Gitiles
Code Review Sign In
git01.mediatek.com / filogic / uboot / 197b948a5f87db2aaef46c42edd9b89d92001fc8^! / . / board / keymile / README
commit197b948a5f87db2aaef46c42edd9b89d92001fc8[log] [tgz]
authorAleksandar Gerasimovski <aleksandar.gerasimovski@hitachienergy.com>Fri Dec 10 11:07:53 2021 +0100
committerPriyanka Jain <priyanka.jain@nxp.com>Tue Feb 01 15:08:07 2022 +0530
treee750362b8dc09b974e1f97f7e432bb66e52326cc
parentadef80de1f46dca75dff0118cafd75d656b374c2 [diff] [blame]
km: common: implement field fail-safe u-boot update

This patch provides possibility for field fail-safe u-boot updates.
The implementation can be used on all pg-wcom boards that are booting from
parallel NOR flash.

When used in a board design, provided check_for_uboot_update function will
start new u-boot at defined location if updateduboot envvar is set to yes.
With this implementation it is expected that factory programmed u-boot
will always stay as it is, and optionally new u-boot can be safely
programmed by embedded software when the unit is rolled out on the field.

It is expected check_for_uboot_update to be called early in execution
before relocation (*_f) once SoC is basically initialized and environment
can be read, with this possibilities to not be able to fix a u-boot bug by
a u-boot update are reduced to minimum.

Signed-off-by: Aleksandar Gerasimovski <aleksandar.gerasimovski@hitachienergy.com>
Reviewed-by: Priyanka Jain <priyanka.jain@nxp.com>

diff --git a/board/keymile/README b/board/keymile/README
new file mode 100644
index 0000000..4e5cfb1
--- /dev/null
+++ b/board/keymile/README

@@ -0,0 +1,18 @@
+Field Fail-Save U-boot Update
+-----------------------------
+Field Fail-Save u-boot update is a feature that allows save u-boot update
+of FOX and XMC products that are rolled out in the field.
+
+The feature is initially implemented for designs based on LS102x SoC, but in
+theory can be used on all designs that are booting from parallel NOR flash.
+
+The implementation expects redundant (secondary) u-boot image on a predefined
+location in the NOR flash, u-boot execution will be transferred to the redundant 
+(secondary) u-boot and redundant u-boot will be started if 'updateduboot' envvar
+is set to 'yes'.
+Update logic check_for_uboot_update() has to be invoked from the design early
+before relocation just after SoC initialization, e.g from board_early_init_f or
+misc_init_f functions.
+By design it is expected that primary u-boot image is burned in the factory and
+never updated, and in case u-boot update is required it can flashed and started
+from secondary u-boot location.