Over-the-air updates have been around for a while but this process needs to reach a degree of scalability and trust never seen before. Standard bricking and rollback protections of any updated BIOS component is a must. A key challenge is to allow full transactional updates of complex boards with heterogeneous computing, accelerators and various micro-controllers: all firmware components must be updated to a new version or not updated at all. Last but not least, vouching for the successful update of a system (firmware, operating system, application software) should be flexible to accommodate rich policies.