23 Sep
2005
23 Sep
'05
9:35 p.m.
It is impossible - there is only one reset entry point. How would you determine which image to boot?
What you typically do (assuming the hardware supports it) is to have two banks of flash memory that can be swapped using some jumper or switch or so.
The code at the entry point needs to be small, reliable and never require an upgrade in the field. This code would run a CRC on the primary U-boot image to determine if it's safe to boot, upon CRC failure verify then run the backup image.
For remote systems we need to resolve the issue of upgrade failure without human intervention - or perhaps remote human intervention.
-John Roberts (Engineer, not Judge)