eive/eive-obsw
eive/eive-obsw
13
4
Fork 0
Code Issues 4 Pull Requests 1 Releases 120 Wiki Activity

Reboot File Handling #154

Merged
meierj merged 27 commits from mueller/reboot-file-handling into develop 2022-03-01 17:24:27 +01:00
Conversation 1 Commits 27 Files Changed 41 +2580 -108
muellerr commented 2022-02-25 11:37:05 +01:00
Owner
Copy Link

Some more information can be found here:

https://egit.irs.uni-stuttgart.de/redmine/projects/eive-flight-manual/wiki/OBC_Reboot_Handler

This PR requires a cross-compile rootfs update or a manual update of libxiphos.h.

It also might require setting up the build folder again because of a new linker flag.
Need to update CI cross-compile rootfs because of bugs in libxiphos.h.

There is a deciated unittest which was coded and run in VS code to verify the correctness of the reboot alorithms without the need for hardware specific libraries.

Some more information can be found here: https://egit.irs.uni-stuttgart.de/redmine/projects/eive-flight-manual/wiki/OBC_Reboot_Handler This PR requires a cross-compile rootfs update or a manual update of `libxiphos.h`. It also might require setting up the build folder again because of a new linker flag. Need to update CI cross-compile rootfs because of bugs in `libxiphos.h`. There is a deciated unittest which was coded and run in VS code to verify the correctness of the reboot alorithms without the need for hardware specific libraries.
muellerr added 2 commits 2022-02-25 11:37:05 +01:00
fsfw and tmtc update
All checks were successful
EIVE/eive-obsw/pipeline/head This commit looks good
Details
00bd6e260a
separate branch for reboot file handling
Some checks failed
EIVE/eive-obsw/pipeline/head There was a failure building this commit
Details
EIVE/eive-obsw/pipeline/pr-develop There was a failure building this commit
Details
3a6c7e3183
muellerr changed title from Reboot File Handling to WIP: Reboot File Handling 2022-02-25 11:37:21 +01:00
muellerr added 1 commit 2022-02-25 13:20:47 +01:00
update README
Some checks failed
EIVE/eive-obsw/pipeline/pr-develop There was a failure building this commit
Details
55618e381c
muellerr added 2 commits 2022-02-25 13:24:47 +01:00
cleanDocker
Some checks failed
EIVE/eive-obsw/pipeline/pr-develop There was a failure building this commit
Details
da78e57dd3
muellerr added this to the v1.9.0 milestone 2022-02-26 16:56:54 +01:00
muellerr added 1 commit 2022-02-28 13:29:26 +01:00
Merge remote-tracking branch 'origin/develop' into mueller/reboot-file-handling
Some checks failed
EIVE/eive-obsw/pipeline/pr-develop There was a failure building this commit
Details
ba68c80d6b
muellerr added 1 commit 2022-02-28 14:13:39 +01:00
reboot logic unittest init
Some checks failed
EIVE/eive-obsw/pipeline/pr-develop There was a failure building this commit
Details
042acc1a23
muellerr added 1 commit 2022-02-28 15:59:36 +01:00
fsfw update
Some checks failed
EIVE/eive-obsw/pipeline/pr-develop There was a failure building this commit
Details
ff35986a16
muellerr added 1 commit 2022-02-28 16:05:36 +01:00
use catch2 main
Some checks failed
EIVE/eive-obsw/pipeline/pr-develop There was a failure building this commit
Details
8e6d8a6fa8
muellerr added 1 commit 2022-02-28 16:35:30 +01:00
improved mount logic, create conf folder is missing
Some checks failed
EIVE/eive-obsw/pipeline/pr-develop There was a failure building this commit
Details
a2bc72a798
muellerr added 1 commit 2022-02-28 16:47:44 +01:00
continued tests, first fixes
Some checks failed
EIVE/eive-obsw/pipeline/pr-develop There was a failure building this commit
Details
8c2c402821
muellerr added 1 commit 2022-02-28 16:48:16 +01:00
some more fixes
Some checks failed
EIVE/eive-obsw/pipeline/pr-develop There was a failure building this commit
Details
8e8fe3d0c9
muellerr added 1 commit 2022-02-28 16:55:51 +01:00
added missing command
Some checks failed
EIVE/eive-obsw/pipeline/pr-develop There was a failure building this commit
Details
d4dcd8c03f
muellerr added 1 commit 2022-02-28 19:53:02 +01:00
various bugfixes from unittest
Some checks failed
EIVE/eive-obsw/pipeline/pr-develop There was a failure building this commit
Details
0d1ff8585c
muellerr added 1 commit 2022-02-28 20:24:44 +01:00
bugfix by inspection
Some checks failed
EIVE/eive-obsw/pipeline/pr-develop There was a failure building this commit
Details
165e6e829e
muellerr added 1 commit 2022-02-28 20:27:26 +01:00
added last unittests
Some checks failed
EIVE/eive-obsw/pipeline/pr-develop There was a failure building this commit
Details
1c17aac544
muellerr changed title from WIP: Reboot File Handling to Reboot File Handling 2022-02-28 20:27:50 +01:00
muellerr requested review from meierj 2022-02-28 20:28:27 +01:00
muellerr added 1 commit 2022-02-28 20:35:06 +01:00
small README
Some checks failed
EIVE/eive-obsw/pipeline/pr-develop There was a failure building this commit
Details
65961695de
muellerr changed title from Reboot File Handling to WIP: Reboot File Handling 2022-02-28 20:36:42 +01:00
meierj reviewed 2022-03-01 10:16:47 +01:00
bsp_q7s/core/CoreController.cpp Outdated
@ -1104,0 +1280,4 @@
}
void CoreController::determineAndExecuteReboot(RebootFile &rf, bool &needsReboot,
xsc::Chip &tgtChip, xsc::Copy &tgtCopy) {
meierj commented 2022-03-01 10:16:47 +01:00
Owner
Copy Link

