[U-Boot-Users] Fail Safe: Redundant U-boot Images in Flash??? ?

[Roberts, John]

>It is impossible - there is only one reset entry point.
>How would you determine which image to boot?

>What you typically do (assuming the hardware supports it) is to  have
>two  banks  of  flash memory that can be swapped using some jumper or
>switch or so.

The code at the entry point needs to be small, reliable and never require an
upgrade in the field. This code would run a CRC on the primary U-boot image
to determine if it's safe to boot, upon CRC failure verify then run the
backup image.

For remote systems we need to resolve the issue of upgrade failure without
human intervention - or perhaps remote human intervention. 

-John Roberts  (Engineer, not Judge)