On 01/26/2012 11:34 AM, Peter Barada wrote: > On 01/26/2012 12:27 PM, Scott Wood wrote: >> Why are two copies insufficient for that? > Two copies are sufficient, if none of the blocks ever go bad. > > To simplify things, suppose the environment is the same size as a block > and you have only two blocks (and two copies) to hold the environment. > If one block goes bad then there is a window between when the one > remaining block is erased and written with the environment that if power > fails then there is no environment in NAND.
It seems unlikely, but possible I guess. Currently I don't think we dynamically mark blocks bad at all in U-Boot, except in things like ubi and yaffs. > To solve this I can crank up the number of blocks to three which allows > one block to go bad and still at all times have one good copy of the > environment in NAND. But looking at writeenv(), it stops as soon as > either nand_write fails, or one copy of the environment is written. So > it could make sense to modify writeenv to write as many copies of the > environment that fit into CONFIG_ENV_RANGE, and have readenv read out > copies and verify them until it finds one good one. This isn't what CONFIG_ENV_RANGE is about. I think it would make more sense to change REDUND to support more than two copies (each with their own range). Probably better to never update the environment in the field -- source a script in an ubi partition instead. -Scott _______________________________________________ U-Boot mailing list U-Boot@lists.denx.de http://lists.denx.de/mailman/listinfo/u-boot
