Failsafe bootloader
Darin.Johnson at nokia.com
Darin.Johnson at nokia.com
Wed Jun 4 22:33:53 EST 2003
> Of course, this still doesn't protect you from loading a new
> bootrom that
> has a valid checksum but a fatal problem (doh-doh-doh).
> Fortunately, in
> that case the idiot is ourselves and we deserve the pain involved, and
> hopefully learn from it ;-).
The problems we had were first that upgrades could be done
transparently without the user knowing, so you can't
really protect from the user unplugging (though we were
supposed to be an always-on-don't-turn-off product).
Second, have an image with a good checksum that boots
up ok is only part of the story, we have to make sure that
it can communicate correctly on its network. Ie, the application
software has to communicate to the boot loader that the new
image can be kept.
Also from experience, I've really lost a lot of hair in
situations with other products that say "do not turn off the
power until this update is finished", only to have the product
crash, or the computer that is talking to it crashes.
** Sent via the linuxppc-embedded mail list. See http://lists.linuxppc.org/
More information about the Linuxppc-embedded
mailing list