Method and system for failsafe recovery and upgrade of an embedded operating system

US 6,591,376 B1
Filed: 03/02/2000
Issued: 07/08/2003
Est. Priority Date: 03/02/2000
Status: Expired due to Fees

First Claim

Patent Images

1. A method for failsafe recovery of an embedded operating system within an electronic device that does not store operating system instructions or data in a read-only electronic memory, the method comprising:

booting an initial operating system kernel to run within the electronic device;

checking a boot disk partition for corruption, checking a distribution disk partition for corruption and formatting the distribution disk partition if corruption is found;

checking the distribution disk partition for the presence of a primary image, and, if a primary image is not found, copying a backup primary image from the boot disk partition to the distribution disk partition;

checking a primary image within the distribution disk partition for corruption, and, if corruption of the primary image is found, copying a backup primary image from the boot disk partition to the distribution disk partition to replace the primary image containing the corruption; and

mounting a final embedded operating system file system and launching the embedded operating system.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and system for failsafe recovery and upgrade of an operating system embedded within a peripheral or consumer electronic device. The method and system involves replacing current implementations that use ROM memory to store a copy of the embedded operating system, or critical portions thereof, with a disk-based ROM and redundant backup copies of the initial operating system kernel and the primary image required for booting the final embedded operating system. By maintaining critical files in read-only partitions, the robustness and reliability achieved using ROM memory in currently available devices can be achieved without expensive ROM memory via the disk-based ROM.

Citations

19 Claims

1. A method for failsafe recovery of an embedded operating system within an electronic device that does not store operating system instructions or data in a read-only electronic memory, the method comprising:
- booting an initial operating system kernel to run within the electronic device;
  
  checking a boot disk partition for corruption, checking a distribution disk partition for corruption and formatting the distribution disk partition if corruption is found;
  
  checking the distribution disk partition for the presence of a primary image, and, if a primary image is not found, copying a backup primary image from the boot disk partition to the distribution disk partition;
  
  checking a primary image within the distribution disk partition for corruption, and, if corruption of the primary image is found, copying a backup primary image from the boot disk partition to the distribution disk partition to replace the primary image containing the corruption; and
  
  mounting a final embedded operating system file system and launching the embedded operating system.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The method of claim 1 further including, following checking the primary image within the distribution disk and prior to mounting the final embedded operating system file system and launching the embedded operating system:
3. The method of claim 2 further including, prior to booting the initial operating system:
- downloading a new primary image into a distribution disk partition.
4. The method of claim 3 wherein the boot partition is maintained in a read-only access mode except during rebuilding of the boot disk partition.
5. The method of claim 1 wherein the initial operating system runs in the context of a simulated disk partition in random access memory.
6. The method of claim 1 wherein the initial operating system invokes a first script routine to check the boot disk partition for corruption, check the distribution disk partition for corruption and format the distribution disk partition if corruption is found, check the distribution disk partition for the presence of a primary image, and, if a primary image is not found, copy a backup primary image from the boot disk partition to the distribution disk partition, and check the primary image within the distribution disk partition for corruption, and, if corruption of the primary image is found, copy a backup primary image from the boot disk partition to the distribution disk partition to replace the primary image containing the corruption.
7. The method of claim 6 wherein the first script routine extracts a second script routine from the primary image in the distribution disk partition and executes the second script routine to determine if the primary image in the distribution disk partition has a more recent version label than the backup primary image in the boot disk partition, and, if the primary image in the distribution disk partition has a more recent version label than the backup primary image in the boot disk partition, rebuild the boot disk partition and boot the initial operating system, and otherwise to verify all additional disk partitions, reformatting any disk partitions that are found to be corrupted, rebuilding the additional disk partitions that have been reformatted and rebuilding all additional disk partitions if the primary image in the distribution disk partition has a later version than the primary image from which the disk partitions were originally built.
8. The method of claim 1 wherein the primary image located within the distribution disk partition comprises a compressed primary image archive file and an uncompressed primary image archive file and wherein the backup primary image stored within the boot partition comprises a compressed primary image archive file.
9. The method of claim 8 wherein files required for operation of the embedded operating system and application routines running on the electronic device are extracted from the uncompressed primary image archive file located within the distribution disk partition in order to rebuild the boot partition and the additional disk partitions.
10. The method of claim 9 wherein the Linux operating system is used as the embedded operating system.
11. The method of claim 10 wherein the Linux system routine e2fsck is used to check the boot partition, distribution disk partition, and additional disk partitions for corruption, wherein the Linux system routine tar is used to generate the compressed primary image archive file and extract files required for operation of the embedded operating system and application routines running on the electronic device from the uncompressed primary image archive file, and wherein the Linux system routines gzip and gunzip are used to compress and uncompress the primary image archive file.

