Facilities for successful boot detection

Mauro Condarelli mc5686 at mclink.it
Thu Jan 2 21:49:14 CET 2020 

I would like to implement an update system (most likely using SWUpdate)
"Double copy with fall-back" and, possibly a "last resort" recovery.

I have pretty clear what should be the program flow, but I don't know
how to implement it in U-Boot.

In particular:

  * How can I determine, in U-Boot, if previous boot was successful?
  * Is there a established "best practice" for this?
  * I would like to avoid rewriting Environment at each reboot (it can
    happen /many/ times/day and that would kill SPI NOR).
  * In U-Boot there's a BootCounter, but Ive been unable to understand
    if/how it works and I strongly doubt it will be useful because it
    stores the counter itself in a uController register that is cleared
    on hard reset (and, of course, at power-up). Since my only way to
    "recover" from a failed boot may well be power-cycle I suspect this
    method is scarcely usable (but I might have missed something).
  * OTOH, as said, rewriting Environment (currently in SPI NOR) at each
    boot doesn't seem advisable.

What I am aiming at (but I'm ready to change, if there's a better way) is:

  * my board (VoCore2 SoM) has:
      o 128MiB RAM
      o 16MiB SPI NOR (MTD)
      o 8GiB SD card (MMC)
  * On SD I should have:
      o One FAT-formatted partition containing two kernel images.
      o Two ext4 partitions containing RootFS (one for each kernel image).
      o Two ext4 partitions for Application (to be mounted on
        /usr/local, if it matters).
  * On MTD1 I should have U-Boot.
  * MTD2 and MTD3 should contain a "recovery copy" of kernel and RootFS
    (no Application).
  * U-Boot should have a notion of "current" and "known good" system and
    should try booting "current" a few times; if it fails it should try
    "known good"; if it still fails (e.g.: SD is completely broken) it
    should boot from "recovery" on SPI NOR.

I've seen some `configs` (most notably theadorable-x86) seem to
implement something like this, but, sincerely, I've been unable to
divine what they're actually doing.

If someone could be so kind to point me in the right direction... ;)

Thanks in Advance

Mauro

More information about the U-Boot mailing list