OTA Firmware-Update Architecture for a 50,000-Device Smart-Meter Fleet
Overview
What this challenge is about.
Design a 4-stage OTA architecture: (1) signed image build + manifest, (2) backend rollout (1 percent canary, 10 percent expand, 50 percent expand, 100 percent), (3) device-side staged bootloader handoff with automatic rollback on N-of-M boot failures, (4) telemetry-gated promotion (next stage blocks if canary error budget burns). Implement signed-image verification (ed25519), dual-bank firmware layout, NB-IoT downlink-budget-aware chunking. Validate on a 200-device lab fleet with synthetic failure injection (corrupt image, partial download, post-boot crash, network drop mid-update). Deliver: architecture spec (12 pages), reference firmware + backend code, lab-validation report (6 pages), production runbook (4 pages).
The Brief
What you'll do, and what you'll demonstrate.
Design and validate an OTA architecture that prevents bricking via canary cohorts, signed images, and brick-resistant bootloader handoff across a 50,000-device fleet.
Earning criteria — what you'll demonstrate
- Design staged OTA architectures with telemetry-gated promotion
- Implement signed-image verification and dual-bank rollback safely
- Validate cyber-physical update systems with synthetic failure injection
- Author production runbooks that survive 3am rollout incidents
Program Fit
Where this fits in your program.
Sharpens the same skills your degree expects you to demonstrate.
Skills
Skills you'll demonstrate.
Each one shows up on your verified credential.
Careers
Roles this prepares you for.
Real titles. Real skill bridges. Pick the one closest to your trajectory.
Career mappings coming soon.