[U-Boot] Question regarding NAND environment
Tom Rini
tom.rini at gmail.com
Fri Jan 27 23:25:07 CET 2012
On Fri, Jan 27, 2012 at 3:08 PM, Peter Barada <peter.barada at logicpd.com> wrote:
> On 01/27/2012 04:46 PM, Scott Wood wrote:
>> On 01/26/2012 11:34 AM, Peter Barada wrote:
>>> On 01/26/2012 12:27 PM, Scott Wood wrote:
>>>> Why are two copies insufficient for that?
>>> Two copies are sufficient, if none of the blocks ever go bad.
>>>
>>> To simplify things, suppose the environment is the same size as a block
>>> and you have only two blocks (and two copies) to hold the environment.
>>> If one block goes bad then there is a window between when the one
>>> remaining block is erased and written with the environment that if power
>>> fails then there is no environment in NAND.
>> It seems unlikely, but possible I guess. Currently I don't think we
>> dynamically mark blocks bad at all in U-Boot, except in things like ubi
>> and yaffs.
> I'm probalby being paranoid, but from what I've seen, if it can fail,
> odds are it will.
>
> I can add code to mark the blocks bad if the erase/write fails.
>
>>> To solve this I can crank up the number of blocks to three which allows
>>> one block to go bad and still at all times have one good copy of the
>>> environment in NAND. But looking at writeenv(), it stops as soon as
>>> either nand_write fails, or one copy of the environment is written. So
>>> it could make sense to modify writeenv to write as many copies of the
>>> environment that fit into CONFIG_ENV_RANGE, and have readenv read out
>>> copies and verify them until it finds one good one.
>> This isn't what CONFIG_ENV_RANGE is about. I think it would make more
>> sense to change REDUND to support more than two copies (each with their
>> own range).
> Its somewhere in the middle. REDUND give you two copies. ENV_RANGE
> gives you one copy but allows it to
> live in the first good block. Modifying either way is going to affect
> units in the field. But I'll give it a whirl.
>> Probably better to never update the environment in the field -- source a
>> script in an ubi partition instead.
> Proper planning will save one from having to update the environment in
> the field, but I'm sure it happens. I just figured I'd try to make sure
> that nothing bad happens when people do...
Right, but with uEnv.txt (or rather, the underlying tech) you could
move away from a U-Boot controlled env at all. Have say
/boot/uEnv.txt in your UBIFS-in-UBI image (so all the goodness of UBI
managing blocks) and the default env will start out bootcmd with
loading and updating the env with uEnv.txt and then running uenvcmd or
what have you. This does mean the env is only changeable from Linux
however.
--
Tom
More information about the U-Boot
mailing list