/A |

|NUMBER OF RETRIES: |182 |N/A |

a. BECAUSE NEW EMBEDDED SYSTEM USES GPRS MODULE WITH INTERNAL BUFFER MEMORY THE SOFTWARE IS TRANSFERRED AT ONCE WITHOUT SEGMENTATION

b. Binary size of a new software is 110KB but the packed size for Intel Hex and Base64 is different

c. Theoretical link speed of GPRS connection class 10 in normal mode

d. Theoretical link speed of GPRS connection class 10 in big files download mode

Agent Functions Execution Times

|MAIN FIRMWARE |AGENT TIME: |INTEL HEX |BASE64 |

|FUNCTION: | | | |

|ONLINE AGENT TIME |BEST: | |19.0S |

|A: | | | |

| |AVERAGE: | |36.9S |

| |WORST: | |219S |

| |FIRMWARE CHECK C: | |23S |

|OFFLINE AGENT TIME|BEST: |84.0S | |

|(FLASH UPDATE)B: | | | |

| |AVERAGE: |103.8S | |

| |WORST: |1335S | |

| |FLASH WRITE D: | |25S |

a. MAIN EMBEDDED SYSTEM’S FIRMWARE IS RUNNING AND AGENT IS WORKING IN PARALLEL WITH THE MAIN FIRMWARE

b. Main embedded system’s firmware and functions are down. Only the Agent is running.

c. After downloading the new firmware in a memory buffer built in SIM908, it is checked for errors before starting the Agent in an offline mode while the main process is stopped.

d. Flash is written from local buffer in new Agent with Base64 and SimCom, while on the old Agent, Flash is written while downloading segment by segment.

The standard GPRS connection class 10 uses 60Kbps for download and 40Kbps for upload, but it switches automatically to 80/20 mode in a case of transmission of bigger file. It is noticed that the old way of downloading files in segments, GPRS would never switch to 80/20 mode for faster download. So in comparison of times of older and upgraded Agent, not only the halved of firmware size would make the advantage. Also the switched 80/20 mode would make some difference in download times.

Testing samples were gathered by infinite loop calling an Agent to make download and starting and ending times were recorded in database. These downloads were conducted through 24 hours to check if a time of a day influence on the results because of the network bandwidth congestion. We can notice there are certain times of a day when the GPRS network is more utilized and therefore the spikes are recorded in tested samples. Figure 6 is showing segmented download times of firmware packed in Intel Hex format, while the figure 7 shows the same data, but downloaded at once in customized Base64 format.

In table I. the numbers of recorded samples are presented. There were 624 recorded samples for Intel Hex format and 313 recorded samples for Base64 format. There is a noticeable difference in download times because of the halved file in size in favor the new upgraded Agent, packed in customized Base64 format. But as it is presented in Table II, download time for not segmented file almost reached theoretically best possible download time for this type of a GPRS connection. While there is no possibility to achieve this kind of theoretical speeds in a segmented way of downloads. The best possible download time for Base64 packed file is 18.8 seconds, achieved 19.0 seconds. The best possible download time for old packed files are 25.5 seconds, but only achieved 84.0 seconds in the past. The difference is great. Also for average and worst download times, the new upgraded Agent is in noticeable advantage.

Also, there was no record of a retries in download for the upgraded Agent, because the GPRS module built in HTTP engine was taking care of this. So, if the retries did exist, they would manifest them self in a bit longer download time recorded.

The second advantage of the new agent over the old one is added local buffer memory inside the GPRS module. This makes entire concept of the automated software upgrades more transparent, robust and reliable. As presented on the table I. the worst case scenario is very worrying. The main function of the embedded system, in this case a security against a grand theft auto was shut down for whole 1335 seconds or calculated in minutes, it is over 22 minutes. This is not acceptable in reliability sense. Therefore the new agent with local memory buffer wouldn’t shut down the main process until it would make sure that the new firmware is correctly downloaded, and shut down time would always be exactly 25 seconds during the FLASH upgrade.

After the new agents receives a notification from GPRS SIM908 module that the HTTP download of a new firmware is completed, it would check it, that would take 23 seconds on 65Kbps connection, and shut down the main process and start up the offline Agent algorithm. The main process would be up and again running in 25 seconds with an upgraded firmware.

