Add Mender OTA Update Support

[mihai-chiorean]

Description

Integrate Mender for over-the-air (OTA) update capabilities, providing robust A/B partition updates with automatic rollback on failure.

Purpose

Enable secure, reliable field updates for EdgeOS devices with:

• A/B rootfs partitions for safe updates
• Automatic rollback on update failure
• Support for both standalone and server-based updates
• Delta updates to minimize bandwidth
• Signed artifacts for security

Implementation Modes

Phase 1: Standalone Mode (No Server)

Initial implementation without requiring Mender server infrastructure:

• Manual updates via .mender files
• Updates from USB storage or local network
• Development and testing workflow
• No cloud dependencies

Phase 2: Server Integration (Optional Future)

• Hosted Mender server or self-hosted option
• Remote deployment management
• Update scheduling and phased rollouts
• Fleet management dashboard

Layer Structure

sources/
├── meta-mender/
│   ├── meta-mender-core/       # Core update framework
│   ├── meta-mender-raspberrypi/ # RPi-specific integration
│   └── meta-mender-demo/        # Demo configurations

Configuration

Add Layers (bblayers.conf)

BBLAYERS += " \
    ${TOPDIR}/../sources/meta-mender/meta-mender-core \
    ${TOPDIR}/../sources/meta-mender/meta-mender-raspberrypi \
"

Local Configuration (local.conf)

# Enable Mender
INHERIT += "mender-full"
MENDER_ARTIFACT_NAME = "edgeos-${EDGEOS_BUILD_ID}"

# Storage configuration for Raspberry Pi 5
MENDER_STORAGE_DEVICE = "/dev/mmcblk0"
MENDER_STORAGE_TOTAL_SIZE_MB = "8192"
MENDER_BOOT_PART_SIZE_MB = "256"
MENDER_DATA_PART_SIZE_MB = "1024"
MENDER_ROOTFS_PART_A_SIZE_MB = "3072"
MENDER_ROOTFS_PART_B_SIZE_MB = "3072"

# Standalone mode (no server initially)
MENDER_SERVER_URL = ""
MENDER_TENANT_TOKEN = ""

# Features
MENDER_FEATURES_ENABLE:append = " \
    mender-uboot \
    mender-image \
    mender-image-sd \
    mender-client-install \
"
MENDER_FEATURES_DISABLE:append = " \
    mender-grub \
    mender-image-uefi \
"

# U-Boot integration
MENDER_UBOOT_AUTO_CONFIGURE = "1"

Partition Layout

Device: /dev/mmcblk0
├── p1: /boot (FAT32, 256MB) - Kernel, DTBs, boot files
├── p2: / (ext4, 3GB) - Root filesystem A
├── p3: / (ext4, 3GB) - Root filesystem B (inactive)
└── p4: /data (ext4, 1GB+) - Persistent data

Update Workflow

Standalone Updates

# Build update artifact
mender-artifact write rootfs-image \
    -f edgeos-image-raspberrypi5.ext4 \
    -t raspberrypi5 \
    -n ${MENDER_ARTIFACT_NAME} \
    -o edgeos-update.mender

# Apply update locally
mender install edgeos-update.mender
mender commit  # After verifying boot

Server-based Updates (Future)

# Configure server
mender setup --server-url https://hosted.mender.io \
             --tenant-token <token>

# Deploy from server dashboard or API
mender check-update
mender install

State Scripts

Support for update hooks at various stages:

/etc/mender/scripts/
├── Download_Enter
├── Download_Leave  
├── ArtifactInstall_Enter
├── ArtifactInstall_Leave
├── ArtifactReboot_Enter
├── ArtifactCommit_Enter
└── ArtifactRollback_Enter

Integration with EdgeOS Features

Device Identity

Use EdgeOS device UUID for Mender identity:

# /usr/share/mender/identity/mender-device-identity
#!/bin/sh
echo "device_uuid=$(cat /etc/edgeos/device-uuid)"
echo "device_type=raspberrypi5"
echo "edgeos_build=$(cat /etc/edgeos-build-id)"

Update Notifications

Integration points for status:

• Update MOTD with current partition
• LED indicators during update
• USB gadget status reporting

Security Considerations

Artifact Signing

# Generate signing keys
mender-artifact keygen -o private.key

# Sign artifacts
mender-artifact sign edgeos-update.mender -k private.key

# Verify on device
MENDER_ARTIFACT_VERIFY_KEY="/etc/mender/artifact-verify-key.pem"

Secure Boot Chain (Future)

• U-Boot secure boot
• Signed kernel images
• dm-verity for rootfs integrity

Testing Requirements

Basic Functionality

• A/B partition switching works
• Update installation succeeds
• Rollback triggers on boot failure
• Persistent data preserved across updates
• Boot counter increments properly

EdgeOS Integration

• Device UUID persists across updates
• USB gadget works after update
• Network configuration preserved
• User data in /data persists

Failure Scenarios

• Power loss during update
• Corrupted artifact rejected
• Full filesystem handling
• Network interruption recovery

Acceptance Criteria

Phase 1 (Standalone)

• Mender client builds and runs
• A/B partitions created correctly
• Manual updates work via mender CLI
• Automatic rollback on failed boot (3 attempts)
• Build produces .mender artifacts
• Updates preserve /data partition

Phase 2 (Server - Optional)

• Device connects to Mender server
• Remote deployments work
• Device inventory visible
• Update logs accessible
• Group deployments supported

Documentation Needed

• Update README with Mender workflow
• Create update guide for operators
• Document rollback procedures
• State script examples
• Troubleshooting guide

References

• Mender Documentation
• meta-mender on GitHub
• Mender Raspberry Pi Integration
• Artifact Creation
• State Scripts

Dependencies

• U-Boot bootloader (replacing default RPi bootloader)
• Additional storage space for dual rootfs
• Build time increase for Mender integration
• Optional: Mender server account for Phase 2

Notes

• Start with standalone mode for development
• Server integration can be added incrementally
• Consider read-only rootfs with overlayfs for additional robustness
• Delta updates can significantly reduce bandwidth usage