Multiple system images for over-the-air updates
First Claim
Patent Images
1. A method comprising, by one or more computing systems:
- executing software from a first partition of system memory;
requesting an over-the-air (OTA) software update from an endpoint;
receiving a manifest for the OTA update, the manifest comprising a location from which a payload is to be downloaded, a hash value of the payload, a manifest signature, a device unique signature, and a download policy comprising a download condition for downloading the payload;
requesting the payload from the location;
receiving the payload from the location in response to the download condition being satisfied, wherein the received payload comprises a plurality of blocks, each block comprising a data portion and a hash value for the block;
calculating a first checksum of the payload by running a cryptographic hash function on the received payload; and
comparing the hash value of the payload to the first checksum of the received payload;
wherein if the hash value of the payload and first checksum of the received payload match;
writing the received payload to a second partition of system memory;
calculating a second checksum of the payload by running the cryptographic hash function on the payload written to the second partition;
wherein if the hash value of the payload and the second checksum of the payload written to the second partition match;
rebooting the one or more computing systems to the second partition of system memory;
wherein if the hash value of the payload and the second checksum of the payload written to the second partition fail to match;
re-writing the received payload to the second partition of system memory; and
wherein if the hash value of the payload and the first checksum of the received payload fail to match, for each of the plurality of blocks of the received payload;
calculating a block checksum by running the cryptographic hash function on the data portion of the block; and
comparing a downloaded hash value of the block to the block checksum;
wherein if the downloaded hash value of the block and the block checksum fail to match;
identifying the block as a bad block of the payload; and
re-downloading the bad block of the payload.
2 Assignments
0 Petitions
Accused Products
Abstract
In one embodiment, a mobile device performs an over-the-air firmware update by writing the updated firmware to a inactive system image partition, and rebooting the device. The security of the OTA update is maintained through checking a plurality of security signatures in an OTA manifest, and the integrity of the data is maintained by checking a hash value of the downloaded system image.
-
Citations
20 Claims
-
1. A method comprising, by one or more computing systems:
-
executing software from a first partition of system memory; requesting an over-the-air (OTA) software update from an endpoint; receiving a manifest for the OTA update, the manifest comprising a location from which a payload is to be downloaded, a hash value of the payload, a manifest signature, a device unique signature, and a download policy comprising a download condition for downloading the payload; requesting the payload from the location; receiving the payload from the location in response to the download condition being satisfied, wherein the received payload comprises a plurality of blocks, each block comprising a data portion and a hash value for the block; calculating a first checksum of the payload by running a cryptographic hash function on the received payload; and comparing the hash value of the payload to the first checksum of the received payload; wherein if the hash value of the payload and first checksum of the received payload match; writing the received payload to a second partition of system memory; calculating a second checksum of the payload by running the cryptographic hash function on the payload written to the second partition; wherein if the hash value of the payload and the second checksum of the payload written to the second partition match; rebooting the one or more computing systems to the second partition of system memory; wherein if the hash value of the payload and the second checksum of the payload written to the second partition fail to match; re-writing the received payload to the second partition of system memory; and wherein if the hash value of the payload and the first checksum of the received payload fail to match, for each of the plurality of blocks of the received payload; calculating a block checksum by running the cryptographic hash function on the data portion of the block; and comparing a downloaded hash value of the block to the block checksum; wherein if the downloaded hash value of the block and the block checksum fail to match; identifying the block as a bad block of the payload; and re-downloading the bad block of the payload. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A non-transitory, computer-readable media comprising instructions operable, when executed by one or more computing systems, to:
-
execute software from a first partition of system memory; request an over-the-air (OTA) software update from an endpoint; receive a manifest for the OTA update, the manifest comprising a location from which a payload is to be downloaded, a hash value of the payload, a manifest signature, a device unique signature, and a download policy comprising a download condition for downloading the payload; request the payload from the location; receive the payload from the location in response to the download condition being satisfied, wherein the received payload comprises a plurality of blocks, each block comprising a data portion and a hash value for the block; calculate a first checksum of the payload by running a cryptographic hash function on the received payload; and compare the hash value of the payload to the first checksum of the received payload; wherein if the hash value of the payload and first checksum of the received payload match; write the received payload to a second partition of system memory; calculate a second checksum of the payload by running the cryptographic hash function on the payload written to the second partition; wherein if the hash value of the payload and the second checksum of the payload written to the second partition match; reboot the one or more computing systems to the second partition of system memory; wherein if the hash value of the payload and the second checksum of the payload written to the second partition fail to match; re-write the received payload to the second partition of system memory; and wherein if the hash value of the payload and the first checksum of the received payload fail to match, for each of the plurality of blocks of the received payload; calculate a block checksum by running the cryptographic hash function on the data portion of the block; and compare a downloaded hash value of the block to the block checksum; wherein if the downloaded hash value of the block and the block checksum fail to match; identify the block as a bad block of the payload; and re-download the bad block of the payload. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
-
-
17. An apparatus comprising:
-
one or more processors of one or more computing systems; one or more communication interfaces; one or more non-transitory, computer-readable media comprising instructions operable, when executed by the one or more processors, to; execute software from a first partition of system memory; request an over-the-air (OTA) software update from an endpoint; receive a manifest for the OTA update, the manifest comprising a location from which a payload is to be downloaded, a hash value of the payload, a manifest signature, a device unique signature, and a download policy comprising a download condition for downloading the payload; request the payload from the location; receive the payload from the location in response to the download condition being satisfied, wherein the received payload comprises a plurality of blocks, each block comprising a data portion and a hash value for the block; calculate a first checksum of the payload by running a cryptographic hash function on the received payload; and compare the hash value of the payload to the first checksum of the received payload; wherein if the hash value of the payload and first checksum of the received payload match; write the received payload to a second partition of system memory; calculate a second checksum of the payload by running the cryptographic hash function on the payload written to the second partition; wherein if the hash value of the payload and the second checksum of the payload written to the second partition match; reboot the one or more computing systems to the second partition of system memory; wherein if the hash value of the payload and the second checksum of the payload written to the second partition fail to match; re-write the received payload to the second partition of system memory; and wherein if the hash value of the payload and the first checksum of the received payload fail to match, for each of the plurality of blocks of the received payload; calculate a block checksum by running the cryptographic hash function on the data portion of the block; and compare a downloaded hash value of the block to the block checksum; wherein if the downloaded hash value of the block and the block checksum fail to match; identify the block as a bad block of the payload; and re-download the bad block of the payload. - View Dependent Claims (18, 19, 20)
-
Specification