The present invention relates generally to an architecture and methodology for downloading firmware and specifically to an architecture and methodology for recovering from an unsuccessful firmware download.
To maintain computational systems at peak levels of efficiency, it is common to periodically upgrade software in such systems. A common type of upgrade is to the firmware of the system. xe2x80x9cFirmwarexe2x80x9d is an ordered set of instructions and/or data that is used in booting a computational system. After the firmware instructions or data are coded into ROM, they become part of the hardware (microcode) or a combination of hardware and software (microprograms). An example of firmware is BIOS (Basic Input Output System), which is a set of procedures stored on a ROM chip inside PC-compatible computers.
In normal firmware upgrade operations, new firmware is downloaded into RAM and, if the downloaded new firmware is valid, the new firmware is written into nonvolatile memory such as EPROM, PROM, flash memory, and the like. Typically, old firmware is written over or erased when the new firmware is recorded in nonvolatile memory.
Prolonged system downtime can be caused by malfunctions in the upgrade operation. For example, the new or upgraded firmware can be corrupted or incompatible with the system hardware. Alternatively, the system can go down during writing of new firmware to system memory, thereby causing a loss of both old and new firmware code (known as a xe2x80x9cdeath by downloadxe2x80x9d). For any of these reasons, the new firmware can fail to boot the system.
To correct this problem, the operator typically has no alternative but to redownload the firmware until it brings up the system. The system will thus be out of service until downloading is successful and the new or upgraded firmware successfully runs the system. For example, if a BIOS upgrade fails on a PC, the PC becomes unusable until the BIOS upgrade can be successfully completed and, until a successfully completed BIOS upgrade, the system cannot be used to download another BIOS image such as from a WEB server.
The method and architecture of the present invention solves these and other problems and represents a significant advancement over the art.
In one embodiment, a method is provided for booting a computational component. The method is particularly useful when a new version of firmware or a firmware upgrade (hereinafter xe2x80x9cnewxe2x80x9d or xe2x80x9cfirstxe2x80x9d firmware) is loaded on the computational component which contains an older version of firmware (hereinafter xe2x80x9coldxe2x80x9d or xe2x80x9csecondxe2x80x9d firmware). As will be appreciated, old firmware can be a permanent version of firmware (such as BIOS recorded on a chip) or an earlier firmware upgrade or firmware replacement recorded in writeable, nonvolatile memory. The method includes the steps of validating the first firmware; executing the first firmware when the first firmware is successfully validated; and executing the second firmware when the first firmware is invalid.
When the first firmware is unsuccessfully validated, the computational component executes the older version of the firmware to ensure availability of the computational component in the event that the first firmware is corrupt, nonexistent or otherwise invalid. An invalidating process can be used to invalidate the first firmware and revert back to the older version of firmware that is known to work. For example, the older version of firmware can be a prior firmware upgrade, modification, or replacement that previously was successfully validated and/or that previously successfully operated the component.
The older version of firmware can be stored in any suitable location. In one configuration, the older version of firmware is permanently stored in ROM as part of or in addition to the boot code. In this configuration, the firmware is not erasable. In another configuration, the older version of firmware is stored in writeable, nonvolatile memory (e.g., flash memory, EPROM or EEPROM) and is erasable.
In one configuration, the validating step is repeated for a predetermined number of attempts. The providing (e.g., loading) step includes the substep of setting at least one of a validation flag to a next state (e.g., xe2x80x9cPENDINGxe2x80x9d) and a counter to an initial number (e.g., zero); determining if the validation flag and/or counter has reached a predetermined state (e.g., xe2x80x9cPENDINGxe2x80x9d and/or xe2x80x9cthreexe2x80x9d respectively); and invalidating the firmware when the validation flag has reached the predetermined state (e.g., by setting the validation flag to xe2x80x9cINVALIDxe2x80x9d). Other states for the validation flag include xe2x80x9cEMPTYxe2x80x9d (meaning that the firmware is being uploaded or downloaded), and xe2x80x9cVALIDxe2x80x9d (meaning that the validation step was successful). As will be appreciated, the validation flag can be any symbol (e.g., alphabetical, numerical, alphanumerical, etc.) denoting a state of the computational component (e.g., the validating process).
In another configuration, the validating step can be preceded by the steps of reading a (boot) code discrete from the firmware (the code typically being recorded in permanent ROM) and determining if new firmware is present. If not, the validation step is not performed.
In another configuration, the validating step includes calculating a checksum of the first firmware and determining if the checksum is valid. As will be appreciated, other validation techniques can be used including Cyclic Redundancy Check (xe2x80x9cCRCxe2x80x9d).
In another embodiment, a computational system containing firmware is provided that includes:
(a) means for reading a boot code (e.g., a code stored in ROM) of a computational component;
(b) means for determining, in response to reading of the boot code, if firmware is present in the computational component;
(c) means for validating the firmware when firmware is present; and
(d) means for executing the firmware, when the firmware is successfully validated.
In yet another embodiment, a computational system including downloadable firmware is provided that includes:
(a) a central processor for validating firmware;
(b) memory containing first and second firmware wherein the second firmware corresponds to the first firmware; and
(c) a firmware validator for validating the first firmware. The first or new firmware xe2x80x9ccorrespondsxe2x80x9d to the second or old firmware in the sense that it upgrades or replaces the old firmware.
The various embodiments represent a significant improvement in system availability. Having a full copy of the firmware in permanent ROM provides much greater system availability than a system having only a boot code in permanent ROM. With only one boot code in ROM, if the new firmware download fails, the system is out of service until the download can be successfully completed. If the new firmware fails to bring up the system, the system will be out of service until the user can procure a second copy of the new firmware for downloading. With the present invention, the system can be brought up to working condition by running either the previously known good firmware version in nonpermanent ROM or in permanent ROM, one or both of which are known to work.