Description
This LwM2M Object enables management of firmware which is to be updated. This Object includes installing a firmware package, updating firmware, and performing actions after updating firmware. The firmware update MAY require to reboot the device; it will depend on a number of factors, such as the operating system architecture and the extent of the updated software. The envisioned functionality is to allow a LwM2M Client to connect to any LwM2M Server to obtain a firmware image using the object and resource structure defined in this section experiencing communication security protection using TLS/DTLS. There are, however, other design decisions that need to be taken into account to allow a manufacturer of a device to securely install firmware on a device. Examples for such design decisions are how to manage the firmware update repository at the server side (which may include user interface considerations), the techniques to provide additional application layer security protection of the firmware image, how many versions of firmware images to store on the device, and how to execute the firmware update process considering the hardware specific details of a given IoT hardware product. These aspects are considered to be outside the scope of this version of the specification. A LwM2M Server may also instruct a LwM2M Client to fetch a firmware image from a dedicated server (instead of pushing firmware images to the LwM2M Client). The Package URI resource is contained in the Firmware object and can be used for this purpose. A LwM2M Client MUST support block-wise transfer [CoAP_Blockwise] if it implements the Firmware Update object. A LwM2M Server MUST support block-wise transfer. Other protocols, such as HTTP/HTTPs, MAY also be used for downloading firmware updates (via the Package URI resource). For constrained devices it is, however, RECOMMENDED to use CoAP for firmware downloads to avoid the need for additional protocol implementations. Version 2.0 changes the definition of this object to allow for multiple instances, with each instance representing a separate “partition” of the device’s firmware that can be upgraded independently. The significance of such partitions is implementation-defined, however the intention is that they might refer to components such as: bootloaders, application code, cellular modem firmwares, security processor firmwares, etc. It is expected that firmware partitions can be upgraded independently in most cases, however the object provides a mechanism for checking version dependencies when a certain order of updates is required, or when multiple partitions need to be upgraded in tandem. Instances of this object SHOULD be static and cannot be managed by the LwM2M Server. The client MUST respond with an error on the transport binding layer signifying a “Method Not Allowed” error upon receiving a Create or Delete request for this object. If only a single firmware partition is available for updating, it MUST have Instance ID equal to 0. When multiple partitions are available for updating, the main partition (i.e., the one that contains code for the core part of the device’s functionality) SHOULD have Instance ID equal to 0.
Object definition
| Name | Object ID | Object Version | LWM2M Version |
| Firmware Update | 5 | 2.0 | 1.1 |
| Object URN | Instances | Mandatory | |
| urn:oma:lwm2m:oma:5:2.0 | Multiple | Optional | |
Resource definitions
| ID | Name | Operations | Instances | Mandatory | Type | Range or Enumeration | Units | Description |
|---|---|---|---|---|---|---|---|---|
| 0 | Package | W | Single | Mandatory | Opaque | Firmware package | ||
| 1 | Package URI | RW | Single | Mandatory | String | 0..255 | URI from where the device can download the firmware package by an alternative mechanism. As soon as the device has received the Package URI it performs the download at the next practical opportunity. The URI format is defined in RFC 3986. For example, coaps://example.org/firmware is a syntactically valid URI. The URI scheme determines the protocol to be used. For CoAP this endpoint MAY be a LwM2M Server but does not necessarily need to be. A CoAP server implementing block-wise transfer is sufficient as a server hosting a firmware repository and the expectation is that this server merely serves as a separate file server making firmware images available to LwM2M Clients. | |
