Upgrading the firmware of an embedded device often means updating the full system rather than just substituting files. A full system update does risk leaving the system unable to boot if, for example, power is lost during the update process. A dual boot mechanism—​which duplicates system partitions and performs the update over the unused partition—​ensures that the device is always able to boot.

Double copy with fallback

The NAND of a dual-boot system is re-partitioned to have duplicate system partitions: linux and rootfs. The system knows which pair of partitions are the "active" system so a system update is performed over the "inactive" partitions.

The following image shows the partition setup and update procedure.

ConnectCore 6UL SBC Pro connections

Using a dual boot mechanism, an update is always safe even in case of power off. There is no need for a recovery kernel because having two copies guarantees that it is possible to update the inactive boot partition. When you have successfully installed the new system image, the bootloader loads that new image. Once the boot succeeds, the updated image is considered to be the active system.

Build images prepared for dual boot

Digi Embedded Yocto default images do not include dual boot support by default. To build an image with dual boot support, edit your project’s conf/bblayers.conf configuration file and add the meta-digi-dualboot layer by adding the following line:

conf/bblayers.conf
<DEY-INSTALLDIR>/sources/meta-digi-dualboot

where <DEY-INSTALLDIR> is your Digi Embedded Yocto install folder.

The images you build will now include dual boot support. The meta-digi-dualboot layer modifies different scripts and software update (SWU) images to work with dual system partitions.

Prepare your target for dual boot

There are two ways to prepare your target for dual boot:

Automatic mode

This method uses the default partition table defined in U-Boot and does the first deployment of all system firmware on A and B partitions.

  1. Enable U-Boot environment variable dualboot:

    => setenv dualboot yes
    => saveenv
  2. Run one of the firmware install scripts, such as:

    • Program firmware using UUU:

      => fastboot 0

      Then run the install script on your host PC. See Program firmware using UUU for reference.

    • Program firmware using microSD card:

      Insert a microSD card with the firmware and SD install script and run:

      => run install_linux_fw_sd
    • Program firmware using USB mass storage:

      Insert a USB disk with the firmware and USB install script and run:

      => run install_linux_fw_usb

After the first firmware deployment on both system partitions (A and B), boot the device. The system is now ready for dual boot.

Check Perform subsequent firmware update for information on updating the firmware on a dual boot device.

Manual mode

This method uses manual operations to create the partition table and do the first deployment of firmware on both system partitions.

Create the partition table

Multi-MTD system partitioning strategy

If you use the multi-MTD system partitioning strategy (default), follow these instructions to prepare your target for DualBoot.

  1. Enable U-Boot environment variable dualboot:

    => setenv dualboot yes
  2. Modify your partition table for dual boot. The only requirement is to have four partitions with the names: linux_a, rootfs_a, linux_b, rootfs_b.

    You can set your custom partition table by editting variable mtdparts or run the following script in U-Boot to create a predefined partition for dual boot:

    => run partition_nand_linux
    The script partition_nand_linux is only available on U-Boot dub-2020.04-r5 or later versions. Update U-Boot to the latest version and reset the environment if this variable doesn’t exist.
  3. Check the new partition table in mtdparts:

    => mtdparts
  4. Save the new partition table in the environment:

    => saveenv
  5. Erase the contents of the new partitions to prevent the metadata from the old partition table from conflicting with that of the new one.

    => nand erase.part linux_a
    => nand erase.part linux_b
    => nand erase.part rootfs_a
    => nand erase.part rootfs_b
  6. Proceed to Perform first firmware deployment.

Single-MTD system partitioning strategy

If you use the single-MTD system partitioning strategy, follow these instructions to prepare your target for DualBoot.

  1. Enable U-Boot environment variable dualboot:

    => setenv dualboot yes
  2. Modify your UBI volumes for dual boot. The only requirement is to have four volumes with the names: linux_a, rootfs_a, linux_b, rootfs_b.

