How do you implement secure OTA (Over-The-Air) firmware updates?

OTA updates remotely update device firmware, critical for IoT devices. Architecture: A/B (ping-pong) partitions - two application slots, update inactive one, swap on success. Rollback capability if new firmware fails validation/boots. Bootloader manages partition selection and validation. Security measures: Encrypted firmware images (AES-128/256). Digital signatures (ECDSA, RSA) verify authenticity. Secure boot chain validates each component. TLS for download transport. Anti-rollback with version counters in secure storage. Implementation steps: Check for update, download to staging, verify integrity (CRC) and signature, mark for activation, reboot, bootloader validates and switches, confirm successful boot or rollback. Considerations: Incremental/delta updates save bandwidth. Recovery mode for failed updates. Power-loss safety during updates.