[U-Boot] Rescue /alternative boot

[U-Boot] Rescue /alternative boot

[Arno Steffen]

I would like to have some rescue boot, if flashing of
uboot-environment, kernel or filesystem fails.
My idea is to check a certain port (eth) for some time and if I
receive a defined string not to continue the ususal boot process but
execute some into uboot compiled bootcmds.
Looking into the code doesn't give me an idea howto do this. Does
someone have tried something simular and would share his experience?
Thanks
Arno

[U-Boot] Rescue /alternative boot

[Wolfgang Denk]

Dear Arno Steffen,

In message <AANLkTik0YOONY62q_egSFsTn1nLcQ17yCi_E7bkrief0@mail.gmail.com> you wrote:
> I would like to have some rescue boot, if flashing of
> uboot-environment, kernel or filesystem fails.

Why should "flashing of uboot-environment" fail? If you configure for
redundant environment, you should always at least have the previous
copy of the settings).

As for the rest, kernel and file system, these are application data
from U-Boot's point of view, and you can use any method to update
these - alternate copies stored in flash and toggled with environment
variables, automatic update from USB mass storage devices, automatic
updates from TFTP server etc. - Have a look at the manual for details.

> My idea is to check a certain port (eth) for some time and if I
> receive a defined string not to continue the ususal boot process but
> execute some into uboot compiled bootcmds.

Why inventing another (square?) wheel when there are already several
other options available?

Best regards,

Wolfgang Denk

-- 
DENX Software Engineering GmbH,     MD: Wolfgang Denk & Detlev Zundel
HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany
Phone: (+49)-8142-66989-10 Fax: (+49)-8142-66989-80 Email: wd at denx.de
All your people must learn before you can reach for the stars.
	-- Kirk, "The Gamesters of Triskelion", stardate 3259.2

[U-Boot] Rescue /alternative boot

[Arno Steffen]

Dear Wolfgang Denk,

thanks for your mail.

2010/6/8 Wolfgang Denk <wd@denx.de>:
> Why should "flashing of uboot-environment" fail? If you configure for
> redundant environment, you should always at least have the previous
> copy of the settings).

Right, but what happens if user is doing something stupid?
I don't have any connection to uboot at all, as in my final system
there is no serial interface to change it back.
If linux is not booting anymore I am lost, as this is my only known
way to reflash uboot env, kernel, filesystem.

> updates from TFTP server etc. - Have a look at the manual for details.

I would see tftpboot as a chance - but there are a few questions to me:
- howto call this (and where?) in uboot code? It must be executed
before reading the uboot-environment, as this can misconfigured. So it
cannot be part of environment.
- howto handle boot/kernel parameters? I only know the way via
environment variables
- the timeout has to set to be very small (as this otherwise in 99%
slow down the boot process to much)

This tftpboot look smart - if I could manage this (see above).

Best regards
Arno

[U-Boot] Rescue /alternative boot

[Wolfgang Denk]

Dear Arno Steffen,

In message <AANLkTinq24UoL7n6J14urGQnxoJOQVpT2FvnJjRgqO-F@mail.gmail.com> you wrote:
>
> > Why should "flashing of uboot-environment" fail? If you configure for
> > redundant environment, you should always at least have the previous
> > copy of the settings).
> 
> Right, but what happens if user is doing something stupid?

Well, you can provide measures for a reset to a sane state, then.

> I don't have any connection to uboot at all, as in my final system
> there is no serial interface to change it back.

You could eventually use netconsole.

> If linux is not booting anymore I am lost, as this is my only known
> way to reflash uboot env, kernel, filesystem.

If just the environment is hosed, it would be sufficient to provide
some means to perform a "manufacturer reset" and restore the
environment to a known good state. You could - for example - act on
certain key presses / key combinations when the board is
reset/powered on. Several boards do that.

There has also been discussions for an extension to perform a reset of
the envrionment ("env default", if I remember correctly).

Best regards,

Wolfgang Denk

-- 
DENX Software Engineering GmbH,     MD: Wolfgang Denk & Detlev Zundel
HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany
Phone: (+49)-8142-66989-10 Fax: (+49)-8142-66989-80 Email: wd at denx.de
 The software required `Windows 95 or better', so I installed Linux.

[U-Boot] Rescue /alternative boot

[Arno Steffen]

Dear Wolfgang Denk,

> Well, you can provide measures for a reset to a sane state, then.

This sounds even more complicated to me. In fact - I don't have any
clue, what and howto measure and reset the environment. This system
doesn't even had a reset buttom... so it is always a cold boot.

>> I don't have any connection to uboot at all, as in my final system
>> there is no serial interface to change it back.
>
> You could eventually use netconsole.

Netconsole requires (afaik) a linux kernel, that is working.

