[U-Boot-Users] Redundant environment expected behavior vs current
Wolfgang Denk
wd at denx.de
Wed Apr 26 01:55:26 CEST 2006
In message <444EB1D5.1000804 at orkun.us> you wrote:
>
> I agree but once you have written the one copy of the environment and
> protect it (if you have hardware support), one copy is already securely
> written you can go ahead and write the second environment. We changed
You just said that the data is securely written and protected.
> the environment because the old one was not right so keeping the old
> environment after one copy is written might not save us in certain
> situations.
Which are?
> I know it only writes over the flag byte in old environment by writing
> 00 (can always transform from 1s to 0 in nor flash without erasing). I
> guess you are referring to this as atomic transaction.
No. I mean, that "saveenv" has a transaction character: either it
will succeed, and you end up with the new environment, or it will
fail, and you will end up with the previous one.
Writing the new environment twice just adds flash wear.
So far, I haven't seen a situation where it would have been useful.
> > If you want this behaviour, then just use it. All you need to do is
> > typing "saveenv;saveenv". Next question, please.
> >
> It depends on a user doing this which might not be true. Heck, I even
Provide a simple update command in a variable. I really don't think
this is generally useful. It just wasts flash life time.
> forget to do this sort of stuff after some time. It would be great if
> the sync is provided as an option. How about CFG_ENV_REDUND_SYNC (or
> something like this) that runs the save command twice internally or
> something like that to that effect?
Feel free to add this as a local extension. I don;t think I would
ever enable this on any of my boards.
Other opinions? Is there anybody who thinks this would improve the
robustness of his devices?
> The current scheme also does not sync environment from the good one if
> one environment detected bad during boot. Should U-Boot fix the bad one
> from the good one automatically? Currently, I think there is not even a
U-Boot never does any automatic writing to flash. This is something I
consider evil.
> diagnostic message that one environment is bad.
No, should there be one? Obviously a "saveenv" command did not
complete succesfully; maybe just one millisecond eralier it would not
have been started at all.
That's what I mean by "transaction": if it does not complete
succesfully, then it did not take place at all. This is not
considered a failure mode.
> How about U-Boot commands to verify environment so we can use it to do
> the sync etc. in a script.
They are all in place. (crc, test). Just use them as needed. But
frankly: did you ever see any corruption of NOR flash except when
erasing / writing? And if you did, are you only concerned about the
contents of the environment variables?
> > The CFI driver is a bit noisy, indeed.
>
> Should I add "Protecting..." "Un-protecting..." before operations to
> compensate for flash driver output...
Ummm... no! I said it already is too noisy, so adding more output
cannot be an improvement.
Best regards,
Wolfgang Denk
--
Software Engineering: Embedded and Realtime Systems, Embedded Linux
Phone: (+49)-8142-66989-10 Fax: (+49)-8142-66989-80 Email: wd at denx.de
In English, every word can be verbed. Would that it were so in our
programming languages.
More information about the U-Boot
mailing list