CN113918001A - Embedded network equipment system upgrading data protection device and method - Google Patents

Embedded network equipment system upgrading data protection device and method Download PDF

Info

Publication number
CN113918001A
CN113918001A CN202111198556.2A CN202111198556A CN113918001A CN 113918001 A CN113918001 A CN 113918001A CN 202111198556 A CN202111198556 A CN 202111198556A CN 113918001 A CN113918001 A CN 113918001A
Authority
CN
China
Prior art keywords
file
module
starting
upgrading
data
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202111198556.2A
Other languages
Chinese (zh)
Other versions
CN113918001B (en
Inventor
杨灏畅
戴权
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Wuhan Changjiang Computing Technology Co Ltd
Original Assignee
Wuhan Changjiang Computing Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Wuhan Changjiang Computing Technology Co Ltd filed Critical Wuhan Changjiang Computing Technology Co Ltd
Priority to CN202111198556.2A priority Critical patent/CN113918001B/en
Publication of CN113918001A publication Critical patent/CN113918001A/en
Application granted granted Critical
Publication of CN113918001B publication Critical patent/CN113918001B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F1/00Details not covered by groups G06F3/00 - G06F13/00 and G06F21/00
    • G06F1/26Power supply means, e.g. regulation thereof
    • G06F1/30Means for acting in the event of power-supply failure or interruption, e.g. power-supply fluctuations
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F8/00Arrangements for software engineering
    • G06F8/60Software deployment
    • G06F8/65Updates
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F8/00Arrangements for software engineering
    • G06F8/60Software deployment
    • G06F8/65Updates
    • G06F8/654Updates using techniques specially adapted for alterable solid state memories, e.g. for EEPROM or flash memories
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F8/00Arrangements for software engineering
    • G06F8/70Software maintenance or management
    • G06F8/71Version control; Configuration management

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Security & Cryptography (AREA)
  • Stored Programmes (AREA)
  • Power Sources (AREA)

Abstract

The invention relates to the technical field of ARM embedded systems, and provides a device and a method for protecting system upgrading data of embedded network equipment. The device comprises a voltage monitoring module, a backup power supply module, a logic control module, a software downloading module and a backup starting module, wherein the logic control module realizes information transmission between CPUs in the voltage monitoring module and the software downloading module, informs the CPUs of the occurrence of a power failure event, and simultaneously controls the resetting of peripheral devices of an embedded network equipment system and the switching of the backup power supply module. The invention controls the reset of the peripheral device and the turn-off of the power supply by the logic device, reduces the power consumption of the system and is convenient for prolonging the power supply time of the backup power supply.