> If just the environment is hosed, it would be sufficient to provide
> some means to perform a "manufacturer reset" and restore the
> environment to a known good state. You could - for example - act on
> certain key presses / key combinations when the board is
> reset/powered on. Several boards do that.

I would do so, in fact that was my first idea. But I just have
network, nothing else.
But here I am at the beginning. How to listen on a network port ( I
know what to don in linux, but in uboot?) and howto make this change
in uboot environment to a certain state. (this can boot a system via
tftp then instead of a flash file system)

Best regards
Steffen

[U-Boot] Rescue /alternative boot

[Arno Steffen]

Dear Albert,

2010/6/9 Albert ARIBAUD <albert.aribaud@free.fr>:
> If the user is able to do something stupid then you should avoid it, e.g.
> not give the user the ability to alter the u-boot environment by making it

In fact, the normal user doesn't have access to change it. But even I
can make faults.

> You should consider accessibility to the bootloader prompt as a critical
> requirement before considering resiliency -- actually, access to U-boot is a
> last-resort, but good, response to the resiliency requirement.

I am not free to change this anymore. So I have to find another way via network.

> Why can you not trust the u-boot environment? Maybe hardening the system
> against user-induced environment changes would help avoid the condition in
> the first place.

The system must be ready for updates - and they might go wrong, even by a typo.

>> - howto handle boot/kernel parameters? I only know the way via
>> environment variables
>
> As Wolfgang pointed out, read the manual: passing parameters does not depend
> on how you got the image in the first place, and works the same whether you
> use TFTP, flash or hard disks.

In manual I just can see how to set commandline parameters. Everything
( I understand until now) is controled via environment.
I have to put some code (before the environment is read) into uboot
source to force a tftpboot with in-compiled parameters. And I don't
have a clue howto and where to do this.
It is not enough to set some default environment, as this becomes
active only if CRC is failed. This will not help against a typo in the
setting.

Best regards
Arno

[U-Boot] Rescue /alternative boot

[Wolfgang Denk]

Dear Arno Steffen,

In message <AANLkTin-oAgoCD6_SK5T-Si9E16-HQdZM-E9F3v2oTKP@mail.gmail.com> you wrote:
> 
> This sounds even more complicated to me. In fact - I don't have any
> clue, what and howto measure and reset the environment. This system
> doesn't even had a reset buttom... so it is always a cold boot.

So how will you find out if there is something wrong, and a reset to a
default state is indeed wanted?

> > You could eventually use netconsole.
> 
> Netconsole requires (afaik) a linux kernel, that is working.

We have netconsole support in U-Boot.

> But here I am at the beginning. How to listen on a network port ( I
> know what to don in linux, but in uboot?) and howto make this change
> in uboot environment to a certain state. (this can boot a system via
> tftp then instead of a flash file system)

Consider using netconsole then.

Best regards,

Wolfgang Denk

-- 
DENX Software Engineering GmbH,     MD: Wolfgang Denk & Detlev Zundel
HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany
Phone: (+49)-8142-66989-10 Fax: (+49)-8142-66989-80 Email: wd at denx.de
You might not be as stupid as you look. This is not hard. Let's think
about this. I mean ... I'll think about this, and  you  can  join  in
when you know the words.             - Terry Pratchett, _Men at Arms_

[U-Boot] Rescue /alternative boot

[Wolfgang Denk]

Dear Arno Steffen,

In message <AANLkTim0KjSnkOhhm9Yst8xjtNM4yINO38S35qBxdES9@mail.gmail.com> you wrote:
> 
> The system must be ready for updates - and they might go wrong, even by a typo.

Then you must design the system to be robust and ready for such
procedures; for example, you want to have a hardware watchdog that
resets the board if something goes wrong.

> In manual I just can see how to set commandline parameters. Everything
> ( I understand until now) is controled via environment.
> I have to put some code (before the environment is read) into uboot
> source to force a tftpboot with in-compiled parameters. And I don't
> have a clue howto and where to do this.
> It is not enough to set some default environment, as this becomes
> active only if CRC is failed. This will not help against a typo in the
> setting.

The aforementioned "env default" command would alow to manually reset
the environment to default settings, for example as last resort of
recovery after a certain number of watchdog resets has been detected.

But if your environment is really hosed, including the backup copy,
then you are probably lost anyway. Foir example, how would you
communicate over Ethernet, when there is no longer a valid MAC
address in your environment?


Best regards,

Wolfgang Denk

-- 
DENX Software Engineering GmbH,     MD: Wolfgang Denk & Detlev Zundel
HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany
Phone: (+49)-8142-66989-10 Fax: (+49)-8142-66989-80 Email: wd at denx.de
You can't have everything... where would you put it?  - Steven Wright