Applying custom software image updates to non-volatile storage in a failsafe manner
First Claim
1. In a computing device, the computing device including a processor and system memory, a method implemented by the computing device for performing an update to a storage partition, the method comprising:
- receiving update data to apply to a plurality of components in a file-system image, the file-system image partitioned into a plurality of partitions;
validating the received update data;
determining whether to boot the device into an operating system mode or into an update mode;
booting the device into the update mode;
in response to booting the device into the update mode, the processor updating a selected partition by separately updating the plurality of components in the file-system image, wherein separately updating the plurality of components comprises applying update data to each component in the plurality of components, wherein the selected partition is selected from among the plurality of partitions;
in response to a successful update of the plurality of components in the file-system image, committing the resulting update to a system partition; and
in response to an unsuccessful update of the plurality of components in the file-system image, re-validating the received update data.
2 Assignments
0 Petitions
Accused Products
Abstract
Described is a system and method in which software updates in the form of self-contained, secure entities are applied to an embedded device'"'"'s non-volatile storage in a failsafe manner. Various types of software updates may be applied, and updates may contain executable code and/or data. Following a reboot, an initial program loader determines an update mode, and if updating, boots to a special update loader. The update loader processes update packages to apply the updates. Kernel partition, system partition and reserve section updates may be updated with entire files or binary difference files, with failure handling mechanisms are provided for each type of update. Updates may be simulated before committing them. Updates may be relocated in memory as appropriate for a device.
-
Citations
25 Claims
-
1. In a computing device, the computing device including a processor and system memory, a method implemented by the computing device for performing an update to a storage partition, the method comprising:
-
receiving update data to apply to a plurality of components in a file-system image, the file-system image partitioned into a plurality of partitions; validating the received update data; determining whether to boot the device into an operating system mode or into an update mode; booting the device into the update mode; in response to booting the device into the update mode, the processor updating a selected partition by separately updating the plurality of components in the file-system image, wherein separately updating the plurality of components comprises applying update data to each component in the plurality of components, wherein the selected partition is selected from among the plurality of partitions; in response to a successful update of the plurality of components in the file-system image, committing the resulting update to a system partition; and in response to an unsuccessful update of the plurality of components in the file-system image, re-validating the received update data. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A computer program product for use at a computing device, the computer program product comprising one or more computer-readable storage media having stored thereon computer-executable instructions which, when executed by a processor, cause the computing device to perform a method comprising:
-
receiving update data to apply to a plurality of components in a file-system image; validating the received update data; checking a flag at boot time to determine whether to boot the device into an operating system mode or into an update mode; booting the device into the update mode; in response to booting the device into the update mode, performing at least one update to the file-system image, wherein the file-system image is partitioned into at least two partitions including a system partition associated with the file-system image and a kernel partition, wherein performing at least one update to the file-system image comprises applying the update data to the plurality of components of the file-system image; in response to a successful update of the plurality of components of the file-system image, committing the resulting update to the system partition; and in response to an unsuccessful update of the plurality of components of the file-system image, re-validating the received update data and attempting to perform the at least one update to the file-system image using the newly validated update data.
-
-
7. In a computing device, the computing device including a processor and system memory, a method implemented by the computing device, the method comprising:
-
the processor breaking an operating system image into separate updateable partitions comprising a kernel partition and a system partition; and updating at least the kernel partition in isolation with respect to another partition by building a replacement image for the kernel partition and writing the replacement image over an existing image in the kernel partition, and updating the system partition with an update procedure that includes applying update data to a plurality of components of the system partition and validating the resulting updated components, wherein if the components are successfully validated they are committed to the system partition. - View Dependent Claims (8, 9, 10, 11, 12, 13, 14, 15)
-
-
16. A computer program product for use at a computing device, the computing device comprising one or more computer-readable storage media having stored thereon computer-executable instructions which, when executed by a processor, cause the computing device to perform a method comprising:
-
breaking an operating system image into separate updateable partitions comprising an kernel partition and a system partition; and updating at least the kernel partition in isolation with respect to the system partition by building a replacement image for a kernel partition and writing the replacement image over an existing image in the kernel partition, and updating the system partition with an update procedure that includes updating components of an image file system associated with the system partition and simulating an update process before committing updates the resulting updates to the second partition wherein simulating the update process comprises calculating a checksum for the replacement updates and verifying the resultant checksum against a known checksum for a properly built replacement component.
-
-
17. In a computing device, the computing device including a processor and system memory, a system comprising:
-
a boot mechanism for the processor to boot the computing device; and an update loader to which the boot mechanism boots upon detection of a pending update, the update loader comprising the only entity in the device code having write access to protected storage of the device, the protected storage containing at least two partitions comprising a kernel partition and a system partition, wherein the update loader separately updates each partition by building a replacement image for a kernel partition and writing the replacement image over an existing image in the kernel partition, and updates the system partition with an update procedure that includes building a replacement image for the system partition and simulating an update process before committing updates to the system partition, wherein simulating the update process comprises calculating a checksum for the replacement image and verifying the resultant checksum against a known checksum for a properly built replacement image. - View Dependent Claims (18, 19, 20, 21, 22, 23, 24, 25)
-
Specification