On Fri, 03 Jun 2016 20:15:16 -0500 Scott Wood <o...@buserror.net> wrote:
> On Wed, 2016-06-01 at 13:23 +0200, Boris Brezillon wrote: > > On modern NAND it's more than recommended to have a backup copy of the > > u-boot binary to recover from corruption: bitflips are quite common on > > MLC NANDs, and the read-disturbance will corrupt your u-boot partitition > > more quickly than what you would see on an SLC NAND. > > Wouldn't the same happen to the SPL itself? Or is the boot block implemented > in a different, more robust manner? Nope, the same happens to the SPL image, and we're actually using the same trick: the brom code search for a valid SPL image every 64 pages is duplicated every 64 pages (it tests the first 8 locations: page 0, page 64, page 128, ..., page 448). We usually fill 2 blocks with SPL images (repeating it several times in each block). > > > Add an extra Kconfig option to specify the offset of the redundant u-boot > > image. > > > > Signed-off-by: Boris Brezillon <boris.brezil...@free-electrons.com> > > Acked-by: Hans de Goede <hdego...@redhat.com> > > --- > > common/spl/spl_nand.c | 8 ++++++++ > > drivers/mtd/nand/Kconfig | 6 ++++++ > > 2 files changed, 14 insertions(+) > > > > diff --git a/common/spl/spl_nand.c b/common/spl/spl_nand.c > > index 612bd4a..0bf0848 100644 > > --- a/common/spl/spl_nand.c > > +++ b/common/spl/spl_nand.c > > @@ -12,6 +12,9 @@ > > > > #ifndef CONFIG_SYS_NAND_U_BOOT_OFFS > > #define CONFIG_SYS_NAND_U_BOOT_OFFS CONFIG_SPL_NAND_U_BOOT_OFFS > > +#define CONFIG_SYS_NAND_U_BOOT_OFFS_REDUND > > CONFIG_SPL_NAND_U_BOOT_OFFS_REDUND > > +#else > > +#define CONFIG_SYS_NAND_U_BOOT_OFFS_REDUND CONFIG_SYS_NAND_U_BOOT_OFFS > > #endif > > > > #if defined(CONFIG_SPL_NAND_RAW_ONLY) > > @@ -111,6 +114,11 @@ int spl_nand_load_image(void) > > #endif > > /* Load u-boot */ > > err = spl_nand_load_element(CONFIG_SYS_NAND_U_BOOT_OFFS, header); > > +#if CONFIG_SYS_NAND_U_BOOT_OFFS != CONFIG_SYS_NAND_U_BOOT_OFFS_REDUND > > + if (err) > > + err = > > spl_nand_load_element(CONFIG_SYS_NAND_U_BOOT_OFFS_REDUND, > > + header); > > +#endif > > If one of the images has failed, doesn't it need to be reflashed before the > other one goes bad as well? Yes, that's the idea. > How does the failure get communicated to later > parts of the system that would be responsible for such reflashing? Linux is taking care of that (a script tries to read the u-boot partition, and if fails it reflashes it with the content of the u-boot-backup partition, or with a reference u-boot.bin file). I guess u-boot could do it too. Anyway, that's a different story ;). -- Boris Brezillon, Free Electrons Embedded Linux and Kernel engineering http://free-electrons.com _______________________________________________ U-Boot mailing list U-Boot@lists.denx.de http://lists.denx.de/mailman/listinfo/u-boot
