The present invention relates to embedded operating systems and, in particular, to a method and system, for upgrade and recovery of an embedded operating system that do not rely on read-only memory.
Computer operating systems represent a well-known and mature technology of fundamental importance to the computer hardware and software industries. Computer operating systems have evolved into relatively large collections of software programs and routines that provide an interface between the processing hardware of a computer system and the users of that processing capability, including human users, application programs, peripheral devices, appliances, and remote devices and computers interconnected with the computer system via one or more communications networks. For example, a computer operating system is responsible for managing the internal memory resources of a computer system and allocation of those resources to active processes, as well as for managing loading and execution of programs associated with active processes and multiplexing of concurrently active processes. Computer operating systems include various device drivers that control peripheral devices interconnected with the computer system and that manage data transfer between the computer system and the peripheral devices, memory management facilities, command interpreters, file system facilities, and many additional functions. Modern computer operating systems are also responsible for providing an interactive environment with which human users interact with the computer system.
Initially, computer systems did not include operating systems. Operating systems evolved to provide efficient and robust servicing of concurrent human users of computer systems. The evolution of operating systems has been tightly coupled to the evolution of computer system hardware capabilities. As the hardware capabilities of peripheral devices and the functions and requirements for peripheral devices have increased, the concept of embedded operating systems that run within peripheral devices, such as printers, has emerged. Embedded operating systems internally manage peripheral and consumer electronic devices just as computer operating systems manage computer systems. In fact, certain operating systems initially developed as computer operating systems are currently being transformed into embedded operating systems for managing peripheral and consumer electronic devices, such as printers, home entertainment devices, and other such electronic devices.
FIG. 1 is a block diagram of a typical computing environment managed by an embedded operating system within a peripheral or consumer electronic device. A typical, high-end device includes a processor 102 that executes an embedded operating system and various software routines that control operation of the device, a random access memory (xe2x80x9cRAMxe2x80x9d) 104, a read-only memory (xe2x80x9cROMxe2x80x9d) 106, a hard disk or other mass storage device 108, a communications controller, such as an Ethernet controller, fibre channel controller, or modem 110, and various controllers 112 and 114 that control electrical and electromechanical components of the device. In a printer, for example, various controllers, such as controllers 112 and 114, may control electrical motors that feed sheets of paper and that control mechanical and electromechanical components such as print heads, collation mechanisms, and LCD front panel displays and pushbuttons that display information to a user and through which a user may input data to the routines that control operation of the printer. Typically, the processor 102, RAM 104, and ROM 106 may be interconnected via a high speed bus 116, that is, in turn, interconnected with a lower-speed bus 118 via a bus bridge 120. The lower-speed bus 118 typically interconnects the mass storage device 108 and controllers 110, 112, and 114 with the processor 102 and the RAM 104.
In current devices that employ embedded operating systems, instructions that represent the embedded operating system or critical components of the embedded operating system are stored in ROM 106 so that, when the device is powered on, the embedded operating system or critical components of the embedded operating system can be reliably retrieved from ROM for execution by the processor 102. The failure rate of ROM is much lower than the failure rate of mass storage devices so that, by using ROM to store the embedded operating system or critical components of the embedded operating system, the device can be powered up to a functional state even when the mass storage device becomes unreliable or fails completely. ROM data is maintained through power-on and power-off cycles, as is data stored on disk drives, but RAM data is not, and therefore RAM cannot be used for storing non-volatile copies of the embedded operating system. In addition to the critical components of the operating system, called the kernel, an operating system typically requires a data environment, called a file system, in which less frequently invoked routines and data files are stored. This data environment is typically stored in current peripheral and consumer electronic devices in file systems on the mass storage device 108 that allow data to be both read from and written to the file system. However, file systems that allow both reads and writes are potentially error prone, and sufficient robustness of the data can be obtained only by complex and expensive software technologies or combinations of specialized hardware and software technologies.
The kernel and associated data environment that together compose an embedded operating system are referred to as the xe2x80x9cprimary image.xe2x80x9d Normally, when errors occur that corrupt the embedded operating system, user intervention is required to rebuild the primary image from stored backup copies of the primary image, routines stored in ROM, or a combination of backup copies and ROM-based information. ROM memory is an expensive component, small in capacity, and is relatively expensive and time-consuming to update. Designers, users, and manufacturers of peripheral and consumer electronic devices have thus recognized the need for robustly storing an embedded operating system within an electronic device without using ROM memory and without using complex software or software and hardware solutions for robustly storing archival copies of primary images. In addition, designers, manufacturers, and users of peripheral and consumer electronic devices have recognized the need for embedded operating systems that can automatically detect and correct file system corruption, including corruption of the primary image, without user intervention, and that can be easily updated to newer or alternate versions from remote locations without extensive user intervention.
In one embodiment of the present invention within a peripheral or consumer electronic device, a read-only disk partition /boot is employed as a disk-based ROM that stores a failsafe copy of an initial operating system (xe2x80x9cOSxe2x80x9d) kernel as well as a backup copy of a primary image comprising a compressed archive file containing the data environment and operating system routines that are sufficient to boot up and install an embedded operating system. A second generally read-only disk partition /dist stores a backup copy of the primary image as well. The initial OS kernel, upon power-on or other boot event, is instantiated in a RAM-disk partition and runs several script routines that verify the integrity of the primary image and automatically rebuild the primary image in case of corruption. These script routines also perform integrity checks on the /boot partition and can rebuild the /boot partition in the case of a xe2x80x9cdestructivexe2x80x9d upgrade operation invoked as a result of a new primary image that has been downloaded to the /dist partition. By using the /boot partition as a disk-based ROM, the expensive ROM component typically employed in currently available peripheral and consumer electronic devices can be eliminated. Detection and correction of file system corruption is automatic, as is installation and upgrade to a new embedded OS version. Because the /boot partition that serves as disk-based ROM is read-only, corruption of the primary image and OS kernel stored within the /boot partition is extremely improbable, providing the robustness and reliability currently provided by storing critical routines and data in a ROM component.