Traditionally, operating systems change state by invoking an update service or installing an entire image of the operating system, including any changes to the operating system. Changing the state of the operating system may include applying updates or reverting to a previous system state. Invoking an update service is less desirable due to the high rate of failure associated with update services, little control of the update, and the undeterministic nature of the update. For example, if a failure occurs during the update, it may halt the operating system, leaving it in a state where it may be impossible to move forward or roll back. Operations that may fail during the update include the execution of a binary, which is a black box operation. Tracking what the binary may change on the image is extremely difficult, and may result in the actual state of the operating system being out of sync with the projected state of the operating system after the update has been applied. The user state/data may be accessible due to the failure of updates or update roll back.
Moreover, the update service may suffer from undeterministic scheduling and non-differentiation of stock keeping units (SKUs). Additionally, manufacturing the update can be problematic when updates for the main operating system are involved. These updates are installed under the security context of the “Trusted Installer,” limiting the bits that are installed to those bits that are signed by a private key. Similarly, installing an entire image of the operating system usually involves a reset to factory settings and can be problematic. If the image has been “dirtied,” the factory reset may be very operation costly, especially if the entire factory image is to be acquired from the cloud and then copied in place.
System updates are also difficult to apply to a fleet of devices in multiple states, because each device may require a different update, and various numbers of files may be changed due as a result of user interaction. The update to be applied may expect the each of the different devices to be in a particular state before the update is applied. Accordingly, it is difficult for an update to bring a device to a “known” state in order to apply the update, which is typically tested in the lab on just a handful of states.