Raspberry Pi support for robust system level updates

The boards with binary distros are very popular in the development of IoT projects, such as Raspberry Pi. Depending on product goals, a large share of devices in early phases of product planning and prototyping could be based on Linux of one form or another due to their prevalence of low-cost with ready-made Linux distributions and their relatively quick access and setup. However, when it comes to system level software updates these boards lack easy support for robust updates due to the fact that there are a set of firmware files in Raspberry Pi that require first booting in the bootloader process. Additionally, there are some inherent limitations in doing robust bootloader updates because it requires some memory management and initialization of the system to a basic level before loading the kernel which makes updating robustly and atomically a challenge for Raspberry Pi.

When doing a robust OTA software update, the update always rolls back to a known working state in the event of a failure (e.g. power or network connectivity loss) to allow for continuous functional operation of the device. This is accomplished by having A/B partitioned memory to switch between them in an atomic way, ensuring the fallback process in case of a failure. It is not possible to implement this fail-safe mechanism for the Raspberry Pi firmware files, as you only have one location to store them and this location is hardcoded in the GPU boot ROM code on the Raspberry Pi. If these files are corrupted your device will stop booting. You need to update these files through the product lifecycle of your device and by understanding the risks upfront allows you to better manage the expectations and perhaps gives better insights on product planning.

Learn more in this tutorial on how to update Raspberry Pi boot firmware files using Yocto Project and Mender