From: Jesper Skov <jskov@redhat.com>
To: Doug Fraser <dfraser@photuris.com>
Cc: "'Jesper Skov'" <jskov@redhat.com>,
Andrew Lunn <andrew.lunn@ascom.ch>,
Grant Edwards <grante@visi.com>,
ecos-discuss@sources.redhat.com, gthomas@cambridge.redhat.com
Subject: RE: [ECOS] RedBoot porting
Date: Mon, 08 Jan 2001 04:54:00 -0000 [thread overview]
Message-ID: <14937.47209.383836.370668@thinktwice.zoftcorp.dk> (raw)
In-Reply-To: <E2D27064CD59574F88D05AEF5728396D01E5E2@PH01SRV02.photuris.com>
>>>>> "Doug" == Doug Fraser <dfraser@photuris.com> writes:
Doug> Then RedBoot becomes a chunk of the application at that
Doug> point. What I want then, I guess, is two copies of 'RedBoot'.
Doug> An immutable copy in FLASH that provides recovery of a dead
Doug> board and a runtime copy that contains the callbacks for the OS.
Doug> The runtime copy is normally copied to RAM and run there. The
Doug> FLASH copy is just used to network boot an image if the rest of
Doug> my FLASH is dead (for development). I plan on two application
Doug> regions of FLASH to provide failsafe remote updates. The
Doug> bootstrap picks the image to load based on CRC sanity. Updates
Doug> load and verify one section before erasing the second.
Doug> Does the above sound reasonable?
Yes. But the reason for making RedBoot run out of RAM is to avoid any
clashes with the flash programming due to interrupts or exceptions
(which may (in part) be serviced by RedBoot).
And RedBoot does not become a part of the application. There can only
ever be one application (task) in an eCos system.
What you're after is something like:
FLASH
boot block: RedBoot ROMRAM startup
blocks n-m: application area 1
blocks x-y: application area 2
last blocks: FIS directory
RAM
bottom-whatever: RedBoot code and data space
whatever-top: application code and data space
On reset RedBoot will reloc to RAM and execute from there. Now we need
to load the appropriate image. I'd suggest each image to have:
CRC - for the image
version - image version
RedBoot will (after a timeout) select the highest version with a valid
CRC and load it into RAM, then jump to it. RedBoot already has all but
the magic to select which image to use - which is something I think
would be good to add as a standard feature.
OK, after the image has been loaded to RAM, both ReBoot and
application run out of RAM, and you can update the flash without
risking it to fry because there's an unexpected exception or
something.
To get this totally failsafe, I think we'd also need to add an extra
FIS directory, also using CRC+version, so that a power outage during
programming does not invalidate anything.
And for failsafe RedBoot updating, we'd have this:
FLASH
RedBoot - bootstrapper
RedBoot image1
RedBoot image2
Application image1
Application image2
RedBoot bootstrapper just loads the highest versionend (and CRC
checked) RedBoot RAM image, which then does the application loading.
Neat. But I'm sure it's unusable for all sorts of reasons :)
Jesper
next prev parent reply other threads:[~2001-01-08 4:54 UTC|newest]
Thread overview: 33+ messages / expand[flat|nested] mbox.gz Atom feed top
2001-01-08 4:36 Doug Fraser
2001-01-08 4:54 ` Jesper Skov [this message]
2001-01-08 7:34 ` Grant Edwards
-- strict thread matches above, loose matches on Subject: below --
2003-09-16 2:55 [ECOS] redboot porting yu weiping
[not found] <20010108171508.U10158@biferten.ma.tech.ascom.ch>
[not found] ` <XFMail.20010108095423.gthomas@redhat.com>
2001-01-09 0:50 ` [ECOS] RedBoot porting Andrew Lunn
2001-01-09 8:57 ` Grant Edwards
2001-01-09 9:05 ` Andrew Lunn
2001-01-09 9:12 ` Grant Edwards
2001-01-09 9:09 ` Gary Thomas
2001-01-09 9:24 ` Grant Edwards
2001-01-09 9:47 ` Andrew Lunn
2001-01-09 10:08 ` Lewin A.R.W. Edwards
2001-01-09 10:30 ` Grant Edwards
2001-01-09 10:39 ` Andrew Lunn
2001-01-09 11:24 ` Grant Edwards
2001-01-08 5:32 Doug Fraser
2001-01-05 9:49 Grant Edwards
2001-01-05 15:41 ` Jonathan Larmour
2001-01-08 0:08 ` Jesper Skov
2001-01-08 0:29 ` Andrew Lunn
2001-01-08 1:09 ` Jesper Skov
2001-01-08 2:36 ` Andrew Lunn
2001-01-08 3:04 ` Jesper Skov
2001-01-08 7:31 ` Grant Edwards
2001-01-08 7:40 ` Lewin A.R.W. Edwards
2001-01-08 8:24 ` Grant Edwards
2001-01-08 7:42 ` Gary Thomas
2001-01-08 7:57 ` Grant Edwards
2001-01-08 7:59 ` Andrew Lunn
2001-01-08 8:07 ` Gary Thomas
2001-01-08 14:42 ` Grant Edwards
2001-01-08 16:26 ` Gary Thomas
2001-01-09 7:33 ` Grant Edwards
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=14937.47209.383836.370668@thinktwice.zoftcorp.dk \
--to=jskov@redhat.com \
--cc=andrew.lunn@ascom.ch \
--cc=dfraser@photuris.com \
--cc=ecos-discuss@sources.redhat.com \
--cc=grante@visi.com \
--cc=gthomas@cambridge.redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).