12.3 Device Firmware Upgrade Over BLE


One of the highly important features of wirelessly-connected devices is the capability of Over-The-Air device firmware update (OTA DFU). The increasing demand by end-users for this functionality is:

  • To address issues and security vulnerabilities.

  • To ship products to market faster and have the option of delaying lower priority features and being able to roll them out to devices in the field.

PIC32CXBZ2/WBZ451 family of devices support Over-The-Air upgrade through BLE.

Microchip defined OTA profile and service enables firmware upgrade over the BLE link using Generic Attribute Profile (GATT). The BLE OTA protocol defines the communication between the OTAU target and OTAU manager. The OTAU manager can be a mobile device (iOS/Android™) or any BLE device that implements the OTA GATT client protocol that transfers the upgrade firmware to the OTAU target. The OTAU target implements the OTA GATT server protocol to receive the new firmware image.

Secure BLE OTA DFU Process

With the increasing popularity of OTA DFU capability in IoT devices, devices are getting exposed to vulnerabilities and security threats. So, it is important to make sure that the device’s OTA DFU process is secure and reliable. One of the way of sending upgradable image reliably and securely is to sign and encrypt the image.

Here are the basics of how an over-the-air device firmware update (OTA DFU) process works over BLE link:

Figure 12-34. BLE OTA DFU Process
  1. BLE OTA DFU file (Firmware Image encrypted, signed) is uploaded to the OTAU Manager. OTAU Manager can be a smart phone or any BLE device that supports OTA Client
  2. OTAU Target ( PIC32CXBZ2/WBZ451 device) queries the OTAU Manager and fetches new firmware image.
  3. The image is decrypted, validated and applied.