Behavior of marking partition as good without any actual updates

cdsteinkuehler / br2rauc

Buildroot + RAUC

Other

51 stars 18 forks source link

Behavior of marking partition as good without any actual updates #5

Closed Sourabh1107 closed 2 years ago

Sourabh1107 commented 2 years ago

Hello @cdsteinkuehler I don't know whether this is an issue or not.

After booting, I am doing rauc status mark-good to mark the current partition as valid. But if I do reboot (from Linux user-space) and then check sudo fw_printenv | grep BOOT_ , again boot count in the bootload is decreased. For example, after reboot it is:

BOOT_A_LEFT=2
BOOT_B_LEFT=3
BOOT_ORDER=A B

I expected that this count should only be decreased if there is a failed update and system can't boot. Is it needed to mark status as good even after reboot even if no update is performed?

Please correct me if I misunderstood the concept.

synaption commented 2 years ago

Merely booting should not be enough to be marked good. You need to explicitly mark the update good. In my case for example, I could push an update that boots but breaks networking, and this would be a disaster, so I only mark good when I know I have networking.

Sourabh1107 commented 2 years ago

Hello @synaption yes that is true. But my question is related to "after reboot, we need to mark rauc status as good even if there is no update performed". For example, when I boot for first time BOOT_A_LEFT value is 2 and then I mark rauc status as good but if I do reboot now, then after boot BOOT_A_LEFT is set to 2 again. Is this expected?

cdsteinkuehler commented 2 years ago

The behavior you see is normal and expected. When you mark a partition good at runtime, you can examine the U-Boot environment and see that BOOT_A_LEFT is set to 3. The boot loader script decrements the count each time the system boots and the application is responsible for marking the RAUC status as good once everything has booted normally. This protects against potential issues such as a corrupted partition which causes incorrect operation after an otherwise successful upgrade that perhaps even successfully rebooted multiple times.

Writing an example application that integrates watchdog support along with marking the RAUC status good once the system is fully up and running is on the ToDo list, but you currently need to manually run rauc status mark-good when the system has successfully booted to reset the boot count.