We’re deploying OTA firmware updates to edge devices running Watson IoT Edge Analytics. The update process initiates successfully and downloads the firmware package to devices, but consistently gets stuck at the verification step. The device logs show ‘Firmware verification in progress’ but never completes - it times out after 30 minutes.
We’re using signed firmware packages with SHA-256 signatures. The signature validation works fine when we manually verify on a test device, but the OTA update workflow seems to have issues with the verification process. Device resource checks show adequate storage (2GB free) and memory (512MB available). The firmware package size is 85MB.
I’ve checked the OTA update workflow configuration and all steps are enabled. Has anyone experienced firmware updates hanging at verification stage? Is there a specific signature format or device resource threshold that might be causing this?
You can adjust the verification timeout in the OTA configuration, but that’s treating the symptom not the cause. The real issue is likely the signature format. Watson IoT Edge expects detached signatures in a specific format. If you’re embedding the signature in the firmware package, the verification process has to extract it first, which adds significant overhead for large files. Use detached signature files (.sig) uploaded separately from the firmware binary.
For Edge Analytics devices, recommended firmware package size is under 50MB for reliable OTA updates. The verification process does more than just signature checking - it also validates package integrity, checks device compatibility metadata, and verifies available resources. All of this happens during the ‘verification’ step. Your 85MB package is likely causing timeout due to combined processing overhead. Try splitting into smaller delta updates.
Our edge devices have ARM Cortex-A7 processors which should handle SHA-256 reasonably well. But you might be right about the package size. Is there a recommended maximum firmware size for OTA updates on edge devices? The documentation doesn’t specify limits. Also, what alternative signature algorithms are supported by Watson IoT Edge?
The 30-minute timeout suggests the verification process is actually running but extremely slow. Edge devices have limited CPU for cryptographic operations. SHA-256 signature verification on an 85MB file can take 20-30 minutes on low-power edge hardware. Check your device CPU specs - you might need to reduce firmware package size or use a lighter signature algorithm.