MCUBoot: OTA Update of Firmware

OTA (Over-The-Air) update is a method to remotely update firmware on embedded devices through wireless networks like Wi-Fi, cellular, or Bluetooth without requiring physical access to the device.

                            OTA Update Flow
                            ===============

        ┌───────────────┐                   ┌──────────────────┐
        │               │  Wireless Network │                  │
        │ Remote Server │ ◀────────────────▶│ Microcontroller  │
        │               │  (Wi-Fi/Cell/BLE) │                  │
        │ ┌─────────┐   │                   │  ┌────────────┐  │
        │ │ New FW  │   │   Device checks   │  │ Running FW │  │
        │ │ v2.0.0  │   │    for updates    │  │   v1.0.0   │  │
        │ │ ✓Signed │   │ ◀──────────────── │  └────────────┘  │
        │ │ ✓Verify │   │                   │                  │
        │ └─────────┘   │                   │  ┌────────────┐  │
        │   Store vers. │  Download new img │  │   MCUboot  │  │
        │  Manage rolls │ ───────────────▶  │  │ Bootloader │  │
        │  Track devs   │                   │  └────────────┘  │
        │               │                   │  Flash Memory:   │
        │               │                   │  ┌────────────┐  │
        │               │                   │  │slot0 v1.0.0│  │
        │               │                   │  │ (Primary)  │  │
        │               │                   │  ├────────────┤  │
        │               │                   │  │slot1 v2.0.0│  │
        │               │                   │  │ (Secondary)│  │
        │               │                   │  └────────────┘  │
        │               │                   │    ▲       ▲     │
        │               │                   │    │       │     │
        │               │                   │  Old Img New Img │
        │               │                   │   (v1.0)  (v2.0) │
        │               │                   │                  │
        └───────────────┘                   └──────────────────┘
           OTA Server                            IoT Device

Zephyr RTOS uses MCUboot as the secure bootloader to enable firmware updates. MCUboot typically uses a dual-slot (primary and secondary) flash layout-

+---------------------------+  0x08000000
|      MCUboot Bootloader   |
|         (64 KB)           |
+---------------------------+  0x08020000
|     Slot 0 (Primary)      |
|        (128 KB)           |
|  - Image Header (32 B)    |
|  - Application Code       |
|  - TLV Area               |
|  - Trailer (unused)       |
+---------------------------+  0x08040000
|    Slot 1 (Secondary)     |
|        (128 KB)           |
|  - Image Header (32 B)    |
|  - Application Code       |
|  - TLV Area               |
|  - Trailer                |
|    (Swap Status/Magic)    |
+---------------------------+  0x08060000
|    Scratch Area           |
|    (128 KB)               |
+---------------------------+

Here is a brief list of operations performed by the active firmware and MCUboot bootloader to update the firmware during an OTA process:

• Active Firmware: Always runs from slot0.

  • Periodically checks or gets notified that a new firmware version is available on the remote OTA server.
  • Downloads the new firmware image securely.
  • Writes the new image to the secondary flash slot (slot1).
  • Marks the new image as "test" or pending upgrade.
  • Triggers a system reboot to apply the update.

• MCUboot Bootloader:

  • Executes at device startup, before main firmware runs.
  • Checks if a firmware swap is requested.
  • Performs a swap operation between slot0 and slot1 safely using a sector-by-sector copy via a scratch area.
  • Boots the newly swapped firmware from slot0.
  • Waits for the new firmware to confirm successful operation.
  • If confirmation is not received, reverts the swap on next boot to rollback to the old firmware ensuring device recovery.
  • If confirmed, marks the new firmware as permanent, allowing future boots without rollback.