Electrical computers and digital processing systems: support – Digital data processing system initialization or configuration – Loading initialization program
Reexamination Certificate
2000-01-28
2003-06-24
Lee, Thomas (Department: 2185)
Electrical computers and digital processing systems: support
Digital data processing system initialization or configuration
Loading initialization program
C713S001000, C713S100000
Reexamination Certificate
active
06584559
ABSTRACT:
FIELD OF THE INVENTION
The present invention relates generally to an architecture and methodology for downloading firmware and specifically to an architecture and methodology for recovering from an unsuccessful firmware download.
BACKGROUND OF THE INVENTION
To maintain computational systems at peak levels of efficiency, it is common to periodically upgrade software in such systems. A common type of upgrade is to the firmware of the system. “Firmware” is an ordered set of instructions and/or data that is used in booting a computational system. After the firmware instructions or data are coded into ROM, they become part of the hardware (microcode) or a combination of hardware and software (microprograms). An example of firmware is BIOS (Basic Input Output System), which is a set of procedures stored on a ROM chip inside PC-compatible computers.
In normal firmware upgrade operations, new firmware is downloaded into RAM and, if the downloaded new firmware is valid, the new firmware is written into nonvolatile memory such as EPROM, PROM, flash memory, and the like. Typically, old firmware is written over or erased when the new firmware is recorded in nonvolatile memory.
Prolonged system downtime can be caused by malfunctions in the upgrade operation. For example, the new or upgraded firmware can be corrupted or incompatible with the system hardware. Alternatively, the system can go down during writing of new firmware to system memory, thereby causing a loss of both old and new firmware code (known as a “death by download”). For any of these reasons, the new firmware can fail to boot the system.
To correct this problem, the operator typically has no alternative but to redownload the firmware until it brings up the system. The system will thus be out of service until downloading is successful and the new or upgraded firmware successfully runs the system. For example, if a BIOS upgrade fails on a PC, the PC becomes unusable until the BIOS upgrade can be successfully completed and, until a successfully completed BIOS upgrade, the system cannot be used to download another BIOS image such as from a WEB server.
SUMMARY OF THE INVENTION
The method and architecture of the present invention solves these and other problems and represents a significant advancement over the art.
In one embodiment, a method is provided for booting a computational component. The method is particularly useful when a new version of firmware or a firmware upgrade (hereinafter “new” or “first” firmware) is loaded on the computational component which contains an older version of firmware (hereinafter “old” or “second” firmware). As will be appreciated, old firmware can be a permanent version of firmware (such as BIOS recorded on a chip) or an earlier firmware upgrade or firmware replacement recorded in writeable, nonvolatile memory. The method includes the steps of validating the first firmware; executing the first firmware when the first firmware is successfully validated; and executing the second firmware when the first firmware is invalid.
When the first firmware is unsuccessfully validated, the computational component executes the older version of the firmware to ensure availability of the computational component in the event that the first firmware is corrupt, nonexistent or otherwise invalid. An invalidating process can be used to invalidate the first firmware and revert back to the older version of firmware that is known to work. For example, the older version of firmware can be a prior firmware upgrade, modification, or replacement that previously was successfully validated and/or that previously successfully operated the component.
The older version of firmware can be stored in any suitable location. In one configuration, the older version of firmware is permanently stored in ROM as part of or in addition to the boot code. In this configuration, the firmware is not erasable. In another configuration, the older version of firmware is stored in writeable, nonvolatile memory (e.g., flash memory, EPROM or EEPROM) and is erasable.
In one configuration, the validating step is repeated for a predetermined number of attempts. The providing (e.g., loading) step includes the substep of setting at least one of a validation flag to a next state (e.g., “PENDING”) and a counter to an initial number (e.g., zero); determining if the validation flag and/or counter has reached a predetermined state (e.g., “PENDING” and/or “three” respectively); and invalidating the firmware when the validation flag has reached the predetermined state (e.g., by setting the validation flag to “INVALID”). Other states for the validation flag include “EMPTY” (meaning that the firmware is being uploaded or downloaded), and “VALID” (meaning that the validation step was successful). As will be appreciated, the validation flag can be any symbol (e.g., alphabetical, numerical, alphanumerical, etc.) denoting a state of the computational component (e.g., the validating process).
In another configuration, the validating step can be preceded by the steps of reading a (boot) code discrete from the firmware (the code typically being recorded in permanent ROM) and determining if new firmware is present. If not, the validation step is not performed.
In another configuration, the validating step includes calculating a checksum of the first firmware and determining if the checksum is valid. As will be appreciated, other validation techniques can be used including Cyclic Redundancy Check (“CRC”).
In another embodiment, a computational system containing firmware is provided that includes:
(a) means for reading a boot code (e.g., a code stored in ROM) of a computational component;
(b) means for determining, in response to reading of the boot code, if firmware is present in the computational component;
(c) means for validating the firmware when firmware is present; and
(d) means for executing the firmware, when the firmware is successfully validated.
In yet another embodiment, a computational system including downloadable firmware is provided that includes:
(a) a central processor for validating firmware;
(b) memory containing first and second firmware wherein the second firmware corresponds to the first firmware; and
(c) a firmware validator for validating the first firmware. The first or new firmware “corresponds” to the second or old firmware in the sense that it upgrades or replaces the old firmware.
The various embodiments represent a significant improvement in system availability. Having a full copy of the firmware in permanent ROM provides much greater system availability than a system having only a boot code in permanent ROM. With only one boot code in ROM, if the new firmware download fails, the system is out of service until the download can be successfully completed. If the new firmware fails to bring up the system, the system will be out of service until the user can procure a second copy of the new firmware for downloading. With the present invention, the system can be brought up to working condition by running either the previously known good firmware version in nonpermanent ROM or in permanent ROM, one or both of which are known to work.
REFERENCES:
patent: 5568641 (1996-10-01), Nelson et al.
patent: 5732268 (1998-03-01), Bizzarri
patent: 5793943 (1998-08-01), Noll
patent: 6079016 (2000-06-01), Park
patent: 6308265 (2001-10-01), Miller
patent: 6401208 (2002-06-01), Davis et al.
patent: 11328040 (1999-11-01), None
Huh Won Uk
Lyford William C.
Stiles Kevin L.
Avaya Technology Corp.
Lee Thomas
Sheridan & Ross P.C.
Yanchus Paul
LandOfFree
Firmware download scheme for high-availability systems does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Firmware download scheme for high-availability systems, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Firmware download scheme for high-availability systems will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-3148227