12. An electronic device controlled by an embedded operating system, the electronic device not storing operating system instructions or data in a read-only electronic memory, the method comprising:
- a processor and random access memory;
  
  a hard disk partitioned to include a boot disk partition and a distribution disk partition;
  
  a primary image stored in the distribution disk partition;
  
  a backup primary image stored in the boot partition; and
  
  a number of routines executed by the processor following booting of the electronic device that verify the distribution and boot disk partitions and rebuild the primary image in the distribution partition-if the primary image contains corruption by copying the backup primary image from the boot disk partition into the distribution disk partition to replace the corrupted primary image.
- View Dependent Claims (13, 14, 15, 16, 17, 18, 19)
- - 13. The electronic device of claim 12 wherein the embedded operating system is the Linux operating system.
  - 14. The electronic device of claim 13 wherein the primary image stored in the distribution disk partition comprises a compressed primary image archive file and an uncompressed primary image archive file and wherein the backup primary image stored within the boot partition comprises a compressed primary image archive file.
  - 15. The electronic device of claim 14 wherein the number of routines include an initial routine and an install routine.
  - 16. The electronic device of claim 15 wherein the initial routine checks a boot disk partition for corruption, checks a distribution disk partition for corruption and formats the distribution disk partition if corruption is found, checks the distribution disk partition for the presence of a primary image, and, if a primary image is not found, copies a backup primary image from the boot disk partition to the distribution disk partition, and checks a primary image within the distribution disk partition for corruption, and, if corruption of the primary image is found, copies a backup primary image from the boot disk partition to the distribution disk partition to replace the primary image containing the corruption.
  - 17. The electronic device of claim 16 wherein the install routine determines if the primary image in the distribution disk partition has a more recent version label than the backup primary image in the boot disk partition, and, if the primary image in the distribution disk partition has a more recent version label than the backup primary image in the boot disk partition, rebuilds the boot disk partition and boots the initial operating system, and otherwise verifies all additional disk partitions, reformats any disk partitions that are found to be corrupted, rebuilds the additional disk partitions that have been reformatted and rebuilds all additional disk partitions if the primary image in the distribution disk partition has a later version than the primary image from which the disk partitions were originally built.
  - 18. The electronic device of claim 15 wherein, upon booting of the electronic device, an initial operating system is loaded and executed in the context of a simulated disk partition in random access memory, the initial operating system supporting execution of the initial and install routines.
  - 19. The electronic device of claim 18 wherein, after the initial routine finishes execution, a primary embedded operating system file system is mounted and the embedded operating system is launched.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Hewlett-Packard Development Company, L.P. (HP Inc.)
Original Assignee
Hewlett-Packard Development Company, L.P. (HP Inc.)
Inventors
VanRooven, Robert Martinez, Crawford, Kenneth Edward
Primary Examiner(s)
Baderman, Scott
Assistant Examiner(s)
LOHN, JOSHUA A

Application Number

US09/517,026
Time in Patent Office

1,223 Days
Field of Search

714/13, 714/36, 713/2, 717/172, 717/173
US Class Current

714/36
CPC Class Codes

G06F 11/1417 Boot up procedures

G06F 11/1433 during software upgrading

Method and system for failsafe recovery and upgrade of an embedded operating system

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system for failsafe recovery and upgrade of an embedded operating system

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links