    You can set your UBI volumes by editting variable ubivolscript or run the following script in U-Boot to create a predefined UBI volumes layout for dual boot:

    => run ubivolscript
    The script ubivolscript is only available in recent versions of U-Boot. Update U-Boot to the latest version and reset the environment if this variable doesn’t exist.
  3. Check the new UBI volumes layout:

    => ubi part system
    => ubi info l

Perform first firmware deployment

Perform the first deployment of firmware using U-Boot to update the partitions of both systems A and B.

See Program firmware from U-Boot for instructions on updating partitions from U-Boot. For example, to update via TFTP:

=> update linux_a tftp <boot-file>.boot.ubifs
=> update rootfs_a tftp <rootfs-file>.rootfs.ubifs
=> update linux_b tftp <boot-file>.boot.ubifs
=> update rootfs_b tftp <rootfs-file>.rootfs.ubifs

After the first firmware deployment on both system partitions (A and B), boot the device. The system is now ready for dual boot.

Check Perform subsequent firmware update for information on updating the firmware on a dual boot device.

Perform subsequent firmware update

To make use of the dual boot system, you must perform the subsequent updates from Linux, either locally or remotely using Remote Manager.

Update using a local file

  1. Create a software update *.swu file using the instructions in Build a software update package.

  2. Copy the software update *.swu file to an external storage device such as USB disk or microSD card. Optionally, you can save it to your device’s NAND if you have enough free space.

  3. Run firmware-update-dual.sh script with the *.swu file as parameter:

    # firmware-update-dual.sh </your-path/your-filename>.swu

The mechanism updates the firmware on the inactive system partitions. If the update process is successful, the target reboots into the new system image.

If the target boots successfully, the new image becomes the current active system.

If the target fails to boot the new system, the dual boot mechanism increments a boot attempt counter and waits for the user (or a watchdog) to reboot the device. If the target fails to boot the number of times established in U-Boot variable bootlimit (default is 3), the dual boot mechanism switches back to boot the previously active system.

Update using Digi Remote Manager

Refer to Update the firmware with Remote Manager for information on updating the system via Remote Manager.

The meta-digi-dualboot layer modifies the firmware_download_path field of the /etc/cc.conf configuration file to /home/root as the path for saving the .swu file transferred by Remote Manager. Consider whether you want to change this path to an external media if the size of the *swu image doesn’t fit into the partition.

Enable a watchdog

The dual boot mechanism doesn’t enable a watchdog by default. To guarantee that an update doesn’t result in a blocked system (especially if updating remotely), Digi recommends you enable a watchdog timer that can reset the device in case of a boot failure.

See Watchdog for information about enabling and using the watchdog.

Disable dual boot

To switch from a dual boot system to a standard system:

  1. Disable U-Boot environment variable dualboot:

    => setenv dualboot no
    => saveenv
  2. Modify your partition table for standard boot.

    You can set your custom partition table by editting variable mtdparts or run the following script in U-Boot to create a predefined partition for dual boot:

    1. Run the partitioning script:

      => run partition_nand_linux
      The script partition_nand_linux is only available in recent versions of U-Boot. Update U-Boot to the latest version and reset the environment if this variable doesn’t exist.
    2. Save the environment and reboot the target for the partition to be created:

      => saveenv
      => reset
    3. On the next boot, check the new partition table in mtdparts:

      => printenv mtdparts
    4. Save the new partition table:

      => saveenv
  3. Remove meta-digi-dualboot layer from your project’s conf/bblayers.conf.

  4. Rebuild your image.

Perform on-the-fly updates

A dual boot partition layout lacks the storage space to download a firmware file on the target. To update images on systems that don’t have enough storage space, use the Digi Remote Manager on-the-fly feature. With on-the-fly mode enabled, the update process downloads the software update file (swu) in chunks and writes them directly to the partition.

Enable on-the-fly updates for Digi Remote Manager

Cloud Connector is a service that communicates with Remote Manager, Digi’s platform for managing devices remotely. The on-the-fly update feature is not enabled by default in Digi Cloud Connector. To enable on-the-fly, modify the /etc/cc.conf Cloud Connector configuration file on the target:

/etc/cc.conf
on_the_fly = true

You can now install new firmware onto the target with the Cloud Connector application.