Skip to main content

OTA Updates

Over-the-air firmware updates for EdgeFlow devices. Upload firmware to S3, distribute via presigned URLs, rolling/canary strategies, version tracking, and rollback support.

Overview

EdgeFlow supports Over-the-Air (OTA) firmware updates from the cloud. Firmware binaries are uploaded to S3-compatible storage (MinIO/AWS S3), verified with SHA256 checksums, and distributed to devices via time-limited presigned URLs. Updates can target individual devices or entire fleets using rolling and canary strategies.

Update Flow

Cloud                                    Device
  │                                         │
  │  1. Upload firmware binary to S3        │
  │  (SHA256 checksum verification)         │
  │                                         │
  │  2. Initiate OTA update                 │
  │  (target device or fleet)               │
  │                                         │
  │  3. Send update command via tunnel      │
  │────────────────────────────────────────>│
  │                                         │
  │  4. Device downloads firmware           │
  │     (presigned URL, 1hr expiry)         │
  │                                         │
  │  5. Verify checksum                     │
  │                                         │
  │  6. Apply update and reboot             │
  │                                         │
  │  7. Report new version                  │
  │<────────────────────────────────────────│
  │                                         │
  │  8. Update device record                │

Firmware Storage

Firmware binaries are stored in S3-compatible object storage with organization-scoped paths: 

# S3 key format
firmware/{organization_id}/{version}/{sha256_checksum}.bin

# Example
firmware/org_xyz789/1.3.0/a1b2c3d4e5f6...abc.bin

Upload Requirements

  • Binary firmware file (.bin format)
  • SHA256 checksum for integrity verification
  • Semantic version number
  • Release notes (optional)

Update Strategies

Single Device Update

Update a specific device to a target firmware version:

  • Checks current firmware version on device
  • Verifies device is online and reachable
  • Generates presigned download URL (1-hour expiry)
  • Queues update job via async worker

Bulk Fleet Update

Update multiple devices using deployment strategies:

Strategy Description
All-at-Once Push firmware to all target devices simultaneously
Rolling Update devices in sequential batches
Canary Update a small percentage first, then the rest

Update Status

Status Description
idle No update in progress
updating Firmware download/install in progress
completed Update applied successfully
failed Update failed (device remains on previous version)

OTA Device Record

{
  "device_id": "dev_abc123",
  "current_version": "1.2.3",
  "target_version": "1.3.0",
  "ota_status": "updating",
  "progress": 65,
  "last_update_at": "2026-02-21T12:00:00Z"
}

Rollback

If an update fails or causes issues, EdgeFlow supports rolling back to the previous firmware version. The rollback process re-initiates an OTA update using the last known good firmware binary, which remains stored in S3.

Force Update

By default, OTA updates skip devices already running the target version. Use the force flag to override version checks and re-apply the firmware, useful for recovering from corrupted installations.

Security

  • SHA256 Checksums — Every firmware binary is verified before and after download
  • Presigned URLs — Download links expire after 1 hour
  • Organization Scoping — Firmware is isolated per organization in S3
  • TLS Transport — All downloads use HTTPS