Technical FAQ

Hardware and firmware/OS support & requirements

Which devices and OSes does Mender support?

Mender officially supports the Zephyr real-time operating system (RTOS), the Yocto build system, and the Debian family OSes, such as Debian, Ubuntu, and Raspberry Pi OS.

Board integrations are also available for devices running other types of Linux OSes, such as Buildroot and OpenWRT. For a POSIX-compliant OS, compiling the Mender client to run natively may be possible.

Mender Hub also has a list of community-contributed board integrations.

Mender does not yet support Android. For other types of OSes, you can either update them via a proxy deployment on a nearby Linux system or create a custom Mender client.

Visit the Device Support page in our documentation for complete details.

Does Mender support sensors and other smaller devices?

Yes. The Mender MCU client supports the Zephyr real-time operating system (RTOS). Work is in progress toward greater compatibility with common RTOS platforms in the future, such as QNX, FreeRTOS, and VxWorks. See the project on Github, or keep up with the latest product news on our blog.

Depending on your product architecture, you can also deploy proxy updates to smaller devices, instead of running a client directly on the smaller device.

Which bootloaders does Mender support?

Mender supports GRUB, U-Boot, and MCUBoot.

Security, compliance, and licensing

Is Mender going through third party security audits?

Yes, given the importance of security in an OTA tool, Mender is partnering with a third party security auditing company. Issues are addressed as they are found.

Is the Mender client-server communication secure?

The Mender client polls the Mender server over HTTPS, so no ports need to be opened at the Mender client. Only TLS connections are allowed, the server rejects insecure connections.

To protect against man-in-the-middle attacks, the Mender client stores the server's TLS certificate during provisioning, e.g. during the build of the initial Yocto Project image that gets flashed to the device. CA-signed certificates is also supported.

Does Mender support hardware keys?

The Mender client can utilize private keys stored in Hardware Security Modules (HSM) or in Trusted Platform Modules (TPM).

Is Mender compliant with GPLv3?

Yes, Mender’s license is Apache 2, which is compatible with GPLv3.

How does Mender protect against DoS/DDoS attacks?

The Mender Enterprise server supports configurable API rate limits. When a device or a user is crossing the rate limit threshold, it will receive the HTTP status code 429 Too Many Requests. See also the Mender documentation section about Security.

Mender server

How well does the Mender server scale?

The Mender server is regularly being scale tested in our environment, to ensure it can scale up to hundreds of thousands devices per customer.

Setting up, optimizing, scaling and ensuring uptime of the server-side infrastructure yourself is quite complex and environment-specific; device count, update size, frequency, polling intervals, high availability requirements and bandwidth available are key drivers for scalability. That's why our plans include a hosted server where we handle that complexity for you.

Can we run Mender on our own servers?

Yes - the Mender server can be installed on any private infrastructure as a self-managed service. To read documentation for self-managed installations of the Mender server, visit the documentation page of the latest stable release. Open Source and Enterprise plans can be run on your own infrastructure.

Do you offer Helm charts?

Yes, Helm charts are available to use with Mender – take a look at the mender-helm repository.

Can I use Mender without a server?

Yes, you can use Mender in standalone mode. In standalone mode no Mender server is used and the deployments are triggered at the device, either manually in the terminal or by custom scripts. This can be useful in order to deploy updates to devices which do not have network connectivity or are updated through external storage like a USB stick.