Multiple System Images for Over-The-Air Updates
First Claim
Patent Images
1. A method comprising, by one or more computing systems:
- executing software from a first partition of system memory;
requesting an over-the-air (OTA) software update from an endpoint;
receiving a manifest for the OTA update comprising a location from which the payload may be downloaded and a hash value of the payload;
requesting the payload from the location;
receiving the payload from the location;
calculating a first checksum by running a cryptographic hash function on the payload, comparing the hash value to the first checksum;
if the hash value and first checksum match;
writing the payload to a second partition of system memory;
calculating a second checksum by running the cryptographic hash function on the payload written to the second partition;
if the hash value and second checksum match;
rebooting to the second partition of system memory; and
if the hash value and second checksum fail to match;
re-writing the payload to the second partition of system memory;
if the hash value and first checksum fail to match;
identifying bad blocks of the payload; and
re-downloading the bad blocks of the payload.
2 Assignments
0 Petitions
Accused Products
Abstract
In one embodiment, a mobile device performs an over-the-air firmware update by writing the updated firmware to a inactive system image partition, and rebooting the device. The security of the OTA update is maintained through checking a plurality of security signatures in an OTA manifest, and the integrity of the data is maintained by checking a hash value of the downloaded system image.
91 Citations
20 Claims
-
1. A method comprising, by one or more computing systems:
-
executing software from a first partition of system memory; requesting an over-the-air (OTA) software update from an endpoint; receiving a manifest for the OTA update comprising a location from which the payload may be downloaded and a hash value of the payload; requesting the payload from the location; receiving the payload from the location; calculating a first checksum by running a cryptographic hash function on the payload, comparing the hash value to the first checksum; if the hash value and first checksum match; writing the payload to a second partition of system memory; calculating a second checksum by running the cryptographic hash function on the payload written to the second partition; if the hash value and second checksum match; rebooting to the second partition of system memory; and if the hash value and second checksum fail to match; re-writing the payload to the second partition of system memory; if the hash value and first checksum fail to match; identifying bad blocks of the payload; and re-downloading the bad blocks of the payload.
-
-
2. The method of claim 1, further comprising:
rebooting the one or more computing systems to the second partition of system memory.
-
3. The method of claim 2, wherein the manifest comprises a manifest signature and device unique signature, and rebooting to the second partition of system memory comprises:
-
authenticating the manifest signature with a manifest signature public key; authenticating the device unique signature with a device unique public key; and failing to boot to the second partition of system memory if either authentication fails.
-
-
4. The method of claim 2, wherein the manifest comprises an encrypted serial number, and rebooting to the second partition of system memory comprises:
-
decrypting the serial number with a serial number public key; comparing the decrypted serial number to a serial number of the one or more computing devices; and failing to boot to the second partition of system memory if the serial number and the decrypted serial number are not identical.
-
-
5. The method of claim 2, rebooting to the second partition of system memory comprising authenticating a bootloader signature with a bootloader public key.
-
6. The method of claim 1, wherein the manifest comprises a predetermined battery state in which the one or more computing systems must be in order to download the payload.
-
7. The method of claim 1, wherein the manifest comprises a predetermined time period during which the one or more computing systems may download the payload.
-
8. The method of claim 1, wherein the payload comprises a plurality of blocks, each block comprising a data portion and a hash value for the block, and identifying bad blocks comprising:
- for each of the plurality of blocks;
calculating a block checksum by running a cryptographic hash function on the data portion of the block; comparing the block checksum to the hash value; and if the values are not identical, identifying the block as a bad block.
- for each of the plurality of blocks;
-
9. A non-transitory, computer-readable media comprising instructions operable, when executed by one or more computing systems, to:
-
execute software from a first partition of system memory; request an over-the-air (OTA) software update from an endpoint; receive a manifest for the OTA update comprising a location from which the payload may be downloaded and a hash value of the payload; request the payload from the location; receive the payload from the location; calculate a first checksum by running a cryptographic hash function on the payload, compare the hash value to the first checksum; if the hash value and first checksum match; write the payload to a second partition of system memory; calculate a second checksum by running the cryptographic hash function on the payload written to the second partition; if the hash value and second checksum match; reboot to the second partition of system memory; and if the hash value and second checksum fail to match; re-write the payload to the second partition of system memory; if the hash value and first checksum fail to match; identify bad blocks of the payload; and re-download the bad blocks of the payload.
