Not applicable.
Not applicable.
1. Field of the Invention
The present invention generally relates to non-volatile memory devices. More particularly, the invention relates to a non-volatile memory device on which executable code is stored, that can tolerate a failure during reprogramming of the memory device. More specifically still, the invention relates to a reprogrammable Read Only Memory (xe2x80x9cROMxe2x80x9d) device that can recover from an interruption during a xe2x80x9cflashxe2x80x9d operation to rewrite the ROM.
2. Background of the Invention
Computer systems include various types of memory devices. Some memory devices are referred to as xe2x80x9cvolatilexe2x80x9d meaning that the data stored on the memory device is lost once power is turned off to the device. Other memory devices are xe2x80x9cnon-volatilexe2x80x9d which means they retain their data even if power is removed from the device.
Memory devices are used for a variety of purposes. For example, non-volatile memory, such as dynamic random access memory (xe2x80x9cDRAMxe2x80x9d), or more specifically synchronous DRAM (xe2x80x9cSDRAMxe2x80x9d), typically is used as the computer""s main system memory. Upon boot up, the computer""s operating system is copied into the main system memory and executed by the processor from that memory. As the user opens applications, each application also is copied from the storage drive (e.g., hard drive, CD ROM drive) on which the application is permanently stored into the main system memory from where it is executed. Main system memory also used to temporarily store data, configuration information, and other types of information that the computer may use during operation.
Non-volatile memory is useful for storing executable code that the computer may execute each time it is powered up. Such code is referred to as xe2x80x9cfirmware.xe2x80x9d By way of example, most computer""s have a set of executable routines called the Basic Input/Output System (xe2x80x9cBIOSxe2x80x9d) that provide access to various input and output device such as floppy disk drives and the display. The BIOS code is permanently stored on a non-volatile memory device called a Read Only Memory (xe2x80x9cROMxe2x80x9d). Instructions can be retrieved much faster from RAM than ROM. Accordingly, during the boot up process, the BIOS code is copied from the ROM device to the computer""s main system memory and, when needed, executed from main system memory.
Computers often have more than one processor besides the main processor. For example, some computers have a disk drive controller which writes data to or read from a disk drive. A disk controller may have its own processor. An example of a disk controller is a disk array controller often used in server systems to interface to an array of disk drives. The disk array controller circuit often is implemented on a separate add-in board. The circuit fabricated on the board includes a processor, a ROM, RAM, and other components necessary to interface the server to the drives. The ROM contains the firmware code that is executed by the disk array controller board""s processor. During system initialization, the array controller""s firmware is copied from the ROM to RAM on the disk array controller board and executed from RAM by the processor on the board.
It may be desirable to change the firmware code on the ROM. Enhancements to the code, for example, can increase performance. Some types of ROM devices permit the contents of the ROM to be changed. An Electrically Erasable Programmable Read Only Memory (xe2x80x9cEEPROMxe2x80x9d) is one such type of ROM. To reprogram an EEPROM (a process referred to as xe2x80x9cflashingxe2x80x9d the ROM), the device first is erased and then written with new data. The flash process requires executable code to perform the erasure and subsequent write.
A problem has been observed regarding flashing of EEPROMs particularly on disk array controller boards, although the problem may be present in other subsystems of the computer. The code necessary to perform the flash may be included as part of the firmware on the array controller""s ROM that is to be flashed (i.e., upgraded). That is, the code to be upgraded contains the set of executable instructions necessary to perform the upgrade. Because the code is executed from RAM, which is volatile memory, and the ROM first is erased before being rewritten with the upgraded code, a loss of power, or other type of interrupting event, during the flash process may render the array controller board useless. If power is lost during the flash process, the code that was stored in RAM disappears because of the volatile nature of RAM. In addition, the code that was stored on the ROM itself is lost because the flash process first erased the ROM. At this point, the code to be upgraded is gone from the array controller board, and because that code contained the instructions necessary to perform the flash, the mechanism to perform the flash also is lost. A disk array controller that experiences this problem may have to be sent back to the factory where specialized equipment is used to reprogram the ROM or to replace the ROM with a ROM containing new code. This scenario is highly inconvenient and undesirable for the user and thus, a solution is needed which can permit a recovery by the user if power is lost during a ROM flash. The solution should be one that requires minimal user involvement and avoids having to ship the computer or the array controller board back to the factory.
The problems noted above are solved in large part by a computer system having a ROM device containing two separately flashed areas. Each area contains a firmware image. From the factory, the two firmware images are identical. Each image also contains the executable code to flash an image area. The ROM also contains a xe2x80x9cboot blockxe2x80x9d sector that makes decisions as to which of the firmware image is the xe2x80x9cactivexe2x80x9d image and which is the xe2x80x9cinactivexe2x80x9d image. The active image is copied from the ROM to a RAM device and executed from RAM during normal system operation. The inactive image normally is not executed. The boot block sector also contains code that performs a checksum verification on the active image during initialization and, if the checksum fails, switches the active/inactive status of the two firmware images to make the previously inactive image the active image.
With two separately flashed firmware image areas, the ROM can recover if a power failure interrupts a flash operation. When the user wishes to perform a firmware upgrade, or otherwise change the firmware, the inactive image is erased and then rewritten with new firmware. Because the active image has not been erased at this point and still contains valid, executable code, a power failure occurring while the inactive image is being flashed can be tolerated because the active image is still valid and available.
After the inactive image is successfully flashed, assuming no power loss interrupted that process, the active image is erased and flashed with the new firmware thereby making both images once again identical. Alternatively, before flashing the active image area, the user is afforded the opportunity to determine whether to accept the new firmware or to revert back to the xe2x80x9coldxe2x80x9d firmware. This is accomplished by not flashing the active image immediately after flashing the inactive image. Instead, normal computer operation continues with the inactive image area containing the new firmware and the active image area containing the old firmware. The user can evaluate the system with the new firmware and decide whether to retain it. During or after the next system bootup, the boot block code recognizes that the versions of firmware in the active and inactive ROM areas are not the same and instructs the computer system to prompt the user whether to accept the newly flashed firmware or revert back to the old version. If the user elects to keep the new firmware, the active image area is flashed with new firmware from the inactive area. If however, the user wishes to go back to the old version of firmware, the inactive image area is flashed with the old firmware from the active area.
The ROM and method of flashing described can be used in any subsystem of a computer system or other electronic device. For instance, the ROM can be used in a disk array controller in a server system.