Conclusion and Future Work

The paper considered the possibility to upgrade software of an embedded system using the Internet to gain self-maintained software. Connectivity to the Internet was in our case is realized using GPRS module. Two software agents are presented: one with possibility of direct access into the program memory and agents with the use of additional memory resources. Considering the memory limitations and processing power of the embedded system it is analyzed the advantages and disadvantages of.

Implementation of the system software upgrade is based on software agents to enter directly into the program memory, and on-board computer was built in the system based on ATMEL processor equipped with self-modifying program FLASH memory.

The paper compares implementation of the Agent without additional memory buffer for temporary saving the new firmware and the newer implemented Agent with additional memory buffer.

Although a compared embedded system mostly differs on built in GPRS module (with and without http engine and built in memory buffer) there was significant improvement in Agent algorithm implementation exploding different binary file packaging format. The simplest, easy to implement and most common data transferring format is Hyper Text Terminal Protocol, on the server side and client side. So, that is the reason for using HTTP protocol, as the client side was software implemented in Agents algorithms. But it has limitations and binary files transferred without controlling signals were not an option for Agent implementation. Instead, ASCII type file packaging was used.

On the older implementation of the Agent, Intel Hex file format was well known and already used for the micro-processor program memory upgrades. It has built in checksum. In this case the segmented download and upgrade was only option due the lack of additional memory resources essential for temporarily saving downloaded firmware.

In second case advanced GPRS module with built in http engine and memory buffer used to store downloaded http page with a limited size of 160KB. In this case we exploited another way of packaging firmware files in a smaller and more compressed way. The decision favored base64 packaging format, as it used only ASCII signs and with addition of checksum and file segmentation with segments sized 2KB, it enabled both segmented and not segmented downloads on new software almost halved in size in comparison to Intel Hex file format.

Implemented Agent engine for parsing customized base64 file format is almost the same in size as implemented XML engine and Intel Hex parser.

The new upgraded embedded system with upgraded Agent algorithm is not only faster, but is more reliable and only fixed amount of time main process is down when upgrading program memory. Download is done as the background process in GPRS module and doesn’t affect main process and embedded system in any way. This way updating FLASH time while the main program and routines are down is not affected in any way by GPRS and network bandwidth.

In conclusion, achieved solution is more advanced in hardware and algorithm of the software Agent. Achieved solution for dynamic upgrades of software described in this paper is faster, more robust and reliable which was presented by a series of measurements that give insight into the properties and characteristics of deviation.

Applications of dynamic software upgrade by software agents are also suitable for implementation in a limited region of embedded computer systems built on limited resources. The future work would be extending Agents with compression algorithm implementation. Since Agent has size limitation we will examine several possible candidates and its optimizations due to available program size and main memory required. Also, another there is possible improvement would be in improving program availability.

References

1] Goran Jurković, Mario Žagar, GSM Wireless Solutions in Distributed Embedded Systems Designed for Automatic Control, 46th International Symposium Electronics in Marine, ELMAR 2004., pp. 205-211, Zadar, Croatia, 16-18 June. 2004.

2] Goran Jurković, Dynamic Software Update in Embedded Systems, Master Thesis, Faculty of Electrical Engineering and Computing, University of Zagreb, Zagreb, 2011.

3] Over-the-air programming

4] Atmel mega AVR Microcontrollers

5] AirPrime Embedded Wireless Modules, Sierra Wireless WISMO228 GPRS module

6] Intel HEX file format,

7] Base64 encoding file format,

8] SIMCom Wireless Solutions Co., Ltd SIM908

9]

10]

-----------------------

[pic]

ATmega128 and communication module without memory buffer

[pic]

Flash update agent without memory buffer

[pic]

Flash update agent without memory buffer

[pic]

GNSS capabale selected testing embedded system.

[pic]

Recording data environment for testing embedded system Agent firmware download times.

[pic]

Recorded download times in a time of a day for Intel Hex packed binary firmware file originaly sized 110KB.

[pic]

Download times in a time of a day for customized Base64 packed binary firmware file originaly sized 110KB.

................
................

In order to avoid copyright disputes, this page is only a partial summary.

Google Online Preview   Download