tls – secured transmission of signed firmware from OTA server to IoT Device

We are making a design/implementation for secured FOTA for IoT Devices. as there are two steps of it: transferring the signed image from server to device and secondly updating the image on target device after integrity check / handling roll back etc.

My question is related to the first part of it that is tranmitting the signed image from server to device. What is the right protocol suite to use here? Is there a protocol suite that is used as standard? OR I need to implement my own protocol? I believe TLS will be used at transport layer; however there will be more aspects here to be addressed at application layer like breaking large image into smaller blocks; integration of packets to get the unified image; mangement of firmware and device version etc.
Would appreciate some insight!