[U-Boot] anyone implemented a failsafe upgrade involving two kernel/rootfs pairs?

[U-Boot] anyone implemented a failsafe upgrade involving two kernel/rootfs pairs?

[Robert P. J. Day]

  i want to do pretty much what's described here:

https://github.com/DFE/HidaV/wiki/Safe-Update-and-boot-fallbacks

that is, a single u-boot and config in flash, followed by a pair of
kernel/rootfs partitions, that is remotely upgradeable by, from
userspace, determining the "older" (backup) of the pairs, overwriting
that pair with a new pair, then flipping the switch in the u-boot
configuration to always boot the newer kernel and rootfs (with an
emergency revert to the backup pair under circumstances i haven't
imagined yet).

  it *looks* fairly straightforward, but while that's a nice write-up,
it does warn right up front that it hasn't been implemented so if
anyone has done something like this they care to share, that would be
delightful.

  FYI, i'm using this pdlogic zoom am1808 experimenter kit:

http://www.logicpd.com/products/system-on-modules/zoom-am1808/

for testing and, at the very end, the only change i would have to make
is modify the solution to handle NOR flash that will be on the
production board.

  if there's a writeup on this out there somewhere, that would be
great.  if not, if i can get this done, i'll be happy to write it up
and post it publicly on my wiki for others.

  at the moment, i'm using openembedded to build a bootable
kernel/rootfs pair for this board, and starting by adding the
u-boot-fw-utils package so i have fw_{printenv/setenv} onboard.
thanks for any pointers.

rday

p.s.  i do have the bootable SD card that came with the kit, it's
based on the arago project so i know i have something that boots to
userspace as a starting point -- always good to know.

-- 

========================================================================
Robert P. J. Day                                 Ottawa, Ontario, CANADA
                        http://crashcourse.ca

Twitter:                                       http://twitter.com/rpjday
LinkedIn:                               http://ca.linkedin.com/in/rpjday
========================================================================

[U-Boot] anyone implemented a failsafe upgrade involving two kernel/rootfs pairs?

[Wolfgang Denk]

Dear Robert,

In message <alpine.DEB.2.02.1301310731270.7034@oneiric> you wrote:
> 
> that is, a single u-boot and config in flash, followed by a pair of
> kernel/rootfs partitions, that is remotely upgradeable by, from
> userspace, determining the "older" (backup) of the pairs, overwriting
> that pair with a new pair, then flipping the switch in the u-boot
> configuration to always boot the newer kernel and rootfs (with an
> emergency revert to the backup pair under circumstances i haven't
> imagined yet).

The emergency revert usually relies on two things:

- Watchdog support that will reset (reboot) the system reliably in
  case the Linux kernel does not boot or does not manage to start the
  user space control application that will trigger the watchdog.

- The "boot counter" feature that will allow to run an alternativce
  boot command (i. e. booting from the backup) in case the number of
  boot attempts exceeds the set limit.

>   it *looks* fairly straightforward, but while that's a nice write-up,
> it does warn right up front that it hasn't been implemented so if
> anyone has done something like this they care to share, that would be
> delightful.

Things like that have been done a number of times before; the fact
that such features as watchdog support and boot counter were added to
U-Boot are an indication for this.  However, in the cases known to me,
the actual implementation was done as shell scripts (i. e. environment
settings) which were not published.

Best regards,

Wolfgang Denk

-- 
DENX Software Engineering GmbH,     MD: Wolfgang Denk & Detlev Zundel
HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany
Phone: (+49)-8142-66989-10 Fax: (+49)-8142-66989-80 Email: wd at denx.de
The price one pays for pursuing any profession,  or  calling,  is  an
intimate knowledge of its ugly side.                  - James Baldwin

[U-Boot] anyone implemented a failsafe upgrade involving two kernel/rootfs pairs?

[Robert P. J. Day]

On Thu, 31 Jan 2013, Wolfgang Denk wrote:

> Dear Robert,
>
> In message <alpine.DEB.2.02.1301310731270.7034@oneiric> you wrote:
> >
> > that is, a single u-boot and config in flash, followed by a pair of
> > kernel/rootfs partitions, that is remotely upgradeable by, from
> > userspace, determining the "older" (backup) of the pairs, overwriting
> > that pair with a new pair, then flipping the switch in the u-boot
> > configuration to always boot the newer kernel and rootfs (with an
> > emergency revert to the backup pair under circumstances i haven't
> > imagined yet).
>
> The emergency revert usually relies on two things:
>
> - Watchdog support that will reset (reboot) the system reliably in
>   case the Linux kernel does not boot or does not manage to start the
>   user space control application that will trigger the watchdog.
>
> - The "boot counter" feature that will allow to run an alternativce
>   boot command (i. e. booting from the backup) in case the number of
>   boot attempts exceeds the set limit.
>
> >   it *looks* fairly straightforward, but while that's a nice write-up,
> > it does warn right up front that it hasn't been implemented so if
> > anyone has done something like this they care to share, that would be
> > delightful.
>
> Things like that have been done a number of times before; the fact
> that such features as watchdog support and boot counter were added to
> U-Boot are an indication for this.  However, in the cases known to me,
> the actual implementation was done as shell scripts (i. e. environment
> settings) which were not published.

  ok, i'm going to clear my schedule for the day and just read the
u-boot manual cover to cover finally -- it will probably resolve a lot
of my questions.  if it's all right, i might update some of the manual
wiki pages, like this one that corresponds to the patch i just
submitted:

http://www.denx.de/wiki/view/DULG/HowCanIAccessUBootEnvironmentVariablesInLinux

where that comment should read:

# Configuration file for fw_(printenv/setenv) utility.

if it's anything more than just a trivial fix, i'll ask first.

rday

p.s.  just edited that page, hope i did it correctly.  onward ...

-- 

========================================================================
Robert P. J. Day                                 Ottawa, Ontario, CANADA
                        http://crashcourse.ca

Twitter:                                       http://twitter.com/rpjday
LinkedIn:                               http://ca.linkedin.com/in/rpjday
========================================================================

[U-Boot] anyone implemented a failsafe upgrade involving two kernel/rootfs pairs?

[Wolfgang Denk]

Dear Robert,

In message <alpine.DEB.2.02.1301310921310.9010@oneiric> you wrote:
> 
>   ok, i'm going to clear my schedule for the day and just read the
> u-boot manual cover to cover finally -- it will probably resolve a lot

Don't hold your breath that it will cover all topics.  There are way
too many cases where customers are not willing to also pay for public
documentation of the stuff they asked for;  we're already happy that
almost all code goes into mainline.

> of my questions.  if it's all right, i might update some of the manual
> wiki pages, like this one that corresponds to the patch i just
> submitted:

All such reductional work is highly welcome.

> p.s.  just edited that page, hope i did it correctly.  onward ...

Looks fine, thanks.

Best regards,

Wolfgang Denk

-- 
DENX Software Engineering GmbH,     MD: Wolfgang Denk & Detlev Zundel
HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany
Phone: (+49)-8142-66989-10 Fax: (+49)-8142-66989-80 Email: wd at denx.de
Our business is run on trust.  We trust you will pay in advance.