Description

Embedded network equipment system upgrading data protection device and method
[ technical field ] A method for producing a semiconductor device
The invention relates to the technical field of ARM embedded systems, in particular to a device and a method for protecting system upgrading data of embedded network equipment.
[ background of the invention ]
The development of embedded systems goes through a long-term process, and nowadays, the market scale is getting larger and larger, and the application of the embedded systems also tends to be mature and stable. In the past, processors based on ARM architectures are generally applied to occasions with low power consumption, small packages and relatively single functions, products have a long life cycle after leaving factories, basically do not need to be maintained or upgraded, and have a great cost advantage in the use of special equipment.
With the development of computer hardware and software technology, the internal architecture and functions of the embedded system are more complex, and the application range of the market is expanded from the original industrial and consumption fields to the communication and computing fields. The performance of the processor is improved, and meanwhile, the flexibility and the expansibility are higher. In computer networks, embedded systems with ARM architecture as core also start to undertake network computing and control tasks, and market share thereof is also increasing year by year. Generally, the hardware resources of the processor are limited, and the processor provides a rich software and hardware configuration mode in order to meet the requirements of different users. The user can update the software configuration in an online upgrading mode so as to meet the new use requirement of the product. The ARM embedded system usually adopts a mode of upgrading a whole software package to erase and replace data in an original storage medium. If the system starting image file is abnormal in the upgrading process, the integrity of the starting file is affected, the embedded equipment fails to be started, the whole equipment cannot be used, and the recovery cannot be carried out through an online means.
In view of the above, overcoming the drawbacks of the prior art is an urgent problem in the art.
[ summary of the invention ]
The technical problem to be solved by the invention is that the upgrading process of the embedded system must be kept complete, if the upgrading operation is interrupted due to abnormal events such as power failure or reset in the midway, the original stored data can be damaged, the equipment can not be started normally, and the debugging can not be carried out by means of serial ports or network ports and the like.
The invention adopts the following technical scheme:
in a first aspect, the present invention provides a protection device for system upgrade data of an embedded network device, including a voltage monitoring module 1, a backup power module 2, a logic control module 3, a software downloading module 4, and a backup starting module 5, specifically:
the voltage monitoring module 1 judges whether the input voltage is lower than a threshold value through a double-input comparator, and informs the logic control module 3 once the voltage drops;
the backup power supply module 2 is used for starting power supply for a short time under the control of the software downloading module 4 and continuously maintaining the normal operation of the system;
the logic control module 3 is used for realizing information transmission between the CPUs in the voltage monitoring module 1 and the software downloading module 4, informing the CPUs of the occurrence of power-down events, and simultaneously controlling the reset of peripheral devices of the embedded network equipment system and the on-off of a backup power supply module by the CPUs;
the software downloading module 4 is used for comparing specific storage data controlled by an upgrading program and erasing and writing the specific storage data into an upgrading process in the upgrading process of the system starting file;
the backup starting module 5 provides one or more sets of starting modes for starting the system, and reads the starting medium parameters from the logic control module 3 through the CPU to determine the starting mode to be executed currently.
Preferably, the specific stored data comparison and erasure writing upgrading process controlled by the upgrading program specifically includes:
judging that the target upgrading file is longer than a first preset length by an upgrading program, dividing the target file into a corresponding number of sectors by taking the first preset length as a unit according to the storage characteristics of the FLASH, and sequentially numbering the sectors according to a physical storage sequence;
reading the content of a sector with a first preset length corresponding to the current downloading progress number in the old system starting file by the upgrading program, and comparing the content with the data of the corresponding sector in the target upgrading file to see whether the content is the same; if yes, skipping the erasing process of the file of the current numbered sector; if not, erasing the unit address range corresponding to the target file and writing data corresponding to the new system starting file;
the next sector number is addressed until the associated sector file is traversed, ending the write process.
Preferably, the first predetermined length comprises 16KB, 32KB, 64KB or 128 KB.
Preferably, the backup power module 2 specifically includes:
according to the technical scheme, the rated working voltage of an embedded network equipment system is 12V, the rated power consumption is 6.6W, and if the time required by software to download a unit of data is 300ms, a capacitor with the total capacity of at least 40mF needs to be designed in the backup power module 2.
Preferably, the starting medium parameters at least include starting medium 0 and starting medium 1, specifically:
the starting medium 0 is used as a default starting medium of the CPU and is NOR FLASH in the embedded system; the boot medium 1 is used to store a backup boot program.
Preferably, the software downloading module 4 is a minimum system for maintaining the operation of the CPU, and the minimum system specifically includes:
operation and maintenance CPU, power supply, clock, memory and FLASH related software program.
In a second aspect, the present invention further provides a method for protecting system upgrade data of an embedded network device, which inputs a system upgrade instruction under a system and starts an upgrade program, and the method includes:
judging that the target upgrading file is longer than a first preset length by an upgrading program, dividing the target file into a corresponding number of sectors by taking the first preset length as a unit according to the storage characteristics of the FLASH, and sequentially numbering the sectors according to a physical storage sequence;
reading the content of a 64KB sector corresponding to the current downloading progress number in the old system starting file by the upgrading program, and comparing the content with the data of the corresponding sector in the target upgrading file to see whether the content is the same; if yes, skipping the erasing process of the file of the current numbered sector; if not, erasing the unit address range corresponding to the target file, and writing data corresponding to a new system starting file;
the next sector number is addressed until the associated sector file is traversed, ending the write process.
Preferably, when a system upgrade instruction is input under the system and an upgrade program is started, the method further includes:
reading the version number of the system starting file by the upgrading program, and judging whether the current system starting file is the latest version; if yes, the system starting file does not need to be upgraded again; if not, the description file needs to be updated, and an upgrading program is started.
Preferably, the target upgrade file includes:
