Embedded portfolio case studyFinal baseline V1.0.26

Velo

A compact embedded system that remembers, updates, verifies, and recovers.

Built across firmware, touch UI, hook LEDs, Wi-Fi, Node-RED cloud flows, signed release tooling, fallback recovery, and board-level validation.

Velo installed on a whiteboard with simple labels marking the physical reminder system.Velo installed on a whiteboard with keys and a small bag hanging from the hooks.

Installed prototype

Whiteboard-mounted Velo with the product surface visible.
ReliablereadyHandydailySmartaware

A/B

Release model - Slot-aware inactive-slot release flow

Ed25519

Manifest security - Signed manifest and payload hash binding

V1.0.26

Frozen baseline - Signed tool-generated release with reset proof

Get the proof highlights.

Velo installed on a whiteboard with a bag and keys hanging below.

Product

A real device surface, mounted where reminders matter.

Screen, hooks, sensor, and room context are visible in one physical scene.
Velo release tool showing uploaded V1.0.26 artifacts.

Release

The desktop tool turns firmware into signed A/B releases.

Slot A, slot B, manifest signing, upload, and endpoint verification run as one flow.
Poster frame for Velo V1.0.26 successful OTA validation.

Security

A signed OTA survives reboot and hardware reset.

The proof path shows check, install, reset persistence, and confirmed firmware state.
Poster frame for Velo V1.0.27 bad package rejection.

Recovery

Bad packages and fallback are shown as product behavior.

Negative releases are rejected or recovered from, not hidden as lab-only failures.
Node-RED flow preview for the Velo product backend.

Cloud

Node-RED routes weather, reminders, OTA, and rollback state.

The cloud flow is part of the deliverable, not an invisible backend assumption.

More than a UI demo

Update. Verify. Recover.

The project is deliberately built as a complete engineering story: the device has a product surface, a release pipeline, a security policy, and negative tests that prove the system refuses unsafe updates.

01

A real product surface

Touch UI, weather context, Wi-Fi setup, reminder state, and hook LEDs work as one door-side experience.

02

A release system, not a demo button

The desktop tool builds slot A and slot B packages, signs manifests, uploads to cloud, and verifies both latest endpoints.

03

A failure story with evidence

Bad signatures, bad payloads, fallback, reset persistence, network timeout, and the LED/OTA interaction fix are documented.

Validation as a feature

The impressive part is not only that it works.

It also shows what happens when a release is wrong: a forged manifest is rejected, a modified payload fails install, and a trial image can fall back to the confirmed slot.

See proof page
V1.0.26Signed OTA confirmed after RST
check failedBad manifest stopped before install
0x46Bad payload rejected during install
Try the OTA labInteractive release paths

Team

Built by Team 12: Velo.

A two-person embedded systems team turned the project from board bring-up into a validated product-style system with firmware, cloud release flow, OTA recovery, and presentation evidence.

01

Jiaan Zhang

Led the system from board bring-up to final release proof

  • Designed and debugged the PCB, brought up the board, integrated LCD, touch, ToF, and hook LEDs, and turned signal checks into hardware evidence.
  • Built the firmware architecture, RTOS flow, product UI, Wi-Fi, weather, reminder services, storage behavior, and hook LED control.
  • Completed the A/B OTA system, fallback recovery, Ed25519 signed manifests, payload hash binding, Node-RED release flow, Velo OTA Release Tool, validation gallery, and showcase site.
jiaanz7@seas.upenn.edu
02

Tiancheng Pu

Supported the physical build and enclosure path

  • Supported PCB name/label placement and selected wiring-debug work during hardware bring-up.
  • Designed, cut, and assembled the enclosure support structure for the final physical device.
ptc1018@seas.upenn.edu