-
-
10. The media of claim 1, further comprising instructions operable, when executed by the one or more computing systems, to:
reboot the one or more computing systems to the second partition of system memory.
-
11. The media of claim 2, wherein the manifest comprises a manifest signature and device unique signature, and rebooting to the second partition of system memory comprises:
-
authenticating the manifest signature with a manifest signature public key; authenticating the device unique signature with a device unique public key; and failing to boot to the second partition of system memory if either authentication fails.
-
-
12. The media of claim 2, wherein the manifest comprises an encrypted serial number, and rebooting to the second partition of system memory comprises:
-
decrypting the serial number with a serial number public key; comparing the decrypted serial number to a serial number of the one or more computing devices; and failing to boot to the second partition of system memory if the serial number and the decrypted serial number are not identical.
-
-
13. The media of claim 2, rebooting to the second partition of system memory comprising authenticating a bootloader signature with a bootloader public key.
-
14. The media of claim 1, wherein the manifest comprises a predetermined battery state in which the one or more computing systems must be in order to download the payload.
-
15. The media of claim 1, wherein the manifest comprises a predetermined time period during which the one or more computing systems may download the payload.
-
16. The media of claim 1, wherein the payload comprises a plurality of blocks, each block comprising a data portion and a hash value for the block, and identifying bad blocks comprising:
-
for each of the plurality of blocks; calculating a block checksum by running a cryptographic hash function on the data portion of the block; comparing the block checksum to the hash value; and if the values are not identical, identifying the block as a bad block.
-
-
17. An apparatus comprising:
-
one or more processors; one or more communication interfaces; one or more non-transitory, computer-readable media comprising instructions operable, when executed by one or more processors, to; execute software from a first partition of system memory; request an over-the-air (OTA) software update from an endpoint; receive a manifest for the OTA update comprising a location from which the payload may be downloaded and a hash value of the payload; request the payload from the location; receive the payload from the location; calculate a first checksum by running a cryptographic hash function on the payload, compare the hash value to the first checksum; if the hash value and first checksum match; write the payload to a second partition of system memory; calculate a second checksum by running the cryptographic hash function on the payload written to the second partition; if the hash value and second checksum match; reboot to the second partition of system memory; and if the hash value and second checksum fail to match; re-write the payload to the second partition of system memory; if the hash value and first checksum fail to match; identify bad blocks of the payload; and re-download the bad blocks of the payload.
-
-
18. The apparatus of claim 1, the media further comprising instructions operable, when executed by the one or more computing systems, to:
reboot the one or more computing systems to the second partition of system memory.
-
19. The apparatus of claim 2, wherein the manifest comprises a manifest signature and device unique signature, and rebooting to the second partition of system memory comprises:
-
authenticating the manifest signature with a manifest signature public key; authenticating the device unique signature with a device unique public key; and failing to boot to the second partition of system memory if either authentication fails.
-
-
20. The apparatus of claim 2, wherein the manifest comprises an encrypted serial number, and rebooting to the second partition of system memory comprises:
-
decrypting the serial number with a serial number public key; comparing the decrypted serial number to a serial number of the one or more computing devices; and failing to boot to the second partition of system memory if the serial number and the decrypted serial number are not identical.
-
Specification
-
- Resources
Litigation Campaign Assessment
Thank you for your request. You will receive a custom alert email when the Litigation Campaign Assessment is available.
×
-
Current AssigneeMeta Platforms, Inc. (f/k/a Facebook, Inc.)
-
Original AssigneeMeta Platforms, Inc. (f/k/a Facebook, Inc.)
-
InventorsDjabarov, Gueorgui, Gandhi, Shaheen Ashok, Hotz, George
-
Granted Patent
-
Time in Patent OfficeDays
-
Field of Search
-
US Class Current713/2
-
CPC Class CodesG06F 11/1433 during software upgradingG06F 21/44 Program or device authentic...G06F 21/57 Certifying or maintaining t...G06F 21/572 Secure firmware programming...G06F 21/575 Secure bootG06F 21/602 Providing cryptographic fac...G06F 21/64 Protecting data integrity, ...G06F 8/654 using techniques specially ...H04L 41/082 the condition being updates...H04L 63/123 received data contents, e.g...H04M 1/72406 by software upgrading or do...H04W 12/10 IntegrityH04W 12/35 Protecting application or s...H04W 12/61 Time-dependentH04W 4/50 Service provisioning or rec...