| 2 | Update | E | Single | Mandatory | Updates firmware by using the firmware package stored in Package, or, by using the firmware downloaded from the Package URI. This Resource is only executable when the value of the State Resource is Downloaded. If multiple instances of the Firmware Update object are in the Downloaded state, the device MAY update multiple partitions in one go. In this case, the Linked Instances resource MUST list all other partitions that will be updated alongside the current one. The server MAY override this behavior by including an argument 0 in the Execute operation. If the argument is present with no value, the client MUST attempt to update only the partition handled by the current instance. If the argument is present with a value containing a list of Firmware Update object instances specified as a Core Link Format (so that the argument may read, for example: 0='</5/1>,</5/2>'), the client MUST attempt to update the partitions handled by the current instance and the instances listed in the argument, and MUST NOT attempt to update any other partitions. If the client is not able to satisfy such a request, the update process shall fail with the Update Result resource set to 13. If the downloaded images are incompatible with at least one of the images installed on other partitions, and compatible updates for them are not downloaded (i.e., the State resource in an instance corresponding to the conflicting partition is not Downloaded), the update process shall also fail with the Update Result resource set to 13. When multiple partitions are upgraded as part of a single Update operation, the device SHOULD upgrade them in a transactional fashion (i.e., all are updated successfully, or all are reverted in case of error), and MUST perform the upgrade in a way that ensures that the device will not be rendered unbootable due to partial errors. | |||
| 3 | State | R | Single | Mandatory | Integer | 0..3 | Indicates current state with respect to this firmware update. This value is set by the LwM2M Client. 0: Idle (before downloading or after successful updating) 1: Downloading (The data sequence is on the way) 2: Downloaded 3: Updating If writing the firmware package to Package Resource has completed, or, if the device has downloaded the firmware package from the Package URI the state changes to Downloaded. The device MAY support images containing code for multiple partitions in a single file, in which case downloading the image in any instance of the Firmware Update object that is valid for it, MUST set the State resource to 2 in instances handling all partitions that are affected by the downloaded image; if the State of any of such instances was different than 0, the image MUST be rejected and the Update Result resource set to 12. Writing an empty string to Package URI Resource or setting the Package Resource to NULL (‘\0’), resets the Firmware Update State Machine: the State Resource value is set to Idle and the Update Result Resource value is set to 0. The device should remove the downloaded firmware image when the state is reset to Idle. When in Downloaded state, and the executable Resource Update is triggered, the state changes to Updating if the update starts immediately. For devices that support a user interface and the deferred update functionality, the user may be allowed to defer the firmware update to a later time. In this case, the state stays in the Downloaded state and the Update Result is set to 11. Once a user accepts the firmware update, the state changes to Updating. When the user deferred the update, the device will continue operations normally until the user approves the firmware update or an automatic update starts. It will not block any operation on the device. If the Update Resource failed, the state may return to either Downloaded or Idle depending on the underlying reason of update failure, e.g. Integrity Check Failure results in the client moving to the Idle state. If performing the Update or Cancel operation was successful, the state changes to Idle. The firmware update state machine is illustrated in the respective LwM2M specification. | |
| 5 | Update Result | R | Single | Mandatory | Integer | 0..11 | Contains the result of downloading or updating the firmware 0: Initial value. Once the updating process is initiated (Download /Update), this Resource MUST be reset to Initial value. 1: Firmware updated successfully. 2: Not enough flash memory for the new firmware package. 3: Out of RAM during the downloading process. 4: Connection lost during the downloading process. 5: Integrity check failure for new downloaded package. 6: Unsupported package type. 7: Invalid URI. 8: Firmware update failed. 9: Unsupported protocol. A LwM2M client indicates the failure to retrieve the firmware image using the URI provided in the Package URI resource by writing the value 9 to the /5/0/5 (Update Result resource) when the URI contained a URI scheme unsupported by the client. Consequently, the LwM2M Client is unable to retrieve the firmware image using the URI provided by the LwM2M Server in the Package URI when it refers to an unsupported protocol. 10: Firmware update cancelled. A Cancel operation has been executed successfully. 11: Firmware update deferred. 12: Conflicting state. Multi-partition firmware image download rejected before entering the Downloaded state because it conflicts with an already downloaded image in a different object instance. 13: Dependency error. The Update operation failed because the partition image requires some other partition to be updated first or at the same time. | |
| 6 | PkgName | R | Single | Optional | String | 0..255 | Name of the Firmware Package. If this resource is supported, it shall contain the name of the downloaded package when the State is 2 (Downloaded) or 3 (Updating); otherwise it MAY be empty. | |
