Quick Answer
To implement OTA firmware updates on STM32 devices, you need a custom bootloader that can download new firmware from an external source (WiFi, cellular, or Ethernet), validate it, and write it to a secondary flash partition, then swap partitions on the next boot. Key components include: dual-bank flash or external flash storage, secure communication (TLS), firmware validation (checksums, digital signatures), and rollback capability for failed updates.
Introduction
Over-The-Air (OTA) firmware updates have become essential for modern IoT and connected devices. They enable remote bug fixes, feature additions, and security patches without physical access to the device. For STM32-based products, implementing OTA requires careful design of the bootloader, flash memory management, and communication protocols.
This guide covers the complete process of implementing OTA firmware updates on STM32 microcontrollers, from architectural decisions to implementation details and security considerations.
Core Content
1. OTA Update Architecture
Components of an OTA System
- Bootloader: Responsible for selecting and booting the active application
- Application: Main firmware that performs device functions and downloads updates
- Flash Memory Layout: Organized to store multiple firmware images
- Communication Module: WiFi, cellular, or Ethernet interface for downloading updates
- Server Infrastructure: Firmware repository, version management, device authentication
Flash Memory Layout Strategies
Option 1: Dual-Bank Flash (A/B Partitioning)
+------------------+ 0x08000000 | Bootloader | 16-32 KB +------------------+ 0x08008000 | Bank A (App) | | Active Image | 256 KB +------------------+ 0x08048000 | Bank B (New) | | Download Area | 256 KB +------------------+ 0x08088000
2. Bootloader Design
Bootloader Responsibilities
- Initialization: Basic hardware setup (clocks, GPIO)
- Image Selection: Determine which application to boot
- Integrity Check: Verify firmware integrity before boot
- Rollback: Revert to previous version if update failed
- Jump to Application: Transfer control to the application
3. Firmware Validation and Security
Validation Mechanisms
- Checksum: Simple CRC32 or Fletcher checksum for error detection
- Hash: SHA-256 for integrity verification
- Digital Signature: ECDSA or RSA for authentication and integrity
- Version Check: Prevent downgrade attacks
Security Best Practices
- TLS 1.3: Use latest TLS for secure download
- Certificate Pinning: Prevent man-in-the-middle attacks
- Code Signing: Sign firmware with private key, verify with public key in bootloader
- Hardware Security: Use STM32 secure boot (ST-iRoT) for tamper resistance
- Encrypted Firmware: Encrypt firmware for confidentiality
FAQ
How much flash space do I need for OTA?
At least 2× your application size, plus bootloader. For a 128KB application, you need 16-32KB bootloader + 128KB Bank A + 128KB Bank B = 272-304KB total flash. Consider external flash for larger applications or to store multiple versions.
What happens if power fails during an update?
With dual-bank: The device boots from the old bank. The bootloader detects incomplete update and continues with the current working firmware. With single-bank + external flash: Design the bootloader to detect incomplete updates and resume or rollback.
How do I prevent unauthorized firmware updates?
Implement code signing. The bootloader verifies firmware signature using an embedded public key. Only firmware signed with the matching private key can be installed. Combined with TLS for download and certificate pinning, this provides end-to-end security.
Conclusion
Implementing OTA firmware updates on STM32 requires:
- Bootloader Design: Handles image selection, validation, and boot
- Flash Layout: Dual-bank or external flash for storing multiple images
- Secure Download: HTTPS with TLS and certificate pinning
- Firmware Validation: SHA-256 hash and digital signatures
- Rollback Mechanism: Boot counters and watchdog for failed updates
- State Management: Clear state machine for update process
Need Help Implementing OTA Updates?
InnovChip specializes in embedded firmware development and secure OTA solutions. Contact us today for expert guidance on implementing OTA updates for your STM32-based products.