How Mender works
Mender supports both robust operating system updates and application updates. Learn how Mender is designed to deliver updates over the air, securely and safely.
There are two components in the Mender architecture - the server and the client.
Device partition for operating system updates
For operating system updates, we require a dual A/B rootfs partition layout on the device. This ensures that the device can recover even if the deployment is incomplete or corrupted during installation for any reason, e.g. due to power loss during the update process.
The Mender client daemon runs in user space in the currently booted rootfs partition. During the update process, the Mender client writes the updated image to the rootfs partition that is not running and configures U-Boot to boot from the updated rootfs partition. The device is then rebooted. If booting the updated partition fails, the partition that was running is booted instead, ensuring that the device does not get bricked.
If the boot succeeds, Mender sets the updated partition to boot permanently when Mender starts as part of the boot process. As Mender downloads and installs the image, other applications on the device continue to run as normal.
The only time the device has downtime is during the reboot into the updated partition, which typically takes a minute, depending on the device configuration. Persistent data can be stored in the data partition, which is left unchanged during the update process.
For partial updates like application updates, the A/B partition is not necessary, and the Mender client can be installed as a .deb package.
Extensibility of update types
The Mender client can be extended to support different types of updates, using a framework called Update Modules. Installing the appropriate Update Module will enable support for installing different types of software packages such as application, containers, package managers, bootloaders and proxy deployment for attached peripherals.
Update Modules give full control and customizability over how a software type is installed. They are independent executables that can be written in any programming language.
An Update Module can be tailored to a specific device or environment (e.g. update a proprietary bootloader), or be more general-purpose (e.g. install a set of
.deb packages). An existing Update Module can be used as a starting point and adjusted to fit your exact needs.
When the Mender client downloads new software from the server, it will run the Update Module executable associated with the type of software downloaded. The Update Module is responsible for carrying out the steps needed to install software of this type. An Update Module can also support more advanced functionality such as rolling back a failed update.
Get started with Mender
Quickly get up and running with Mender - deploy your first OTA update in minutes. Evaluate all the advanced features of Mender Enterprise for up to 10 devices, free for 12 months.
Join the community
Mender is an open source project with a great community. Join the discussion, explore tutorials, and find board integrations on our Mender Hub forum.
For more about how Mender works – including details about compatibility, security and scalability – visit our Technical FAQ page.