Updates are an integral part of the product development and improvement. They enhance the stability and security of the Ajax hubs operating system, optimize its performance, ensure compatibility with new devices, and expand its capabilities.
Hub Operating System Update
1. The hub checks for operating system updates on the server
The encrypted firmware file for the hub is stored on the Ajax Cloud server, which does not know the keys and file encryption type. The access to the firmware database is provided only to a limited number of people in the company from the internal network of Ajax Systems. Since they have different access levels, none of them can make critical changes and sabotage the system. All actions are logged and monitored, so the Ajax team knows exactly who made the changes and when. Internal safety regulations prohibit the use of passwords to access the firmware database. SSH keys are used instead.
The hub exchanges data with the server using the encrypted proprietary communication protocol. The authentication and verification system protects the server against spoofing.
The hub checks for operating system updates every 5 minutes. If the automatic update option is enabled in hub settings, the hub updates automatically. If this option is disabled, the mobile app offers to install the update. If the security system is armed when the hub detects a new firmware, the update is loaded in the background and installed after disarming the system. This does not affect the system operation at all.
- access to the firmware database by SSH keys only;
- access privileges and logging of changes to the server;
- server authentication and verification systems;
- using the encrypted proprietary communication protocol.
2. Transferring the update file from the server to the hub
When the hub detects the update file, it starts downloading the firmware to the external flash memory. To do this, the hub uses any available communication channel with the server: Ethernet, Wi-Fi, or GSM. The download is carried out in the background, not affecting the system operation.
The time for downloading the update file may vary depending on the hub communication channel and the number of connected range extenders. The approximate firmware downloading time is shown in the table:
|Hub and 1 range extender
|Additional range extender
|up to 1 hour
|+ 40 min for each range extender
*If the hub has only 2G GSM communication channel, downloading time may extend.
The data transmitted between the hub and the server is protected by TLS combined with the security methods within the closed binary protocol.
- using the encrypted proprietary communication protocol.
3. Checking the update file
The hub firmware is encrypted and signed with a checksum. If the firmware file is corrupted (intentionally or due to transmission errors), the update is ignored because the checksums will not match.
The checksum inside the decrypted firmware file will still not match the signature, even if the intruder corrupts the encrypted firmware file and substitutes the checksum. Therefore, the hub will reject the update file.
At most, the firmware file can be read from the external flash memory of the hub. However, it will take thousands of years to decrypt this file with the capabilities of modern computers.
The firmware file includes a system of markers and properties that are checked before the installation. Information about them is available to a limited number of people to prevent sabotage. If any marker or property fails validation, the update is canceled. Thus, the Hub will not install the firmware from Hub Plus.
- verification of checksums, markers and properties;
4. Hub firmware update
During the update, the bootloader in the device microcontroller’s ROM reads the encrypted firmware file from the external flash memory of the hub.
The firmware is decrypted only inside the microcontroller, which cannot be accessed from the outside, so there is no possibility to read or substitute the firmware. After the firmware file is decrypted, the checksums are verified once more. This allows you to make sure that no data was corrupted during the decryption.
The bootloader inside the hub also controls the correct operation of the hub with a new firmware. If critical errors or malfunctions are detected, the hub deletes the corrupted firmware version and reflashes to the latest stable release.
Only a limited number of people knows how the stable firmware is selected and how the correctness of its operation is controlled. This makes sabotage much more difficult. The bootloader itself is not updated, thereby it prevents sabotage of the firmware rollback mechanism.
- checksum verification after decryption;
- critical error control;
- control of correct operation of the hub with a new firmware.
5. Required conditions for firmware update
To ensure successful and seamless system firmware updating, the following conditions must be observed before start and during the procedure:
- stable external power supply to a hub during the update;
- stable internet connection while downloading the update (if connection is unstable, downloading may be interrupted and restarted);
- the security system is disarmed (if system is armed, updating will start once system is disarmed);
- Ajax fire detectors have no alarms triggered on the hub with OS Malevich 2.14 and higher.
- stable external power supply to a range extender during the update;
- stable connection between hub and range extender.
After firmware update
The firmware update and the subsequent reboot of the hub takes up to 10 seconds. After that, the hub reconnects to the server. The connection time depends on the number of active communication channels and does not exceed 30 seconds. Notifications about alarms and events are stored in the events feed even during the hub update.
Ajax application display the following notifications to inform about the start and the end of hub firmware update:
The automatic update is optional and can be disabled. To do this, go to the service settings of the hub (Devices → Hub → Settings (⚙️) → Service) and disable “Firmware Auto-Update”.
After that, the hub will continue checking whether there are new firmware versions, but they will not be installed automatically. When a new firmware is available, you will see a button to install the update in the app.
Radio signal range extenders update differs only in the process of obtaining the firmware file. First, the file is downloaded from the Ajax Cloud server to the hub and then transferred to the range extender via the Cargo protocol that is based on the Jeweller radio communication protocol.
The transfer of the firmware file takes approximately 40 minutes for ReX and 30 minutes for ReX 2. During this period, the security system continues to operate in normal mode. As soon as the range extender receives the firmware file and the security system is disarmed, ReX will install the update. The firmware installation and subsequent ReX reboot take up to 5 seconds. Events and alarms of the security system devices do not get lost during the update.
Automatic updating of the range extender is controlled with the same setting as automatic updating of the hub. In order to disable the automatic updating, go to the menu: Devices → Hub → Settings (⚙️) → Service.