[U-Boot-Users] [RFC] Implementing Boot Image Fallback on U-Boot

Makito SHIOKAWA mshiokawa at miraclelinux.com
Thu Apr 24 04:53:48 CEST 2008 

Boot Image Fallback is a mechanism that enables a system to fallback to a
"known good" boot image in the event of catastrophic boot failure (i.e.
failure to boot, panic on boot, failure to initialize HW/SW). (CGL
Availability Requirements Definition V4.0: AVL.9.0). On system especially used
in telecommunication, 99.999% high availability is required. So, this function
is highly needed (like my customer requires).

This time, I'm thinking of implementing Boot Image Fallback on U-Boot as
follows (like a way GRUB does). So, I would appreciate any comments to this.


It uses new U-Boot command "bootmf" and fw_setenv.

* bootmf

It is a wrapper of "bootm", and it boots kernel with fallback enabled on
multiple kernel images.


Also, it uses new U-Boot environment variables as follows.

* imgaddr<N>

It holds physical address of flash partition that kernel image is written. <N>
is integer and becomes an entry of corresponding kernel image.

(ex.) imgaddr0=0xf8000000, imgaddr1=0xf8200000

* bootargs<N>

It holds kernel parameter of entry <N>.

(ex.) bootargs0=root=/dev/mtdblock1 , bootargs1=root=/dev/mtdblock3

* default

It holds default entry that "bootmf" tries to boot on default.

(ex.) default=1

* fallback

It holds list of fallback entry that "bootmf" tries to boot on next if it
fails to boot default entry.

(ex.) fallback=1 2


Now, I assume that circumstances are as follows. (In my case, Linux on
Freescale MPC8540.)

* There are three flash partitions "kernel-0", "kernel-1", "kernel-2" that
kernel images are written.

* Environment variables are set as follows.

bootcmd=bootmf
imgaddr0=0xf8000000 (physical address of "kernel-0")
imgaddr1=0xf8200000 (physical address of "kernel-1")
imgaddr2=0xf8400000 (physical address of "kernel-2")
bootargs0=root=/dev/mtdblock1 (rootfs of "kernel-0")
bootargs1=root=/dev/mtdblock3 (rootfs of "kernel-1")
bootargs2=root=/dev/mtdblock5 (rootfs of "kernel-2")
default=0
fallback=1 2

* "fw_setenv default 0" is written to /etc/rc.local.


Then it behaves as follows.

1. When U-Boot boots up, "bootmf" is executed and tries to boot default entry
in "default". Before booting kernel, "bootmf" sets corresponding fallback
entry in "fallback" to "default". ((ex.) When booting entry "0", "1" is set
and when booting entry "1", "2" is set.)

2. If kernel succeeds to boot, "default" is set to "0" by fw_setenv. So, next
time U-Boot boots up and "bootmf" is executed, entry "0" will be booted again.

3. If kernel fails to boot, "default" stays to fallback entry "1" because
fw_setenv won't be executed. So, next time U-Boot boots and "bootmf" is
executed, fallback entry "1" will be booted.


By this way, Boot Image Fallback on U-Boot can be realized. I recognize that
this needs to rewrite flash each time booting a kernel, but I think there
won't be so many reboots once stable system operation have started.

I'll write and send a prototype of "bootmf" if it is needed.


Best regards,

-- 
MIRACLE LINUX CORPORATION
Makito SHIOKAWA

More information about the U-Boot mailing list