Skip to main content
Version: 6

Torizon Updates Overview


In this article, you will learn the basics about secure updates with the Torizon Platform Services. You will learn the main features, what is possible to update with it, and how it is secure, reliable and easy to use. Torizon updates features are ready-to-use and work seamlessly with devices running TorizonCore OS and its development environment — TorizonCore Builder and the Torizon IDE Extension 2.

Main Features

With the Torizon Updates feature it is possible to:

In both cases, the Torizon Platform Services enable you to:

  • Execute secure and reliable updates of Operating System, Applications, and Bootloader
  • Perform synchronous updates - both the OS and the Application as a single component
  • Automatically trigger the update whenever a new update is available
  • Automatically rollback to the last working version of the OS or the application in case the update fails
  • Block updates from happening from the application’s side, in case you have a critical application that cannot stop for an update to take place

Security, Reliability and Ease-To-Use

By bringing your update packages to the Torizon Platform Services domain, you leverage the Torizon Platform to manage security, reliability, traceability, and ease of the update process.

The Torizon Platform Services builds security metadata when you create update packages. Device provisioning assigns the devices with the matching information to validate and deploy the updates. This ensures that only trustworthy updates are executed. That said, you are also allowed to keep the root of trust under your control if you choose to do so, instead of delegating such responsibility.

On the device side, the automatic search for updates and deployment process, along with rollback capabilities, ensures the ease and reliability of the process. That eliminates the need for skilled labor and the possibility of undefined states for the device.

Offline Updates vs Remote Updates

The Offline and Remote OTA Updates features share the technology stack. Both of them allow updating the OS and/or the application in a deployed device. Their main difference is where the update comes from.

  • For the Remote Update, the device regularly checks the Torizon Platform Services for new updates through the internet. Once the update is found, the device reaches for files in different sources and then deploys the update.
  • For the Offline Updates, the device monitors a local directory — mounted from a USB drive, for example — for the new update. All the files are sourced during the medium preparation and are contained within the medium.

You will need a provisioned device to securely update it, regardless of choosing Remote or Offline Update.

Note that you currently cannot have both sources of updates enabled at once. The device must be configured to receive either Offline or Remote Updates. By default, devices disable Offline Updates in favor of Remote Updates.

How it Works

To make secure and reliable updates possible, Torizon Platform uses 3 main components.

  • Torizon Platform Services: the cloud infrastructure that manages the user's accounts, devices, fleets, packages, security metadata, and update process.

  • TorizonCore: the OS used by the devices, which has the services needed for registering the device in the Torizon Platform. It's also responsible for searching, downloading, validating, and deploying the updates.

  • TorizonCore builder: the tool used to push packages and OS images from the host machine to the Torizon Platform Services.

Torizon Update Packages

With Torizon Platform Services, you can remotely update the following packages on single or multiple devices:

  • The unmodified, a.k.a. vanilla TorizonCore OS
  • Your application, packaged in a single or a group of containers
  • A custom version of TorizonCore made for your application
  • Both application and OS as a single update, with success or failure tied to the synchronous update.
  • Bootloader

Torizon Updates in the Development and Maintenance Workflow

During development, you will most likely perform multiple deploys with different revisions of your customized TorizonCore OS image, and your application packages.

After a stable software stack is achieved, Torizon provides a quick and simple production programming method to wrap your OS image and Application into a single package and deploy to multiple devices in a production line.

With Torizon Platform Services, you create OS and Application Packages to update them individually or at the same time. This reduces the number of "moving parts", eliminates the need for bundling applications and OS in your maintenance process and allows smaller update packages.

Under-The-Hood Technologies

For more information about the technology stack shared by Offline and Remote updates, it is recommended to read the Torizon Remote Updates Technical Overview article. It highlights the roles of:

  • OSTree as the system that handles updates to the filesystem tree.
  • Uptane as the standard Toradex follows for secure updates.
  • Aktualizr as the client-side implementation for Uptane.
  • Greenboot as the framework that defines what is a successful boot.


Toradex has presented webinars about Secure Offline and Online Updates and you can watch them on demand.

Secure Offline and Online Updates for Linux Devices

Learn more about this webinar on the landing page, or watch it below:

Send Feedback!