On Mon, 25 Jul 2016, Wolfgang Denk wrote:
Dear Tom,
In message 20160725135754.GN14698@bill-the-cat you wrote:
Right, it is only a last resort when you cannot find any better place to storeit (in a hardware register that survives resets).
That's not strictly true. One of the things I noticed recently is that Mender uses bootcount, in environment, as a least common denominator. And thrown in a file in a filesystem, in so far as you trust the underlying black box to be good about reads/writes and wear levelling, it's robust enough (for certain values of robust and enough). We're dipping into one of those areas where experts have varying opinions on what's good enough, hence all the qualifiers. But it is a useful option. And neatly circumvents the need for a "driver" to clear the count too.
Agreed. Let me rephrase the warning, then: it is always a good idea to minimize the number of writes to the environment, especially when done automagically. One should at least avoid to re-write it on every boot, especially when storage is some (flash based) storage device with a limited number of erase/write cycles. And even on other stoage each write access includes the risk of errors.
i'm sure i'm asking the obvious, but if every boot to user space is successful, bootcount will have a value of zero each time, yes? so if user space code checks it and it's zero, then, you're done, no need to write.
rday