1 <html devsite> 2 <head> 3 <title>OTA Updates</title> 4 <meta name="project_path" value="/_project.yaml" /> 5 <meta name="book_path" value="/_book.yaml" /> 6 </head> 7 <body> 8 <!-- 9 Copyright 2017 The Android Open Source Project 10 11 Licensed under the Apache License, Version 2.0 (the "License"); 12 you may not use this file except in compliance with the License. 13 You may obtain a copy of the License at 14 15 http://www.apache.org/licenses/LICENSE-2.0 16 17 Unless required by applicable law or agreed to in writing, software 18 distributed under the License is distributed on an "AS IS" BASIS, 19 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 20 See the License for the specific language governing permissions and 21 limitations under the License. 22 --> 23 24 25 26 <p>Android devices in the field can receive and install over-the-air (OTA) 27 updates to the system and application software. Devices have a special 28 recovery partition with the software needed to unpack a downloaded update 29 package and apply it to the rest of the system.</p> 30 <p>This section describes the structure of these packages and the tools 31 provided to build them. It is intended for developers who want to 32 make the OTA update system work on new Android devices and those who are 33 building update packages for use with released devices. OTA updates are 34 designed to upgrade the underlying operating system and the read-only apps 35 installed on the system partition; these updates do <i>not</i> affect 36 applications installed by the user from Google Play. 37 </p> 38 <p>This section describes the OTA system as of the Android 5.x release. For 39 help porting OTA-related code from older releases, see <a href="#migrating"> 40 Migrating from previous releases</a>. 41 </p> 42 43 <h2 id="android-device-layout">Android device layout</h2> 44 <p>The flash space on an Android device typically contains the following 45 partitions.</p> 46 47 <dl> 48 <dt>boot</dt> 49 <dd>Contains the Linux kernel and a minimal root filesystem (loaded into a RAM 50 disk). It mounts system and other partitions and starts the runtime located on 51 the system partition.</dd> 52 <dt>system</dt> 53 <dd>Contains system applications and libraries that have source code available 54 on Android Open Source Project (AOSP). During normal operation, this partition 55 is mounted read-only; its contents change only during an OTA update.</dd> 56 <dt>vendor</dt> 57 <dd>Contains system applications and libraries that do <em>not</em> have 58 source code available on Android Open Source Project (AOSP). During normal 59 operation, this partition is mounted read-only; its contents change only 60 during an OTA update.</dd> 61 <dt>userdata</dt> 62 <dd>Stores the data saved by applications installed by the user, etc. This 63 partition is not normally touched by the OTA update process.</dd> 64 <dt>cache</dt> 65 <dd>Temporary holding area used by a few applications (accessing this 66 partition requires special app permissions) and for storage of downloaded OTA 67 update packages. Other programs use this space with the expectation that files 68 can disappear at any time. Some OTA package installations may result in this 69 partition being wiped completely.</dd> 70 <dt>recovery</dt> 71 <dd>Contains a second complete Linux system, including a kernel and the 72 special recovery binary that reads a package and uses its contents to update 73 the other partitions.</dd> 74 <dt>misc</dt> 75 <dd>Tiny partition used by recovery to stash some information away about what 76 it's doing in case the device is restarted while the OTA package is being 77 applied.</dd></dl> 78 79 <h2 id="life-ota-update">Life of an OTA update</h2> 80 <p>A typical OTA update contains the following steps:</p> 81 <ol> 82 <li>Device performs regular check in with OTA servers and is notified of the 83 availability of an update, including the URL of the update package and a 84 description string to show the user.</li> 85 <li>Update downloads to a cache or data partition, and its cryptographic 86 signature is verified against the certificates in 87 <code>/system/etc/security/otacerts.zip</code>. User is prompted to install the 88 update.</li> 89 <li>Device reboots into recovery mode, in which the kernel and system in the 90 recovery partition are booted instead of the kernel in the boot partition.</li> 91 <li>Recovery binary is started by init. It finds command-line arguments in 92 <code>/cache/recovery/command</code> that point it to the downloaded package. 93 </li> 94 <li>Recovery verifies the cryptographic signature of the package against the 95 public keys in <code>/res/keys</code> (part of the RAM disk contained in the 96 recovery partition).</li> 97 <li>Data is pulled from the package and used to update the boot, system, 98 and/or vendor partitions as necessary. One of the new files left on the system 99 partition contains the contents of the new recovery partition.</li> 100 <li>Device reboots normally. <ol style="list-style-type:lower-alpha"> 101 <li>The newly updated boot partition is loaded, and it mounts and starts 102 executing binaries in the newly updated system partition.</li> 103 <li>As part of normal startup, the system checks the contents of the recovery 104 partition against the desired contents (which were previously stored as a file 105 in <code>/system</code>). They are different, so the recovery partition is 106 reflashed with the desired contents. (On subsequent boots, the recovery 107 partition already contains the new contents, so no reflash is necessary.)</li> 108 </ol></li> 109 </ol> 110 <p>The system update is complete!</p> 111 112 <h2 id="migrating">Migrating from previous releases</h2> 113 114 <p>When migrating from Android 2.3/3.0/4.0 release, the major change is the 115 conversion of all the device-specific functionality from a set of C functions 116 with predefined names to C++ objects. The following table lists the old 117 functions and the new methods that serve a roughly equivalent purpose:</p> 118 119 <table> 120 <tbody> 121 <tr> 122 <th>C function</th> 123 <th>C++ method</th> 124 </tr> 125 <tr> 126 <td>device_recovery_start()</td> 127 <td>Device::RecoveryStart()</td> 128 </tr> 129 <tr> 130 <td>device_toggle_display()<br> 131 device_reboot_now()<br> 132 </td> 133 <td>RecoveryUI::CheckKey()<br> 134 (also RecoveryUI::IsKeyPressed())<br> 135 </td> 136 </tr> 137 <tr> 138 <td>device_handle_key()</td> 139 <td>Device::HandleMenuKey()</td> 140 </tr> 141 <tr> 142 <td>device_perform_action()</td> 143 <td>Device::InvokeMenuItem()</td> 144 </tr> 145 <tr> 146 <td>device_wipe_data()</td> 147 <td>Device::WipeData()</td> 148 </tr> 149 <tr> 150 <td>device_ui_init()</td> 151 <td>ScreenRecoveryUI::Init()</td> 152 </tr> 153 </tbody> 154 </table> 155 156 <p>Conversion of old functions to new methods should be reasonably 157 straightforward. Don't forget to add the new <code>make_device()</code> 158 function to create and return an instance of your new Device subclass.</p> 159 </body> 160 </html> 161
