Using the Bootloader Recovery Mechanism

The bootloader includes:

• BootROM
• Microboot 1 (MB1)
• Microboot 2 (MB2)
• Quickboot (QB)
• Hypervisor which includes:
  • Partition Loader (PL)

These components load additional firmware components including:

• Boot images
• Partition images
• Other firmware

The bootloader fails to load if:

• Image corruption is declared: during boot, hash validation and signature authentication is performed. If the validation or authentication fails, the system declares that the image is corrupt.
• Device read failure occurs during boot, if hardware issues are detected, the system returns a device read error.

These failures result in a boot process failure and therefore require using the provided bootloader recovery mechanism.

During the boot process, the bootloader recovery mechanism ensures a functioning firmware is loaded.

To ensure the recovery mechanism functions flawlessly, be aware of:

• Firmware components have dependencies on each other.

  For example, the BPMP firmware and kernel are dependent on each other. If the BPMP firmware version and the kernel version are functionally incompatible, the system functioning may be abnormal and operation may not be as expected.

• Firmware updating process failures.

  For example, if a power outage occurs while the firmware is being updated the BPMP firmware may be updated with the latest version while the kernel retains the outdated version. Due to this version mismatch, the system malfunctions and operation may not be as expected.

Therefore, redundant copies are a set of all the firmware components that are functionally compatible with each other. This set of firmware components is called Boot Chain.

• The primary firmware components are on one boot chain.
• Redundant firmware components are on another boot chain.