Dual boot | ConnectCore 8M Nano

Upgrading the firmware of an embedded device often means updating the full system rather than just substituting files. A full system update does risk leaving the system unable to boot if, for example, power is lost during the update process. A dual boot mechanism—which duplicates system partitions and performs the update over the unused partition—ensures that the device is always able to boot.

Double copy with fallback

The eMMC of a dual-boot system is organized to have duplicate system partitions: linux and rootfs. The system knows which pair of partitions are the "active" system so a system update is performed over the "inactive" partitions.

The following image shows the partition setup and update procedure.

ConnectCore 8M Nano Development Kit connections

Using a dual boot mechanism, an update is always safe even in case of power off. There is no need for a recovery kernel because having two copies guarantees that it is possible to update the inactive boot partition. When you have successfully installed the new system image, the bootloader loads that new image. Once the boot succeeds, the updated image is considered to be the active system.

Prepare your target for dual boot

There are two ways to prepare your target for dual boot:

Automatic mode: use the firmware install scripts (recommended).
Manual mode: do all operations manually.

Automatic mode

This method uses the default partition table defined in U-Boot and does the first deployment of all system firmware on A and B partitions.

Enable U-Boot environment variable dualboot:
```
=> setenv dualboot yes
=> saveenv
```
Run one of the firmware install scripts, such as:
- Program firmware using UUU:
  => fastboot 0
  Then run the install script on your host PC. See Program firmware using UUU for reference.
- Program firmware using microSD card:
  
  Insert a microSD card with the firmware and SD install script and run:
  => run install_linux_fw_sd
  See Program firmware using microSD card for reference.

After the first firmware deployment on both system partitions (A and B), boot the device. The system is now ready for dual boot.

Check Program SWU packages (dual boot system) for information on updating the firmware on a dual boot device.

Manual mode

This method uses manual operations to create the partition table and do the first deployment of firmware on both system partitions.

Create the partition table

Enable U-Boot environment variable dualboot:
```
=> setenv dualboot yes
=> saveenv
```
Modify your partition table for dual boot. The only requirement is to have four partitions with the names: linux_a, rootfs_a, linux_b, rootfs_b.

You can create your custom partition table or run the following script in U-Boot to create a predefined partition for dual boot:
```
=> run partition_mmc_linux
```
Check the new partition table:
```
=> mmc part
```

Perform first firmware deployment

Perform the first deployment of firmware using U-Boot to update the partitions of both systems A and B.

See Program images from U-Boot for instructions on updating partitions from U-Boot. For example, to update via TFTP:

=> update linux_a tftp <boot-file>.boot.vfat
=> update rootfs_a tftp <rootfs-file>.rootfs.ext4
=> update linux_b tftp <boot-file>.boot.vfat
=> update rootfs_b tftp <rootfs-file>.rootfs.ext4

After the first firmware deployment on both system partitions (A and B), boot the device. The system is now ready for dual boot.

Check Program SWU packages (dual boot system) for information on updating the firmware on a dual boot device.

Perform subsequent firmware update

To make use of the dual boot system, you must perform the subsequent updates from Linux, either locally or remotely using Remote Manager.

Update using a local file

Create a software update *.swu file using the instructions in Build a software update package.
Copy the software update *.swu file to an external storage device such as USB disk or microSD card. Optionally, you can save it to your device’s eMMC if you have enough free space.
Run the update-firmware command with the *.swu file as parameter:
```
# update-firmware </your-path/your-filename>.swu
```

The mechanism updates the firmware on the inactive system partitions. If the update process is successful, the target reboots into the new system image.

If the target boots successfully, the new image becomes the current active system.

If the target fails to boot the new system, the dual boot mechanism increments a boot attempt counter and waits for the user (or a watchdog) to reboot the device. If the target fails to boot the number of times established in U-Boot variable bootlimit (default is 3), the dual boot mechanism switches back to boot the previously active system.

Disable dual boot

To switch from a dual boot layout to one with a single system:

Disable U-Boot environment variable dualboot:
```
=> setenv dualboot no
=> saveenv
```
Modify your partition table for single system.

You can create your custom partition table or run the following script in U-Boot to create a predefined partition for single system:
```
=> run partition_mmc_linux
```

Perform on-the-fly updates

A dual boot partition layout lacks the storage space to download a firmware file on the target. To update images on systems that don’t have enough storage space, use the Digi Remote Manager on-the-fly feature. With on-the-fly mode enabled, the update process downloads the software update file (swu) in chunks and writes them directly to the partition.

Enable on-the-fly updates for Digi Remote Manager

ConnectCore Cloud Services connect your device with Remote Manager, Digi’s platform for managing devices remotely. The on-the-fly update feature is not enabled by default in Digi ConnectCore Cloud Services configuration. To enable on-the-fly updates, modify the ConnectCore Cloud Services configuration file, cccs.conf, on the target:

/etc/cccs.conf

on_the_fly = true

See Set CCCS configuration for more information.

On-the-fly support does not work with compressed root file system images (*.gz).