Dear Arno Steffen,
In message AANLkTim0KjSnkOhhm9Yst8xjtNM4yINO38S35qBxdES9@mail.gmail.com you wrote:
The system must be ready for updates - and they might go wrong, even by a typo.
Then you must design the system to be robust and ready for such procedures; for example, you want to have a hardware watchdog that resets the board if something goes wrong.
In manual I just can see how to set commandline parameters. Everything ( I understand until now) is controled via environment. I have to put some code (before the environment is read) into uboot source to force a tftpboot with in-compiled parameters. And I don't have a clue howto and where to do this. It is not enough to set some default environment, as this becomes active only if CRC is failed. This will not help against a typo in the setting.
The aforementioned "env default" command would alow to manually reset the environment to default settings, for example as last resort of recovery after a certain number of watchdog resets has been detected.
But if your environment is really hosed, including the backup copy, then you are probably lost anyway. Foir example, how would you communicate over Ethernet, when there is no longer a valid MAC address in your environment?
Best regards,
Wolfgang Denk