Errors during flashing or faulty kernel or root filesystem (RFS) images usually result in an unusable (“bricked”) system. To avoid this, two versions of the kernel and RFS are stored in the flash memory. One kernel and one RFS belong together and are referred to as “bank”. The two banks are identified as A and B.
From which bank should be booted is determined during the boot process. Usually from the so-called “current bank”. From there the kernel is copied to RAM, the kernel arguments for the RFS are determined (root=…) and the kernel is started.
During a firmware update always the bank which is currently not running is flashed. This avoids the problem that would arise without the mechanism of the two banks that the flash is overwritten, which is currently mounted as the file system by the kernel.
After flashing the current bank will be changed and rebooted.
If the new firmware proves faulty, is will automatically be switched back to the old bank and this one booted. This ensures that a faulty update does not make the system unusable.
The above described is currently implemented for NOR flash-based systems. The following changes and enhancements are necessary at the current TQMa28 system for the mechanisms to work with eMMC flash: