Torizon Updates Overview
In this article, you will learn the basics about secure updates with the Torizon Cloud. You will learn the main features, what is possible to update with it, and how it is secure, reliable and easy to use. Torizon updates features are ready-to-use and work seamlessly with devices running Torizon OS and its development environment — TorizonCore Builder and the Torizon IDE Extension 2.
With the Torizon Updates feature it is possible to:
In both cases, the Torizon Cloud enable you to:
- Execute secure and reliable updates of Operating System, Applications, and Bootloader
- Perform synchronous updates - both the OS and the Application as a single component
- Automatically trigger the update whenever a new update is available
- Automatically rollback to the last working version of the OS or the application in case the update fails
- Block updates from happening from the application’s side, in case you have a critical application that cannot stop for an update to take place
Security, Reliability and Ease-To-Use
The Torizon Cloud builds security metadata when you create update packages. Device provisioning assigns the devices with the matching information to validate and deploy the updates. This ensures that only trustworthy updates are executed. That said, you are also allowed to keep the root of trust under your control if you choose to do so, instead of delegating such responsibility.
On the device side, the automatic search for updates and deployment process, along with rollback capabilities, ensures the ease and reliability of the process. That eliminates the need for skilled labor and the possibility of undefined states for the device.
Offline Updates vs Remote Updates
The Offline and Remote OTA Updates features share the technology stack. Both of them allow updating the OS and/or the application in a deployed device. Their main difference is where the update comes from.
- For the Remote Update, the device regularly checks the Torizon Cloud for new updates through the internet. Once the update is found, the device reaches for files in different sources and then deploys the update.
- For the Offline Updates, the device monitors a local directory — mounted from a USB drive, for example — for the new update. All the files are sourced during the medium preparation and are contained within the medium.
You will need a provisioned device to securely update it, regardless of choosing Remote or Offline Update.
Note that you currently cannot have both sources of updates enabled at once. The device must be configured to receive either Offline or Remote Updates. By default, devices disable Offline Updates in favor of Remote Updates.
How it Works
To make secure and reliable updates possible, Torizon Cloud uses 3 main components.
Torizon Cloud: the cloud infrastructure that manages the user's accounts, devices, fleets, packages, security metadata, and update process.
Torizon OS: the OS used by the devices, which has the services needed for registering the device in the Torizon Cloud. It's also responsible for searching, downloading, validating, and deploying the updates.
TorizonCore builder: the tool used to push packages and OS images from the host machine to the Torizon Cloud.
Torizon Update Packages
With Torizon Cloud, you can remotely update the following packages on single or multiple devices:
- The unmodified, a.k.a. vanilla Torizon OS
- Your application, packaged in a single or a group of containers
- A custom version of Torizon OS made for your application
- Both application and OS as a single update, with success or failure tied to the synchronous update.
Torizon Updates in the Development and Maintenance Workflow
After a stable software stack is achieved, Torizon provides a quick and simple production programming method to wrap your OS image and Application into a single package and deploy to multiple devices in a production line.
With Torizon Cloud, you create OS and Application Packages to update them individually or at the same time. This reduces the number of "moving parts", eliminates the need for bundling applications and OS in your maintenance process and allows smaller update packages.
For more information about the technology stack shared by Offline and Remote updates, it is recommended to read the Torizon Remote Updates Technical Overview article. It highlights the roles of:
- OSTree as the system that handles updates to the filesystem tree.
- Uptane as the standard Toradex follows for secure updates.
- Aktualizr as the client-side implementation for Uptane.
- Greenboot as the framework that defines what is a successful boot.
Toradex has presented webinars about Secure Offline and Online Updates and you can watch them on demand.
Secure Offline and Online Updates for Linux Devices
Learn more about this webinar on the landing page, or watch it below: