Technical FAQ

Hardware and firmware/OS support & requirements

Which devices and OSes does Mender support?

Visit the Device Support page in our documentation for full details.

Mender officially supports the Yocto build system and Debian family OSes, such as Debian, Ubuntu and Raspberry Pi OS. Board integrations are also available for devices running other types of Linux OSes such as Buildroot and OpenWRT. For a POSIX compliant OS it may be possible to compile the Mender client to run natively. Mender Hub also has a list of community-contributed board integrations.

Mender does not yet support Android. For other types of OSes you can either use a nearby Linux system to update it via a proxy deployment or create a custom Mender client.

Does Mender support sensors and other smaller devices?

You can use Mender on a gateway device as a proxy to deploy remote updates to smaller devices. For an example of how to use Mender to manage software updates for an external MCU, see this tutorial.

The Mender client has been rewritten in C++ to enable us to work toward compatibility with common RTOS platforms in the future, such as QNX, Zephyr, FreeRTOS, and VxWorks. See the project on Github, or keep up with the latest product news on our blog.

Which bootloaders does Mender support?

Mender supports GRUB and U-Boot. Read more in the bootloader system requirements documentation.

Security, compliance, and licensing

Is Mender going through third party security audits?

Yes, given the importance of security in an OTA tool, Mender is partnering with a third party security auditing company. Issues are addressed as they are found.

Is the Mender client-server communication secure?

The Mender client polls the Mender server over HTTPS, so no ports need to be opened at the Mender client. Only TLS connections are allowed, the server rejects insecure connections.

To protect against man-in-the-middle attacks, the Mender client stores the server's TLS certificate during provisioning, e.g. during the build of the initial Yocto Project image that gets flashed to the device. CA-signed certificates is also supported.

Does Mender support hardware keys?

The Mender client can utilize private keys stored in Hardware Security Modules (HSM) or in Trusted Platform Modules (TPM).

Is Mender compliant with GPLv3?

Yes, Mender’s license is Apache 2, which is compatible with GPLv3.

How does Mender protect against DoS/DDoS attacks?

The Mender Enterprise server supports configurable API rate limits. When a device or a user is crossing the rate limit threshold, it will receive the HTTP status code 429 Too Many Requests. See also the Mender documentation section about Security.

Mender server

How well does the Mender server scale?

The Mender server is regularly being scale tested in our environment, to ensure it can scale up to hundreds of thousands devices per customer.

Setting up, optimizing, scaling and ensuring uptime of the server-side infrastructure yourself is quite complex and environment-specific; device count, update size, frequency, polling intervals, high availability requirements and bandwidth available are key drivers for scalability. That's why our plans include a hosted server where we handle that complexity for you.

Can we run Mender on our own servers?

Yes - the Mender server can be installed on any private infrastructure as a self-managed service. To read documentation for self-managed installations of the Mender server, visit the documentation page of the latest stable release. Open Source and Enterprise plans can be run on your own infrastructure.

Do you offer Helm charts?

Yes, Helm charts are available to use with Mender – take a look at the mender-helm repository.

Can I use Mender without a server?

Yes, you can use Mender in standalone mode. In standalone mode no Mender server is used and the deployments are triggered at the device, either manually in the terminal or by custom scripts. This can be useful in order to deploy updates to devices which do not have network connectivity or are updated through external storage like a USB stick.