Has anyone ever implemented duel U-boot images in flash as a fail safe mechanism? A primary U-boot image, and a backup U-boot image incase the primary image is invalid.
I understand there needs to be a single boot point with verification to determine which image to boot from. Is there a mechanism already in U-boot that can do this?
We're looking at doing something similar on an MPC860 with a first-stage U-Boot that just checksums and jumps to one of two second-stage U-Boot images that are stored in flash. This would allow us to update U-Boot in the field without risk of losing our bootloader and being left with a dead system. Of course, this assumes we keep the initial U-Boot very simple so that we can get away with never updating it. We haven't started working on it yet, just discussing at a high level. Might have some issues with vectors.
Dan