| 7 | PkgVersion | R | Single | Optional | String | 0..255 | Version of the Firmware package. If this resource is supported, it shall contain the version of the downloaded package when the State is 2 (Downloaded) or 3 (Updating); otherwise it MAY be empty. | |
| 8 | Firmware Update Protocol Support | R | Multiple | Optional | Integer | 0..5 | This resource indicates what protocols the LwM2M Client implements to retrieve firmware images. The LwM2M server uses this information to decide what URI to include in the Package URI. A LwM2M Server MUST NOT include a URI in the Package URI object that uses a protocol that is unsupported by the LwM2M client. For example, if a LwM2M client indicates that it supports CoAP and CoAPS then a LwM2M Server must not provide an HTTP URI in the Packet URI. The following values are defined by this version of the specification: 0: CoAP (as defined in RFC 7252) with the additional support for block-wise transfer. CoAP is the default setting. 1: CoAPS (as defined in RFC 7252) with the additional support for block-wise transfer 2: HTTP 1.1 (as defined in RFC 7230) 3: HTTPS 1.1 (as defined in RFC 7230) 4: CoAP over TCP (as defined in RFC 8323) 5: CoAP over TLS (as defined in RFC 8323) Additional values MAY be defined in the future. Any value not understood by the LwM2M Server MUST be ignored. The value of this resource SHOULD be the same for all instances of the Firmware Update object. | |
| 9 | Firmware Update Delivery Method | R | Single | Mandatory | Integer | 0..2 | The LwM2M Client uses this resource to indicate its support for transferring firmware images to the client either via the Package Resource (=push) or via the Package URI Resource (=pull) mechanism. 0: Pull only 1: Push only 2: Both. In this case the LwM2M Server MAY choose the preferred mechanism for conveying the firmware image to the LwM2M Client. The value of this resource SHOULD be the same for all instances of the Firmware Update object. | |
| 10 | Cancel | E | Single | Optional | Cancels firmware update. Cancel can be executed if the device has not initiated the Update process. If the device is in the process of installing the firmware or has already completed installation it MUST respond with Method Not Allowed error code. Upon successful Cancel operation, Update Result Resource is set to 10 and State is set to 0 by the device. | |||
| 11 | Severity | RW | Single | Optional | Integer | 0..2 | Severity of the firmware image. 0: Critical 1: Mandatory 2: Optional This information is useful when the device provides option for the deferred update. Default value is 1. | |
| 12 | Last State Change Time | R | Single | Optional | Time | This resource stores the time when the State resource is changed. Device updates this resource before making any change to the State. | ||
| 13 | Maximum Defer Period | RW | Single | Optional | Unsigned Integer | s | The number of seconds a user can defer the software update. When this time period is over, the device will not prompt the user for update and install it automatically. If the value is 0, a deferred update is not allowed. | |
| 14 | Partition Name | R | Single | Optional | String | Name of the partition handled by this instance of the Firmware Update object. This should be a name clearly identifying the partition for both humans and machines. The syntax of these names is implementation-specific, but might refer to terms such as “bootloader”, “application”, “modem firmware” etc. This resource shall be treated as Mandatory when multiple instances of the Firmware Update object are present. | ||
| 15 | Current Version | R | Single | Optional | String | Version number of the image that is currently installed and running for the partition handled by this instance of the Firmware Update object. This resource shall be treated as Mandatory when multiple instances of the Firmware Update object are present. For the main partition (the one that contains code for the core part of the device’s functionality), this value SHOULD be the same as the Firmware Version resource in the Device object (/3/0/3). | ||
| 16 | Linked Instances | R | Single | Optional | Objlnk | When multiple instances of the Firmware Update object are in the Downloaded state, this resource shall list all other instances that will be updated in a batch if the Update resource is executed on this instance with no arguments. Each of the instances listed MUST be in the Downloaded state. The resource MUST NOT contain references to any objects other than the Firmware Update object. | ||
| 17 | Conflicting Instances | R | Single | Optional | Objlnk | When the download or update fails and the Update Result resource is set to 12 or 13, this resource MUST be present and contain references to the Firmware Update object instances that caused the conflict. In other states, this resource MAY be absent or empty, or it MAY contain references to the Firmware Update object instances which are in a state conflicting with the possibility of successfully updating this instance. The resource MUST NOT contain references to any objects other than the Firmware Update object. |