u-boot/board/keymile/README
Aleksandar Gerasimovski efe19295a5 km: common: implement field fail-safe u-boot update
This patch provides possibility for field fail-safe u-boot updates.
The implementation can be used on all pg-wcom boards that are booting from
parallel NOR flash.

When used in a board design, provided check_for_uboot_update function will
start new u-boot at defined location if updateduboot envvar is set to yes.
With this implementation it is expected that factory programmed u-boot
will always stay as it is, and optionally new u-boot can be safely
programmed by embedded software when the unit is rolled out on the field.

It is expected check_for_uboot_update to be called early in execution
before relocation (*_f) once SoC is basically initialized and environment
can be read, with this possibilities to not be able to fix a u-boot bug by
a u-boot update are reduced to minimum.

Signed-off-by: Aleksandar Gerasimovski <aleksandar.gerasimovski@hitachienergy.com>
Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>
2022-02-01 15:08:07 +05:30

19 lines
980 B
Plaintext
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

Field Fail-Save U-boot Update
-----------------------------
Field Fail-Save u-boot update is a feature that allows save u-boot update
of FOX and XMC products that are rolled out in the field.
The feature is initially implemented for designs based on LS102x SoC, but in
theory can be used on all designs that are booting from parallel NOR flash.
The implementation expects redundant (secondary) u-boot image on a predefined
location in the NOR flash, u-boot execution will be transferred to the redundant 
(secondary) u-boot and redundant u-boot will be started if 'updateduboot' envvar
is set to 'yes'.
Update logic check_for_uboot_update() has to be invoked from the design early
before relocation just after SoC initialization, e.g from board_early_init_f or
misc_init_f functions.
By design it is expected that primary u-boot image is burned in the factory and
never updated, and in case u-boot update is required it can flashed and started
from secondary u-boot location.