Dear Robert,
In message alpine.DEB.2.02.1301310731270.7034@oneiric you wrote:
that is, a single u-boot and config in flash, followed by a pair of kernel/rootfs partitions, that is remotely upgradeable by, from userspace, determining the "older" (backup) of the pairs, overwriting that pair with a new pair, then flipping the switch in the u-boot configuration to always boot the newer kernel and rootfs (with an emergency revert to the backup pair under circumstances i haven't imagined yet).
The emergency revert usually relies on two things:
- Watchdog support that will reset (reboot) the system reliably in case the Linux kernel does not boot or does not manage to start the user space control application that will trigger the watchdog.
- The "boot counter" feature that will allow to run an alternativce boot command (i. e. booting from the backup) in case the number of boot attempts exceeds the set limit.
it *looks* fairly straightforward, but while that's a nice write-up, it does warn right up front that it hasn't been implemented so if anyone has done something like this they care to share, that would be delightful.
Things like that have been done a number of times before; the fact that such features as watchdog support and boot counter were added to U-Boot are an indication for this. However, in the cases known to me, the actual implementation was done as shell scripts (i. e. environment settings) which were not published.
Best regards,
Wolfgang Denk