Skip to content

Safe Remote Updates Guideline

Introduction

Our firmware is subjected to an intensive testing process, including automated tests during development and dedicated testing for each final release candidate. This test suite is continuously expanded based on internal findings and field reports.
Despite these efforts, a residual risk of unexpected issues in specific scenarios remains.
To minimize this risk, we strongly recommend following the procedure outlined in this guideline when performing a remote firmware or configuration update campaign.

By adhering to these steps, you can significantly increase the safety and success rate of your update process.

Risk of Property Damage

It is strongly recommended not to remotely update all machines in a single step with a new configuration or firmware.

Remote Update Procedure

When planning a firmware or configuration roll-out, several steps should be considered to ensure the process is as safe and reliable as possible.
This guideline applies to each individual machine type or machine family. A machine family is defined by devices sharing the same configuration version, the same initial firmware, and — if applicable — the same SIM card settings.

Following these steps helps minimize the risk of update-related errors.

1. Initial Test on a Simulator or Sample Machine

Perform the first remote update on a simulator device whenever possible.
If a simulator is unavailable, use a single, easily accessible sample machine.
Verify that the update succeeds and that the device behaves as expected.

2. Update a Small Batch (Up to 10 Machines)

In the second step, extend the update to a maximum of 10 machines.
After completion, verify the success of the update on each machine individually.

3. Update a Partial Roll-out (Up to 15% of the Fleet)

If the second step is successful, proceed with a partial roll-out to a maximum of 15% of the fleet.
Conduct a success check after this roll-out as well.

4. Update the Remaining Fleet

Once all prior steps have been validated, roll out the update to the rest of the fleet.

Verifying Update Success

Between each roll-out step, perform sample checks to ensure that devices are operating as expected. Verification should include:

  • Device startup and shutdown behavior in the machine environment
  • Logged operational data
  • File transfer to your ECU
  • Execution of configured actions
  • Any special or device-specific behaviors configured in your system