To ensure every device has the latest capabilities and most recent security enhancements, Density pushes firmware over-the-air (OTA) updates on a regular basis. The sensors check in to the Density update server periodically. All communication with the update server is via HTTPS.
To ensure firmware authenticity, the update server authenticates the sensor and provides the sensor with a time-limited HMAC-signed URL on AWS Simple Storage Service (S3) with the update, as well as a hash signature of the update. Updates are always a whole OS-image.
In addition, to ensure seamless firmware updates each device has a dual partitioned firmware bank with automatic failover. Details:
The device has an active and standby root partitions.
The active root partition in production sensors is always read-only.
The sensor downloads the update image to the standby partition, verifies its integrity, and then reboots with a boot flag to use the new partition.
In the unusual case that an update were fails, the sensor will automatically revert to the working partition. Our Ubuntu application servers have unattended / automatic upgrades. We have established an automated immutable infrastructure process by which major updates to the Ubuntu image are saved to an AWS AMI and the new base image is rotated throughout the cluster.