The Internet Engineering Task Force (IETF) has received a proposal for a cross-vendor standard designed to offer a solid and secure mechanism for updating the firmware of Internet of Things (IoT) devices in the field.
Written by Arm engineers Brendan Moran, Milosch Meriac, and Hannes Tschofenig, the draft – titled “A Firmware Update Architecture for Internet of Things Devices – proposes an architecture which allows firmware images to be safely and secure transferred across any available transport mechanism.
“Vulnerabilities with IoT devices have raised the need for a solid and secure firmware update mechanism that is also suitable for constrained devices,” the draft’s abstract reads. “Incorporating such update mechanism to fix vulnerabilities, to update configuration settings as well as adding new functionality is recommended by security experts. This document specifies requires and an architecture for a firmware update mechanism aimed for Internet of Things (IoT) devices. The architecture is agnostic to the transport of the firmware images and associated meta-data.”
The draft, which expires in May 2018, can be read in full on the IETF website.
Gareth Halfacree is a technology journalist and technical author best known for his work on the Raspberry Pi User Guide and an upcoming book covering the BBC’s micro:bit project. A keen open source advocate and RISC-V fan, Gareth is responsible for curating our fortnightly community round-up posts.