I would like to implement safe firmware updates for my device and one project solving this issue is SWUpdate. Do you have some hints, how to correctly replace sysupgrade in LEDE.
Current issues I found with LEDE are
Replace sysupgrade ubus service
Remove sysupgrade utiliti so nobody can call it by accident
Divide Flash to fixed parts (firmware1, firmware2, user data) and update Device Tree of my board
Possibly add SWUpdate package to upstream LEDE so anybody can select it as sysupgrade replacement
Do you have some hints for me? Is this already solved somewhere?
search on this forum for "boot to another partition", there is some development on multi-firmware thing.
user data is managed on many devices using overlayfs, Sysupgrade takes care of read a list of path with files that need to be preserved during an upgrade, it copies to RAM and after completion it copies back, preserving it all of them.
You could build your own images if you want to preserve software in addition to configuration/user files. or mount a local or remote volume (will not be affected during sysupgrade)
I dont know in which manner is related firmware upgrade to device tree.
in a computer, when you format disk and install windows or linux or osx the setup program installs bootloader and boot programs and you need to back up your configuration and user files from that volume/drive/disk.
Sysupgrade does this, it verifies the .img header to see if it is valid for the hardware, it backups configuration/userfiles and it writes to disk and restore those files back.
when you install windows/linux/osx softwares like openoffice or microsoft office does not come, on firmware upgrade you should put in the .bin image, on linux or windows you also need to put using some method too.
Many of the "features" of SWUpdate are just tools that you can write as automation scripts around sysupgrade, you could wget the .bin, or copy the .bin using tftp, or scp, or using serial-ttl, etc.
Imagine the situation, when you are upgrading the system by sysupgrade and power somehow fail. Everything is in RAM, flash is already erased and you have bricked device wtih all user data lost. This is not safe update for me.
Sysupgrade is not atomic. SWUpdate is.
Sysupgrade is enough for SOHO routers, but it is not good for IoT devices. SWUpdate also opens the door to safe automatic updates of whole system.
Updating using LuCI or updating using command line should not use sysupgrade. So it must be replaced on all places or reimplement the ubus service in one place. There should be no way how to update system using sysupgrade. I don't know all internals and all ways how to call sysupgrade so it is the reason why am I asking.
If you have constrained device, you probably don't have hard disk with partitions but you have NOR flash and "partitions" are defined in device tree compiled in kernel.
I just don't need to reinvent the weheel. I don't need to write my own tools and scripts around sysupgrade to mimic functionality, that is already done in other software project. Sysupgrade is also broken by design for me, because it copies data to RAM, delete them from storage and then do something. This is completely wrong form me.
Yo do raised some important points, which I agree.
The "double copy" partition layout is the only one that makes sense to OpenWRT/LEDE, as it always has at least one configuration that is functional.
But, there are some points which might be important to the developers:
Some devices have a small FLASH memory (8 MB or less).
All devices have an stock partition layout from the manufactured, which sometimes can't be changed.
It should be easy to return to the original/stock firmware if you don't like OpenWRT/LEDE. I don't think this is mandatory, but is highly desirable.
I think that in the future, a double partition layout is the way to go, as the FLASH size increases.
In the meantime, you and anyone interested, could create some proof-of-concept implementations to try to convince others that this is the safest way of doing updated.
Personally, I don't care about the stock partition layout as long as the new one is safer and more robust, but for some (most?) is relevant.
Finally, you could send some ideas to the developer mailing list, to gather the opinion of the core developers which don't read the forums.
Thank you for your support.
My intention is primary for new devices so I'm the one who defines stock partition layout for that device.
It can be later adopted by other devices to replace stock firmware. It needs the support in bootloader as I know, so it can't be easilly used in devices, where you can't replace bootloader.
I will formulate these ideas to developer mailing list.
Were you able to implement swupdate in openwrt LEDE framework. If so can you please provide some pointers, specifically about kernel and base firmware package update?
