Extend prevent-late-fallback by lock-counter #1732
Open
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
zentax-dev
added
the
enhancement
Codecov ReportAttention: Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## master #1732 +/- ##
==========================================
- Coverage 84.51% 84.49% -0.03%
==========================================
Files 76 76
Lines 22385 22599 +214
==========================================
+ Hits 18918 19094 +176
- Misses 3467 3505 +38
Flags with carried forward coverage won't be shown. Click here to find out more. ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
zentax-dev
force-pushed
the
lsc/boot_slot_locking
branch
2 times, most recently
from
8c35bbb to
65208dc
Compare
zentax-dev
changed the title
zentax-dev
force-pushed
the
lsc/boot_slot_locking
branch
from
65208dc to
cc71a48
Compare
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
zentax-dev
force-pushed
the
lsc/boot_slot_locking
branch
2 times, most recently
from
71c4606 to
5c3cfc8
Compare
ejoerns
requested changes
Jun 20, 2025
There was a problem hiding this comment.
@zentax-dev Thank you for the contribution!
I had a look at the code and left some comments where I think the feature still deserves some rework. I guess most are just about proper wording/naming and error handling.
You should also point out in the documentation when and why boot counter locking might be preferable to the existing 'mark bad other' solution we have.
zentax-dev
force-pushed
the
lsc/boot_slot_locking
branch
6 times, most recently
from
aab499f to
5d18924
Compare
|
Thanks for the feedback, think I got everything now. Forced pushed the changes |
a3f
suggested changes
Jun 23, 2025
zentax-dev
force-pushed
the
lsc/boot_slot_locking
branch
from
5d18924 to
aa96409
Compare
a3f
reviewed
Jun 23, 2025
a3f
reviewed
Jun 23, 2025
zentax-dev
force-pushed
the
lsc/boot_slot_locking
branch
from
aa96409 to
9875dd0
Compare
zentax-dev
force-pushed
the
lsc/boot_slot_locking
branch
3 times, most recently
from
6314e02 to
aaaf0c5
Compare
ejoerns
reviewed
Jun 24, 2025
a3f
suggested changes
Jun 24, 2025
zentax-dev
force-pushed
the
lsc/boot_slot_locking
branch
from
aaaf0c5 to
acc361d
Compare
added 7 commits
June 26, 2025 11:23
The new option for prevent late fallback adds the possibility to lock the attempts counter. It is a global setting and is not bound to any specific slot. When activated, the counter of the slot that is marked good will be locked and not decrease and increase anymore. It will be unlocked again, when the slot is marked active. The config option does not have any influence on which slot is bootet, it will just stop decrementing the remaining attempts counter in the bootloader. Signed-off-by: Lars Schmidt <l.schmidt@pengutronix.de>
Forward the counter locking option to the barebox bootloader. So the barebox can then stop decrementing the remaining_attempts counter. It inhibits fall-back to a previous version of the system, which can happen if a system is rebootet too frequently before a slot is marked good again and the remaining_attempts counter is incrememented. As a side effect, it inhibits excessive write cycles on the storage medium. This also needs changes to barebox, see [1]. [1] https://lists.infradead.org/pipermail/barebox/2025-June/051393.html Signed-off-by: Lars Schmidt <l.schmidt@pengutronix.de>
The setting is currently only supported by barebox. Signed-off-by: Lars Schmidt <l.schmidt@pengutronix.de>
The attempts counter will be locked/frozen, after it is marked good and will be unlocked/unfrozen again when it is marked active. Signed-off-by: Lars Schmidt <l.schmidt@pengutronix.de>
This adds the option to print the current state of prevent-late-fallback and also to enable and disable sets the lock-counter via userspace. The possibility to get/set it via D-Bus is not yet implemented and will be added separately. Signed-off-by: Lars Schmidt <l.schmidt@pengutronix.de>
It is best to show problems with inconsistent configuration early. When counter locking is enabled in rauc, it must also be set in the bootloader. Signed-off-by: Lars Schmidt <l.schmidt@pengutronix.de>
Signed-off-by: Lars Schmidt <l.schmidt@pengutronix.de>
zentax-dev
force-pushed
the
lsc/boot_slot_locking
branch
from
6ea2c5f to
20120bc
Compare
a3f
reviewed
Jun 26, 2025
I'll mark your remarks as resolved then |
|
@ejoerns would be nice if you could review this again |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This feature allows to lock the the
remaining_attemptscounter.When
remaining_attemptsis locked, the bootloader should not decremented and incremented the variable anymore during each boot.It is active when a slot is marked good and inactive when a slot is marked active.
This way it prevents fallback to an earlier version, whilst inhibiting additional write cycles to the target medium.
The status can be printed out with
barebox-stateandrauc status.In a prelimary talk with @ejoerns the decision was made to not add this to the D-Bus interface yet. It will be added in a future pull request.
This feature also needs to be supported by the bootloader.
So far, a patch has been handed in for barebox to support this feature, see