Dear Reader,
My OTA update project led me into the depths of u-boot as well as hardware and software watchdogs. A rootfs update is considered successful, if the new system passes some tests after the first start. A very simple test is that the main application runs for two minutes without crashing.
The test fails, if the Linux kernel or the systemd daemon do not start. Then, a hardware watchdog reboots the device. The test also fails, if the main application crashes, say, twice within 30 seconds. Then, the watchdog of the systemd service starting the main application reboots the device. You find a detailed description how to configure these watchdogs in the post systemd for Administrators, Part XV.
In case of a broken update, the two watchdogs would send the device into an infinite loop of rebooting. You certainly don’t want this. The remedy is to enable boot counting in u-boot (see slides 17-22 of the presentation Recovering from a failed upgrade). If the device reboots, say, for the fourth time, it doesn’t boot into the newly updated partition but falls back into the old, still working partition - using the alternate boot command altbootcmd.
The fallback mechanism is working reliably now. My next adventures will be delta updates and bootloader updates. I am sure that I’ll figure out even more ways to bork my board. Fortunately, I have become quite an expert in reanimating the board with the recovery SD card.
Now it's time for the round-up of the Yocto Project Summit 2023.11.
- Luca Ceresoli introduces an absolutely minimal Yocto project comprising only four tiny layers:
meta-kiss,meta-arm,openembedded-coreandbitbake - Anna-Lena Marx builds a Yocto CI Pipeline with KAS, GitHub Actions and AWS.
- Leon Anavi integrates VNC in Weston with Yocto.
Happy reading,
Burkhard