Consumer, computing and networking appliances (collectively appliance) typically include a program of instructions necessary to boot the appliance and test devices associated with the appliance, start an operating system, and support the transfer of data among devices. Devices associated with an appliance may include drivers, adapters and cards which provide a particular function within the appliance. Devices may also include a program of instructions in the form of firmware, for providing a desired function within the appliance. It is contemplated that those with ordinary skill in the art may refer to the program of instructions executed by devices as microcode.
Flash memory cards are widely utilized in the industry for the boot of an appliance. A motherboard of an appliance may boot the basic input/output instructions (BIOS), which then proceeds to the next step of booting off a flash memory card. After BIOS, the flash memory card may be found and may be executed as if it was a real, local disk. The boot image from the flash memory card may contain firmware for devices associated with the appliance to start the operating capability of the appliance, including, validating the device firmware.
A flash memory card may include a fixed amount of storage, including thirty-two megabytes (32 MB), sixty-four megabytes (64 MB) and one hundred twenty-eight megabytes (128 MB) of storage. Typically, a flash memory storage size is chosen by operating system vendors to support several generations of the operating system due to replacement restraints such as cost. Consequently, a single flash memory storage size may be utilized for a period greater than three years, providing a ceiling for boot image space.
For instance, referring to FIG. 1, a block diagram of a flash memory 100 known to the art is shown. Typically, the flash memory 100 is divided into a partition table 105 and two or more partitions 110, 120, typically equal-sized. Partition 110 may include a backup image and restore a previous or older version of operating instructions and a second partition 120 may store a primary image, reflecting the latest operating instructions. Alternatively, a partition table 105 may include a bit or value that may signify which partition 110, 120 is active. It may also be commonplace to have four or more partitions.
Each partition 110, 120 has a file system, in this example, a DOS file system (FAT 16 or FAT 32 for example). Each partition 110, 120 has a formatted file system which occupies a portion of each partition. A device typically has a natural block size, which is the minimum unit of allocation at a low level, the file system may cluster one or more blocks creating a cluster of blocks that is the allocation unit for the file system. When files are placed on each partition, blocks 130-160 are typically 512 bytes or larger, and files are rarely a cluster size in length. Consequently, for each file placed in each partition, a portion of the cluster block is wasted. Thus, after formatting and inefficiencies associated with block partitioning, 11 MB to 12 MB may be available for the boot image of a 32 MB flash memory card. It is contemplated that other types of partitioning and file systems may be employed by those with ordinary skill in the art, each of which would still result in a limit for boot image space.
The boot image, stored in a flash memory card, may include startup instructions for the appliance. Typically, the boot image includes firmware for validation and testing of devices associated with the appliance. A firmware image for a particular device may occupy over 750 kilobytes. With several devices, some requiring a firmware image greater than 750 kilobytes, available boot image space is greatly restricted. Consequently, a method and system of managing firmware and firmware updates while preserving the integrity of the device's operations is necessary.
Additionally, when firmware is updated for devices, it is accomplished early in the boot process of the appliance. This may allow initialization of the device, with the new firmware, to continue with a normal startup procedure. Firmware may include a boot block portion and an application block portion. A boot block portion contains instructions necessary for bootstrapping the device with itself and the appliance. The boot block portion is also known as the invariant sector by those with ordinary skill in the art. A boot block portion may occupy a space greater than a single block and may refer to the block of firmware used for booting that may span the hardware “block size if any” for the device. An application block portion is the portion of the firmware instructions which provides the functionality for the device, i.e. causes the device to perform its intended function. In order to maximize the functionality of the device, the application block portion of the firmware is often updated to correct errors in the original or previous versions. Some firmware may include multiple application block portions. A control section may be included in the firmware that may point to each application section. For instance, an application block portion may include a primary section and a backup section.
Vulnerability exists while updating firmware. The update may be interrupted due to a power failure, appliance crash, or system reset. Updating of firmware, also known as flashing to those with ordinary skill in the art, may occupy a large portion of time because it is typically implemented during a boot, and the boot may take much longer than a typical boot where firmware is not being updated. This may cause administrators and information technology professionals to believe an appliance is hung while it is still flashing, thus the administrator or information technology professional may try to reset the appliance prior to completion of the flashing.
If the update is interrupted, the image may be corrupted. If the application block is corrupted, the device will boot strap with the system but will be incapable of providing a normal function of the device as intended by the appliance. The device may be recovered by re-flashing the application block. However, the flashing process requires a device that has initialized with a host system such as an appliance, thus requiring a functional boot block. A boot block that is corrupted by a flashing failure is therefore rendered inoperable, and likely unrecoverable by means available to users. Firmware update failures, particularly boot block update failures, can be a primary cause of failed devices in the field.
As a result, system reliability may be improved by updating the boot block only when absolutely necessary. Some devices contain version information for the application block of the firmware image. Thus, if a later version of the firmware exists, it is difficult to avoid flashing the entire firmware image (application block and boot block) when the version has changed. Since the boot block portion rarely changes, the risk of boot block corruption may be mitigated by updating the boot block only when necessary. Consequently, an improved method and system for updating firmware is necessary.