Multiple system images for over-the-air updates

What is claimed is: 1. A method comprising: by a client computing device, executing software from a first portion of memory of the client computing device; by the client computing device, requesting from a server an over-the-air (OTA) update to the software; by the client computing device, receiving from the server a manifest for the OTA update; by the client computing device, downloading from the server a payload pursuant to the manifest; by the client computing device, installing the payload into a second portion of memory of the client computing device; and by the client computing device, executing the software from the second portion of memory. 2. The method of claim 1 , wherein: the client computing device requests the OTA update to the software in response to an instruction from the server; and the instruction comprises an out-of-band message. 3. The method of claim 1 , wherein the request comprises the serial number of the client computing device. 4. The method of claim 1 , wherein the manifest comprises a predetermined battery state in which the client computing device must be in order to download the payload. 5. The method of claim 1 , wherein the manifest comprises a predetermined time period during which the client computing device may download the payload. 6. The method of claim 1 , wherein the manifest comprises a predetermined battery state in which the client computing device must be in order to execute the software from the second portion of memory. 7. The method of claim 1 , wherein the manifest comprises a predetermined time period during which the client computing device may execute the software from the second portion of memory. 8. The method of claim 1 , wherein the manifest comprises a manifest signature and device unique signature, and executing the software from the second portion of memory comprises: authenticating the manifest signature with a manifest signature public key; authenticating the device unique signature with a device unique public key; and failing to execute the software from the second portion of memory if either authentication fails. 9. The method of claim 1 wherein the manifest comprises a first hash value for the payload, and executing the software from the second portion of memory further comprises: calculating a second hash value for the downloaded payload based on a predetermined cryptographic hash algorithm; comparing the first hash value to the second hash value; and failing to execute from the second portion of memory if the first and second hash values are not identical. 10. The method of claim 1 , wherein the manifest comprises an encrypted serial number, and executing from the second portion of memory comprises: decrypting the serial number with a serial number public key; comparing the decrypted serial number to a serial number of the one or more computing devices; and failing to execute software from the second portion of memory if the serial number and the decrypted serial number are not identical. 11. A method, comprising: by one or more computing devices, receiving from a client computing device a request for an over-the-air (OTA) update to software comprising a unique identifier for the endpoint computing device and a digital signature; by one or more computing devices, determining if a software update is available for the client computing device; by one or more computing devices, authenticating the digital signature with a serial number private key; by one or more computing devices, in response to a positive authentication, generating an OTA manifest for the client computing device comprising one or more download instructions; and by one or more computing devices, sending the OTA manifest to the client computing device. 12. A non-transitory, computer-readable media comprising instructions operable, when executed by one or more computing systems, to: execute software from a first portion of memory of the one or more computing systems; request from a server an over-the-air (OTA) update to the software; receive from the server a manifest for the OTA update; download from the server a payload pursuant to the manifest; install the payload into a second portion of memory of the one or more computing systems; and execute the software from the second portion of memory. 13. The media of claim 12 , wherein: the one or more computing systems request the OTA update to the software in response to an instruction from the server; and the instruction comprises an out-of-band message. 14. The media of claim 12 wherein the request comprises the serial number of the one or more computing systems. 15. The media of claim 12 , wherein the manifest comprises a predetermined battery state in which the one or more computing systems must be in order to download the payload. 16. The media of claim 12 , wherein the manifest comprises a predetermined time period during which the one or more computing systems may download the payload. 17. The media of claim 12 , wherein the manifest comprises a predetermined battery state in which the one or more computing systems must be in order to execute the software from the second portion of memory. 18. The media of claim 12 , wherein the manifest comprises a predetermined time period during which the one or more computing systems may execute the software from the second portion of memory. 19. The media of claim 12 , wherein the manifest comprises a manifest signature and device unique signature, and executing the software from a second portion of memory comprises: authenticating the manifest signature with a manifest signature public key; authenticating the device unique signature with a device unique public key; and failing to execute from the second portion of memory if either authentication fails. 20. The media of claim 12 , wherein the manifest comprises a first hash value for the payload, and executing the software from the second portion of memory further comprises: calculating a second hash value for the downloaded payload based on a predetermined cryptographic hash algorithm; comparing the first hash value to the second hash value; and failing to execute the software from the second portion of memory if the first and second hash values are not identical.