[PATCH v1 10/11] siemens: capricorn: rework bootcmd environment variables

Mon Jan 26 02:32:48 CET 2026

On Sat, Jan 24, 2026 at 06:54:51AM +0100, Heiko Schocher wrote:
>From: Adrian Freihofer <adrian.freihofer at siemens.com>
>
>Rework the boot state machine to a significantly simpler and more
>robust implementation. The basic idea is to revert to the previous
>partition whenever an issue is detected during the boot process.
>
>- Broken SPL
>
>  If one of the two SPLs does not boot, the ROM code of the i.MX8 SoC
>  automatically starts the second SPL from the second boot partition.
>  For example, if the system's active partition is A but the SPL from
>  partition A is broken, the ROM code automatically uses the SPL/u-boot
>  from partition B.
>  Proceeding with this boot procedure would lead to booting the kernel/
>  rootfs from partition A, which could potentially successfully boot
>  the system and allow the user to apply the firmware update with the
>  broken SPL again. This would lead to a non-bootable system because
>  thesecond update would overwrite the last working bootloader.

Nit: the second

>  To prevent such situations, zigzag boots are detected and the system
>  reverts to the previous partition rather than booting the kernel/rootfs
>  from the currently active partition. Detecting zigzag boots is done
>  via the new fallback variable.
>
>  To make this state machine even more consistent, the partitionset_active
>  variable is no longer used to determine the active partition during
>  boot. Instead, the active partition is always read from the eMMC
>  partconf registers.
>  For backward compatibility, the partitionset_active variable is still
>  updated whenever a partition switch occurs. However, u-boot no longer
>  relies on this variable, as it could potentially be out of sync with
>  the actual partition state, leading to situations where the ROM code
>  of the i.MX8 SoC would be out of sync with u-boot.
>
>- Broken kernel, initramfs or rootfs
>
>  If the upgrade_available variable is set, u-boot counts the number of
>  consecutive boots via the bootcount variable. If the bootcount exceeds
>  the bootlimit variable, u-boot starts the altbootcmd instead of the
>  bootcmd. Previously, this logic was bypassed by assigning the regular
>  bootcmd to altbootcmd. Now, the altbootcmd is used to revert to the
>  previous partition when the bootlimit is exceeded.
>
>The netdev variable is changed to eth0 by default. This is what the FEC
>driver uses on Capricorn boards. For devices with switches and DSA
>subsystems in use, the netdev should be set accordingly by additional
>logic in the environment or u-boot code. This is not part of this commit.
>
>Signed-off-by: Adrian Freihofer <adrian.freihofer at siemens.com>
>Signed-off-by: Heiko Schocher <hs at nabladev.com>


Acked-by: Peng Fan <peng.fan at nxp.com>