Failsafe booting to alternate linux image/fs

[Brendan Simon (eTRIX)]

Hi,

Before I embark on my own implementation of a failsafe bootloading
process from my embedded system (Xilinx Zynq board booting from SD
Card), I thought I'd quickly ask the experts if there are any standard
implementations in u-boot.

The current u-boot being used is from 2015.  It probably needs to be
updated (for various reasons).  It is loaded from the first partition
(64MB/FAT32) of an SD Card as part of a file called `BOOT.BIN`.  The
`Env.txt` file contains settings for two linux root systems (including
kernel and dtb) on separate partitions (ext4/1GB).  The first statement
in `Env.txt` has a `part=2` or `part=3` to indicate, which partition to
boot from (load kernel and set cmdline for rootfs, etc).

My simple approach was to store a env var for the number of reboot
attempts.  On every boot attempt, the env var would be incremented.  If
linux booted successfully it would set the env var to zero (I believe
there are linux tools to do that).  If linux didn't boot successfully,
eventually the reboot count env var would reach some value, where the
alternative partition would be selected as an attempt to get something
booting and up and running.

NOTE: the devices are remote and need to be up as much as possible so
they can be monitored/managed.

*Does this type of functionality exist already in u-boot?*  I'm
guessing/hoping it does (and hope to use it directly or leverage the
features that make sense) rather than reinventing the wheel.

*Where is the best place to go to get information/documentation on this?*

Finally, I'm looking at migrating to EMMC, maybe with a golden image for
failsafe use, and two partitions for current filesystem and next/upgrade
filesystem.

*Is there any documentation that might be a useful in this use case?*

Thanks, Brendan.