Boot Image Fallback is a mechanism that enables a system to fallback to a "known good" boot image in the event of catastrophic boot failure (i.e. failure to boot, panic on boot, failure to initialize HW/SW). (CGL Availability Requirements Definition V4.0: AVL.9.0). On system especially used in telecommunication, 99.999% high availability is required. So, this function is highly needed (like my customer requires).
This time, I'm thinking of implementing Boot Image Fallback on U-Boot as follows (like a way GRUB does). So, I would appreciate any comments to this. It uses new U-Boot command "bootmf" and fw_setenv. * bootmf It is a wrapper of "bootm", and it boots kernel with fallback enabled on multiple kernel images. Also, it uses new U-Boot environment variables as follows. * imgaddr<N> It holds physical address of flash partition that kernel image is written. <N> is integer and becomes an entry of corresponding kernel image. (ex.) imgaddr0=0xf8000000, imgaddr1=0xf8200000 * bootargs<N> It holds kernel parameter of entry <N>. (ex.) bootargs0=root=/dev/mtdblock1 , bootargs1=root=/dev/mtdblock3 * default It holds default entry that "bootmf" tries to boot on default. (ex.) default=1 * fallback It holds list of fallback entry that "bootmf" tries to boot on next if it fails to boot default entry. (ex.) fallback=1 2 Now, I assume that circumstances are as follows. (In my case, Linux on Freescale MPC8540.) * There are three flash partitions "kernel-0", "kernel-1", "kernel-2" that kernel images are written. * Environment variables are set as follows. bootcmd=bootmf imgaddr0=0xf8000000 (physical address of "kernel-0") imgaddr1=0xf8200000 (physical address of "kernel-1") imgaddr2=0xf8400000 (physical address of "kernel-2") bootargs0=root=/dev/mtdblock1 (rootfs of "kernel-0") bootargs1=root=/dev/mtdblock3 (rootfs of "kernel-1") bootargs2=root=/dev/mtdblock5 (rootfs of "kernel-2") default=0 fallback=1 2 * "fw_setenv default 0" is written to /etc/rc.local. Then it behaves as follows. 1. When U-Boot boots up, "bootmf" is executed and tries to boot default entry in "default". Before booting kernel, "bootmf" sets corresponding fallback entry in "fallback" to "default". ((ex.) When booting entry "0", "1" is set and when booting entry "1", "2" is set.) 2. If kernel succeeds to boot, "default" is set to "0" by fw_setenv. So, next time U-Boot boots up and "bootmf" is executed, entry "0" will be booted again. 3. If kernel fails to boot, "default" stays to fallback entry "1" because fw_setenv won't be executed. So, next time U-Boot boots and "bootmf" is executed, fallback entry "1" will be booted. By this way, Boot Image Fallback on U-Boot can be realized. I recognize that this needs to rewrite flash each time booting a kernel, but I think there won't be so many reboots once stable system operation have started. I'll write and send a prototype of "bootmf" if it is needed. Best regards, -- MIRACLE LINUX CORPORATION Makito SHIOKAWA ------------------------------------------------------------------------- This SF.net email is sponsored by the 2008 JavaOne(SM) Conference Don't miss this year's exciting event. There's still time to save $100. Use priority code J8TL2D2. http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone _______________________________________________ U-Boot-Users mailing list U-Boot-Users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/u-boot-users