# Atomic Updates

The immutable microvisor uses a read-only file system and avoids traditional differential
package management (like `dnf` or `apt`) in favor of updating the entire system image. This
approach simplifies system management and increases reliability by preventing configuration
drifts.

## A/B Update Paradigm

At the heart of this design is an A/B update mechanism. Two dedicated partitions are reserved
on the system — one holds the active image, while the other remains inactive. This section
outlines the process.

## Active vs. Inactive Partitions

One partition is designated as active and is used during system boot via EFI and systemd-boot.
The other remains inactive until an update is applied.

## Update Process

When a new update is available, the following steps occur:

- The new image is downloaded and then verified for integrity and authenticity.
  Once verified, the new image is written to the inactive partition.

- The bootloader (systemd-boot) is then reconfigured to boot from the updated partition,
  which will become the new active partition upon the next reboot.

- Rollback Capability:

  Systemd-boot has the ability to detect boot failures. If the system fails to boot from the
  new image, the bootloader can automatically rollback to the previous, stable partition,
  ensuring continuous availability of the system.

## Benefits of The Approach

- **Stability and Predictability**

  By updating the entire image and maintaining immutable partitions, the system avoids
  configuration drift, often seen with writable filesystems.

- **Simplified Maintenance**

  The A/B paradigm eliminates the complexities associated with handling partial updates or
  rollbacks in traditional package management systems.

- **Enhanced Security**

  With a read-only filesystem and a verified update process, the risk of unauthorized
  modifications is greatly reduced.

This comprehensive update mechanism ensures that Edge Microvisor Toolkit remains stable,
secure, and easy to maintain, even in environments where reliability is paramount.

## Updating Edge Manageability Framework vs. Standalone

Edge Microvisor Toolkit updates are well integrated when using the
[Edge Manageability Framework](https://github.com/open-edge-platform/edge-manageability-framework).
The maintenance manager enables the administrator to configure when to run updates to edge
nodes. While the update will only occur during these maintenance windows, new images will be
downloaded in the background as soon as they become available. The diagram below shows the
overall update flow and state transitions.

![update flow and state transitions](../assets/emt-architecture-update-flow.drawio.svg)

The Edge Microvisor Toolkit may also be updated as a standalone solution, through a manual
update procedure, without the automation offered by Edge Manageability Framework. You can download the
new version of the microvisor and run the update by invoking the `os-update-script` and
providing the path to the downloaded image. Plans for future versions of Edge Microvisor
Toolkit may include implementing automatic image validation, update checks, and releases.