In message 9D8FC3304AA0924E9CD0A211DFEDCBAB0164D7AF@bespin.apdcomms.co.uk you wrote:
We are implementing facility for automatic firmware upgrades (either the Linux uImage or cramfs) on our embedded device. However there is a requirement that the device is not broken by (the user for example) disconnecting the power supply at any stage during the flash update.
This is not new. It's actually a astandrard requirement.
In the absence of a backup battery, I guess the boot loader would have to be modified to cope with this. Has anybody produced a solution already?
There is no need to change anything. U-Boot is perfectly capable of supporting such requirements.
- 'update' routine checks specified flash location for new upgrade
image with valid CRC. If no image found or has bad CRC it returns, control passes to next command in bootcmd, and Linux boots normally.
- 'update' routine erases target area of flash, and then copies content
of upgrade image to target location.
Why would you do that if the new image is already in flash? Just swap boot addresses...
Any comments?
Your design is much too complicated. Keep it simple.
Best regards,
Wolfgang Denk