Container based firmware for IoT devices
Preparation of firmware for IoT devices based on Containers on Yocto Linux
Our customer developed a device to be mounted on vehicles as an IoT device which captures sensor information from the vehicle and then uploads to the cloud over Cellular Network for further analysis using Artificial Intelligence. The goal was to prepare a firmware which achieves the following properties:
- Based on Linux and with all the device drivers enabled for the used sensors and communication devices
- Allows to run the application as container.
- Run container with non-privileged mode with access to all the devices.
- Provides a way for Over-the-Air updates for the application and the Linux OS.
- Tracks system errors and handles them in defined ways to allow reliable functionality.
- Provides a sustainable way for firmware management without high maintenance cost.
The device uses the Toradex Verdin SoM on a custom carrier board which provides access to the required peripherals and devices to interface with the sensors. As Toradex provides the Torizon OS for their modules, it was the first choice to start but it required a lot of customization to achieve all the requirements. We added following customization to the Torizon OS:
- Custom Devicetree for the device
- Systemd components such as
- Additional udev rules to initialize the external devices and map them in a way which allows access to the application running in Docker container in a deterministic way.
- System monitor service to track the status of the application and connected device for fault detection and performing correction if possible.
- Additional services to initialize the devices with customization which are required for the application.
- Custom firmware for the M4 processor
- Additional customizations via the startup scripts so that the container can access all the devices required in non-privileged mode to reduce the attack surface in the device.
- Provide a repeatable way to generate OS (Torizon) images with the customer specific customizations.
- New releases from Toradex for Torizon can be easily integrated with the customization and updated to the device.
- Additional customization can also be included in the future.
- Generate Application + OS binaries which can be used for provisioning new devices.
- Push OS and application changes in the defined format to the OTA platform
The devices are deployed in the field with the firmware developed over the delivered customization for the OS and reference application. Customer is also using the automated scripts to perform OTA for updates to the applications.