[U-Boot-Users] Safe firmware updates

Ian Ridge ian.ridge at apdcomms.com
Thu Feb 16 18:29:18 CET 2006 

Hi,

 

Power disconnect during firmware update:

 

We are implementing facility for automatic firmware upgrades (either the
Linux uImage or cramfs) on our embedded device. However there is a
requirement that the device is not broken by (the user for example)
disconnecting the power supply at any stage during the flash update.

 

In the absence of a backup battery, I guess the boot loader would have
to be modified to cope with this. Has anybody produced a solution
already?

 

If not I'm considering adding a command to u-boot. 'update' could work
as follows:

 

1) Linux application / scripts are responsible for downloading the
firmware upgrade, then erasing and copying into an image in free area of
the flash with CRC.

2) Linux reboots the device, so u-boot can take over.

3) 'update' command is called early in bootcmd script. 

4) 'update' routine checks specified flash location for new upgrade
image with valid CRC. If no image found or has bad CRC it returns,
control passes to next command in bootcmd, and Linux boots normally.

5) 'update' routine erases target area of flash, and then copies content
of upgrade image to target location.

6) 'update' routine erases upgrade image to prevent upgrade attempt on
subsequent boots.

 

Power cut during stage 1 would result in original firmware remaining.

Power cut during stages 2 to 5 would result in firmware upgrade when
power is restored.

Power cut during state 6 would result in new firmware remaining. (as
partial erase of update image would have bad CRC).

 

Maybe the upgrade (cramfs, kernel uImage, etc) could be stored in
another uImage with a new type. 

 

Any comments?

 

Ian
 
DISCLAIMER: 
 
The information contained in this message is for the intended addressee only  
and may contain confidential and/or privileged information. If you are not the  
intended addressee, please delete this message and notify the sender; do not  
copy or distribute this message or disclose its contents to anyone. This email  
has been scanned by our Anti Virus software before leaving the premises. APD  
Communications takes no responsibility for any damage or loss caused by any  
undetected virus being inadvertently transmitted with this message.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.denx.de/pipermail/u-boot/attachments/20060216/e64c91dd/attachment.htm

More information about the U-Boot mailing list