There might be the unlikely but nevertheless possible case that one of the firmware images is corrupted and all reboot counters except for the counter of the partition containing the corrupted firmware reached the maximum reboot count. I think this could lead in the current configuration to a scenario where the OBSW tries to boot from the partition with the corrupted firmware (because the reboot counter for this image is the only one not set to max reboot counts) but always ends in another image because the Xiphos bootloader prevents booting the corrupted image (according to datasheet performs integrity check by means of a CRC and md5sum).
Just my thoughts on this. Maybe you already considered this scenario.

There might be the unlikely but nevertheless possible case that one of the firmware images is corrupted and all reboot counters except for the counter of the partition containing the corrupted firmware reached the maximum reboot count. I think this could lead in the current configuration to a scenario where the OBSW tries to boot from the partition with the corrupted firmware (because the reboot counter for this image is the only one not set to max reboot counts) but always ends in another image because the Xiphos bootloader prevents booting the corrupted image (according to datasheet performs integrity check by means of a CRC and md5sum). Just my thoughts on this. Maybe you already considered this scenario.
muellerr added 1 commit 2022-03-01 11:58:00 +01:00
extended reboot file handling
Some checks failed
EIVE/eive-obsw/pipeline/pr-develop There was a failure building this commit
Details
daa3b0084a
muellerr added 1 commit 2022-03-01 13:05:55 +01:00
update gitignore
Some checks failed
EIVE/eive-obsw/pipeline/pr-develop There was a failure building this commit
Details
b279434ef0
muellerr added 2 commits 2022-03-01 13:35:38 +01:00
repoint fsfw
Some checks failed
EIVE/eive-obsw/pipeline/pr-develop There was a failure building this commit
Details
684d9b8059
muellerr added 1 commit 2022-03-01 14:44:56 +01:00
extension for additional safety
Some checks failed
EIVE/eive-obsw/pipeline/pr-develop There was a failure building this commit
Details
e1112f1903
muellerr added 1 commit 2022-03-01 14:51:14 +01:00
small tweak
Some checks failed
EIVE/eive-obsw/pipeline/pr-develop There was a failure building this commit
Details
84367f8424
muellerr changed title from WIP: Reboot File Handling to Reboot File Handling 2022-03-01 14:51:28 +01:00
muellerr commented 2022-03-01 14:52:00 +01:00
Author
Owner
Copy Link

There is now an additional safety mechanism in place to prevent reboot loops onto images which fail before the OBSW is reached

There is now an additional safety mechanism in place to prevent reboot loops onto images which fail before the OBSW is reached
muellerr added 1 commit 2022-03-01 14:56:23 +01:00
small but important bugfix
Some checks failed
EIVE/eive-obsw/pipeline/pr-develop There was a failure building this commit
Details
be122038ed
muellerr added 1 commit 2022-03-01 15:07:07 +01:00
apply clang format to unittest folder as well
Some checks failed
EIVE/eive-obsw/pipeline/pr-develop There was a failure building this commit
Details
9e03f9babe
muellerr added 2 commits 2022-03-01 15:23:04 +01:00
repoint fsfw
Some checks failed
EIVE/eive-obsw/pipeline/pr-develop There was a failure building this commit
Details
EIVE/eive-obsw/pipeline/head There was a failure building this commit
Details
23e2c5ffc8
meierj approved these changes 2022-03-01 17:23:51 +01:00
meierj merged commit 81915f1772 into develop 2022-03-01 17:24:27 +01:00
muellerr deleted branch mueller/reboot-file-handling 2022-03-03 15:43:56 +01:00
Sign in to join this conversation.
Reviewers
No reviewers
meierj
Labels
Clear labels   
OPS TODO

Issues identified by OPS

  
api change

API change

  
breaking api change

API change which can break existing code

  
bug

Something is not working

  
documentation

Documentation

  
duplicate

This issue or pull request already exists

  
feature

New feature

  
help wanted

Need some help

  
invalid

Something is wrong

  
question

More information is needed

  
wontfix

This won't be fixed

No Label
OPS TODO
api change
breaking api change
bug
documentation
duplicate
feature
help wanted
invalid
question
wontfix
Milestone
Clear milestone
No items
No Milestone
v1.9.0
Assignees
Clear assignees
No Assignees
2 Participants
Notifications
Due Date
The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: eive/eive-obsw#154
No description provided.
Delete Branch "mueller/reboot-file-handling"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?