Put open source to work
July 16–17, 2018: Training & Tutorials
July 18–19, 2018: Conference
Portland, OR

Key requirements for software updates for the IoT

Drew Moseley (Mender.io)
4:15pm4:55pm Thursday, July 19, 2018
Edge computing
Location: E146
Level: Beginner

Who is this presentation for?

  • Embedded and IoT developers, systems integrators, platform engineers, and security teams

What you'll learn

  • Understand common requirements and designs for enabling software updates for connected devices


A key requirement for connected devices is the ability to deploy remote software updates to them so that bugs, vulnerabilities, and new features can be addressed while devices live in the field for up to 10 years. The process for enabling these updates must be:

  • Robust (The cost of bricking devices is high.)
  • Easy (Teams generally do not have much time to invest in an updater mechanism.)
  • Performant (Bandwidth is the key limiting resource for connected devices, but other system resources should also be conserved during the update process. Downtime during the update process should be kept to a minimum.)
  • Secure (The update process must not enable attackers to deploy malicious software to the devices.)
  • Extensible (Connected devices vary greatly, and the updater must be generic and extensible to support the majority of them.)

In order to address these requirements, design trade-offs must be made.

Drew Moseley shares best practices and the current state of software updates for connected devices, drawn from interviews with more than 100 embedded developers undertaken as part of the Mender.io project. Join Drew to learn the most common update strategies, such as using A/B dual rootfs, maintenance-mode updates, package managers, and tarballs, and explore the trade-offs of each approach. Drew also details other important design aspects of an updater, such as validating deployment compatibility, integrity, authenticity, sanity checking after the update, handling update failures, identifying extension points, device portability, persistent user data, and reducing bandwidth consumption and downtime.

Photo of Drew Moseley

Drew Moseley


Drew Moseley is a technical solutions architect at Northern.Tech, where he works on the Mender.io open source project to deploy OTA software updates to embedded Linux devices. Throughout his career, Drew has focused on embedded software and developer tools, including embedded Linux and Yocto. He has worked at Mentor Graphics, Red Hat, Intel, and Monta Vista Software on embedded projects such as RAID storage controllers, direct and network-attached storage devices, and graphical pagers. He spent the last seven years working in operating system professional services, where he helped customers develop production embedded Linux systems. Drew is a frequent speaker at conferences such as Embedded Systems Conference and All Systems Go. He was raised in Tampa, Florida, and attended the University of Florida.