A closer look at flash memory partitions (with some insight on the firmware update process)

As I pointed out in my earlier article “Backing up the flash memory on your iSpot to your PC“, there are 10 ‘partitions’ on the flash memory chip in the iSpot (at least on my device). You can get a list of the partitions by dumping the contents of the file “/proc/mtd”:

# cat /proc/mtd
dev:    size   erasesize  name
mtd0: 00040000 00020000 "RedBoot"
mtd1: 00020000 00020000 "param"
mtd2: 00120000 00020000 "linux"
mtd3: 00600000 00020000 "rootfs"
mtd4: 00100000 00020000 "system"
mtd5: 00120000 00020000 "linux_2"
mtd6: 00600000 00020000 "rootfs_2"
mtd7: 00020000 00020000 "ver_1"
mtd8: 00020000 00020000 "ver_2"
mtd9: 0001f000 00020000 "FIS directory"
mtd10: 00001000 00020000 "RedBoot config"

 Here is a brief description of the partitions:

  • RedBoot : The RedBoot ‘boot loader’.  This contains the code that runs when you first power-ON your device.  It loads the Linux kernel and starts it (which in turn starts the main code for the iSpot)
  • param : Persistent parameters loaded into the iSpot at manufacturing time.  Information such as the WiMax MAC address, as well as radio ‘calibration’ data is stored here.  This information is very important!
  • linux : The Linux kernel portion of Firmware Image 1 (see Dual Firmware Images, below)
  • rootfs : The JFFS2 root filesystem portion of Firmware Image 1 (see Dual Firmware Images, below)
  • system : Persistent storage for ‘settings’ and other info that will remain even after a firmware upgrade
  • linux_2 : The Linux kernel portion of Firmware Image 2 (see Dual Firmware Images, below)
  • rootfs_2 : The JFFS2 root filesystem portion of Firmware Image 2 (see Dual Firmware Images, below)
  • ver_1 : The ‘version counter’ for Firmware Image 1 (see Dual Firmware Images, below)
  • ver_2 : The ‘version counter’ for Firmware Image 2 (see Dual Firmware Images, below)
  • FIS directory : RedBoot’s table of flash memory partitions (corresponds to /proc/mtd in Linux)
  • RedBoot config : Configuration for RedBoot (includes the ‘boot script’ that gets executed at startup)

Dual Firmware Images

The iSpot maintains two separate copies of Linux firmware in flash memory.  A single Firmware Image consists of two flash partitions : a Linux kernel, plus a JFFS2 root filesystem.

Only one copy of firmware is running at a time.  This is known as the ‘active’ Firmware Image (and the two flash partitions associated with it are the ‘active’ firmware partitions).

The other copy of the firmware is known as the ‘idle’ Firmware Image.

The iSpot uses the “ver_1” and “ver_2” partitions to decide which Firmware Image is ‘active’, and which is ‘idle’.  These partitions each hold a ‘counter’ value.  Whichever partition’s counter is higher is the one that is ‘active’ (and the lower counter value is ‘idle’).

For example, if the “ver_1” partition contains the value “26”, and the “ver_2” partition contains the value “27”, then the system knows that Firmware Image 2 is the ‘active’ one.  So, it chooses the “linux_2” partition to load the kernel, and “rootfs_2” for the JFFS2 root filesystem.  Firmware Image 1 (and its associated “linux” and “rootfs” partitions) are ‘idle’.

 Whenever a “firmware update” process takes place, the “/bin/flash_program” application find the ‘idle’ pair of partitions, and writes the new firmware there.  This avoids any possible problems with writing to the ‘active’ partition (for example, trying to modifiy files that are ‘in use’, or a power loss).  After the new firmware partitions are completely written/verified, the new firmware partitions are marked as ‘active’ (and the current one becomes ‘idle’).  This is done by taking the current ‘active’ partition’s ‘counter’ value (from the ‘active’ Firmware’s “ver” partition), adding one to it, then writing that to the ‘idle’ Firmware’s “ver” partition.

Going back to the above example, if “ver_1” contained “26” and “ver_2” contained “27” before the “firmware update” process (Firmware Image 2 is ‘active’), the new firmware would be written to the Firmware Image 1 partitions (“linux” and “rootfs”), as they are the ‘idle’ partitions.  When finished, “ver_1” would be updated with the value “28” (one higher than the ‘active’ partition’s “27”).

After the ‘active/idle’ switch, the iSpot reboots.  RedBoot will see that “ver_1” has the higher value (“28”), so will choose Firmware Image 1 as the ‘active’ firmware, and will boot with “linux” and “rootfs” (instead of “linux_2” and “rootfs_2”).

 

Disclaimer: information on this site is for educational purposes only, and intended to help iSpot owners experiment with their own devices. I do not condone any hacking for illegal purposes, such as stealing service, etc.

This entry was posted in Uncategorized. Bookmark the permalink.

Leave a Reply