Many modern appliances, consumer devices, and other devices include embedded systems that are configured to perform one or more dedicated functions. Embedded systems of such devices that provide networking capabilities may periodically benefit from updates to the software or firmware that control such capabilities to fix bugs and/or add new functionality.
Updates to computer software and firmware can be delivered to some embedded systems with networking capabilities “over the air” (OTA) from a cloud-based wide area network (WAN) accessible service or other service provider that may deliver a digital image of the software to the embedded system. Typically, a device with an embedded system that can receive updates in this fashion is capable of communicating with the image provider and downloads the image using a secure communication link with the provider. Once a device has been deployed to an end user, future software/firmware updates rely on secure communication with the image provider. When a device cannot communicate with the image provider, a software update cannot typically be provided without returning the device to the manufacturer or performing onsite servicing of the device. This can be especially problematic when one software update causes an unforeseen problem with establishing a secure connection that, as a result, prevents using a subsequent OTA update to correct the problem. Similarly, a device with preloaded software that has been packaged, but not deployed, for an extended period of time may no longer be able to establish a secure connection with an image provider due to an expiration of connection credentials embedded in the software.