Failsafe bootloader

Wolfgang Denk wd at
Thu Jun 5 00:11:39 EST 2003

In message <F9102D41F595D311ACA7009027DE2C840527B347 at> you wrote:
> We implemented a verification feature to ppcboot for products that performs
> a crc32 check before branching to an image. If the crc32 fails to match a
> stored checksum, it will check a secondary image, if that one fails too then
> we usually default to a tftp from a well known tftp server that we have
> accessible. One could take this to as much extreme as desired, but that's up
> to the system designers to deem what's reasonable and what's overkill. The
> key is the primitives to do such are in place.

What exactly did you "implement" for this?

All this is already in place with the standard PPCBoot / U-Boot.  And
has been there right from the first versions.

> ppcboot allows this to be quite easy since the bootcmd can contain several
> commands.

Right, this allows for simple applications like you described above.

More complex things are possible by enabling the hush shell.

Best regards,

Wolfgang Denk

Software Engineering:  Embedded and Realtime Systems,  Embedded Linux
Phone: (+49)-8142-4596-87  Fax: (+49)-8142-4596-88  Email: wd at
News is what a chap who doesn't care much  about  anything  wants  to
read. And it's only news until he's read it. After that it's dead.
                           - Evelyn Waugh _Scoop_ (1938) bk. 1, ch. 5

** Sent via the linuxppc-embedded mail list. See

More information about the Linuxppc-embedded mailing list