0

Context: I'm working on some kind of kiosk system. The system can be upgraded every now and then, remotely, and I want it to work as reliably as possible.

In embedded system, it's a common practice to have dual bank "boots". Many BIOS/UEFIs for instance support having 2 banks, when you flash a new firmware, the old one does not get deleted, and there's a way to start on the old one (not necessarily manually).

I would like to do this using GRUB2. I would like to have 2 OSes installed, and GRUB2 boots to one. If that OS fails to boot or fails to check, then GRUB2 would boot the other one.

The check would typically be:

  • A checksum (say a CRC32 of the first sector of a partition, or CRC32 of an ISO file)
  • A flag/counter.

For instance, GRUB2 would write somewhere a "failed attempt" counter. At each boot, this counter is incremented. The OS knows where to find the counter, and upon successful boot, puts the counter back to 0. If that counter goes beyond let's say 5, then GRUB2 switches to the other OS.

Scheme could be complicated a little further by adding a 3rd OS that would just be a remote recovery tool.

Note, I am open to alternative suggestions (whether it's using another bootloader, another method...), but Secure Boot has to be possible.

user1532080
  • 101
  • grub2-reboot can probably help you https://www.mankier.com/8/grub2-reboot : use new boot only once – A.B Dec 19 '22 at 14:51
  • @A.B Thank you. I don't think grub2-reboot itself can help me (if the OS fail booting catastrophically, it wouldn't be able to call that command), however it highlights the existence of the GRUB environment block that might very well help solving my problem! – user1532080 Dec 20 '22 at 08:49

0 Answers0