1. Field of the Invention
The present invention relates to embedded systems, and more specifically to a method and apparatus for upgrading firmware with tolerance to failures.
2. Related Art
Embedded systems generally refer to specialized systems used to control devices such as automobiles, home and office appliances, and handheld units (e.g., cell phones). Embedded systems are often characterized by limited memory at least due to reasons such as limited availability of space, cost, etc., as is well known in the relevant arts.
Embedded systems are often implemented with firmware to control the operation of various components (contained in the system). Firmware generally refers to a non-volatile memory (e.g., flash memory, programmable read only memory) which stores software. The software is executed to control the operation of the components. By providing non-volatile storage, the software continues to be available for use even after a system is switched off.
The software (in the firmware) is often implemented in the form of multiple application modules (each module having software instructions). It is sometimes desirable to upgrade application modules in an embedded system. The upgrading may be performed, for example, to add a new feature or to fix a recognized problem (bug). Various approaches are known in the prior art to perform such upgrades, with each approach having associated problems.
In one approach, a configuration-software manager/software executing on a personal computer (PC) downloads an upgrade file to an embedded system. The upgrade file contains the data necessary to upgrade the firmware (of application modules), and the downloaded data is processed to perform the desired download. The embedded system may be connected to the PC using any of the connecting technologies such as USB, etc.
One problem with such an approach is that the connection to the PC needs to be operational until the upgrading operation is completed (or at least the downloading is complete). If the connection fails in the middle of an upgrading operation, a system may cease to operate properly. Such failure of a connection may be caused by the sudden unavailability of a power source. Restoring operational status (of the system after the failure) may present challenges, for example, in a situation when communication drivers (software supporting the connection) are corrupted due to the partial upgrade.
Similar problem may be presented in an alternative approach, in which an upgrade file is provided on a medium such as a compact disc (CD), and an appropriate drive (provided as a part of the system) may retrieve the data in the upgrade file. The retrieved data is used to upgrade the firmware. If the upgrading operation aborts in the middle, the system may become non-operational, and drivers (software) necessary for the operation of the drive may be corrupted. As in the previous approach, restoring operational status of the system may present challenges due to the corrupted drivers.
What is therefore required is a method and apparatus for upgrading firmware which is tolerant to potential failures encountered during such upgrading.