starting a boot file uboot and/or a power-on configuration file RCW; wherein, the reference size of the uboot file is 512 KB; the RCW file reference size is 128 KB.
Preferably, the first preset length is 64 KB.
In a third aspect, the present invention further provides an apparatus for protecting upgrade data of an embedded network device system, which is used to implement the method for protecting upgrade data of an embedded network device system described in the second aspect, and the apparatus includes:
at least one processor; and a memory communicatively coupled to the at least one processor; wherein the memory stores instructions executable by the at least one processor, the instructions being executable by the processor for performing the method for embedded network device system upgrade data protection according to the first aspect.
In a fourth aspect, the present invention further provides a non-volatile computer storage medium, where the computer storage medium stores computer-executable instructions, and the computer-executable instructions are executed by one or more processors, so as to complete the method for protecting the upgrade data of the embedded network device system according to the first aspect.
The invention provides a design and operation method for minimum system file upgrading, which detects the occurrence of external voltage drop in time through a double-input voltage comparator, controls the reset of a peripheral device and the turn-off of a power supply through a logic device, reduces the power consumption of a system and is convenient for prolonging the power supply time of a backup power supply. After receiving the power failure interrupt, the CPU immediately finishes the downloading operation of one data block in the current memory and terminates the erasing task of the subsequent memory so as to ensure the integrity of the data in the memory. The device can be ensured to load complete starting files when being powered on and started every time as far as possible, access modes such as serial ports and network ports are kept working normally, and additional cost caused by returning to a factory for maintenance is avoided.
[ description of the drawings ]
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings required to be used in the embodiments of the present invention will be briefly described below. It is obvious that the drawings described below are only some embodiments of the invention, and that for a person skilled in the art, other drawings can be derived from them without inventive effort.
FIG. 1 is a block diagram of an overall design of a protection scheme for upgrading power-down data of an embedded system according to an embodiment of the present invention;
FIG. 2 is a schematic diagram of a programmable logic control power switch and reset according to an embodiment of the present invention;
fig. 3 is a reference diagram of a backup power supply design and a corresponding relationship between power supply time and program upgrade time thereof according to an embodiment of the present invention;
fig. 4 is a schematic flowchart of a method for protecting upgrade data of an embedded network device system according to an embodiment of the present invention;
fig. 5 is a flowchart of an upgrade operation of a core boot file according to an embodiment of the present invention;
FIG. 6 is a flow chart of a system power down alarm interrupt response provided by an embodiment of the present invention;
FIG. 7 is a flow chart of dynamic switching of the main/standby activation medium selection configuration of the system;
fig. 8 is a schematic structural diagram of an embedded network device system upgrade data protection apparatus according to an embodiment of the present invention.
[ detailed description ] embodiments
In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention is described in further detail below with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention.
In the aspect of hardware, the main body is realized by a voltage monitoring module, a backup power supply module and a logic control module. In the process of system upgrading, when an emergency power failure event occurs and the 12V bus voltage begins to drop, the event can be monitored at the first time through a comparator of the voltage monitoring module, and the interrupt is reported to the CPU through the logic control module. After receiving the interrupt, the CPU completes the current erasing operation and starts corresponding protective measures. At the same time, the programmable device (i.e., logic control unit) shown in fig. 3 powers off unnecessary peripheral circuits in the embedded system, and resets some peripherals, so as to minimize the power consumption of the hardware-based system (via the reset and power switch control signals in the figure). The backup power module can supply power to the embedded minimal system (i.e. the object content represented by the software downloading module in the subsequent embodiment of the invention) through the charge stored in the capacitor. Because the power supply time of the backup power supply module is limited, the effective power supply time of the backup power supply module is not determined due to the influence of the current operation state of the system. Therefore, a typical value of the normal power supply time of the backup power supply module can be given according to the current system power supply design and the minimum system power consumption through a timer in the programmable logic control module. When the timer time is over, the instruction is sent to the CPU again, and then the CPU stops further follow-up writing operation, so that the stability of the written data is ensured. And then the electric quantity of the backup power supply module is exhausted, and the system is powered off.
After the device is powered on again, the CPU will first obtain the reset configuration word from the programmable logic control module, and default to load the boot program from boot medium 0 (usually NOR FLASH). And when the uboot is loaded successfully, the flag bit of the CPLD register is actively written to indicate, so that the system is started successfully. If the system has not written a flag bit, the logic device will actively reset the system, output another set of reset configuration words, and load the boot program from the backup medium 1 (typically the boot partition of the eMMC).
In the aspect of software, the upgrading program is optimized, and meanwhile, the basic starting file is independently controlled. The method mainly aims at upgrading and protecting the most initial key file started by the CPU, and generally upgrades uboot (boot file) and RCW (power-on configuration file) due to the updating of system requirements, wherein the reference size of the RCW file is 128KB, and the reference size of the uboot file is 512 KB.
To erase as small particles as possible, the boot may be divided into a plurality of particles. From the starting function of the boot itself, the boot can be divided into 2 stages, the first stage is a stage in which the boot runs in ram and includes a boot with spl, and the second stage is a stage in which the initial DDR is moved to the memory to run. Typically the first stage is 4K and the second stage is greater than 300K. Since 4K is smaller than the erase sector of a general storage flash, the first phase is linked into one sector separately in the Makefile connection configuration of boot for the purpose of the granulation of the erase. And then, the storage offset of the second stage in the flash is appointed in the execution address offset, so that the boot can correctly execute the second stage code copied to the memory.
In erasing and writing in the system, read-compare is performed according to erased sectors, and only data are written when different. The sector size of FLASH is usually 64KB nowadays, erasing and writing occupy the largest time in the upgrading of Norflash, and unnecessary erasing and writing of particles can be saved by performing read-compare, so that the writing time is greatly saved.
According to the method and the device, the core starting file is split, meanwhile, the mode of reading and comparing is adopted, the time required by data erasing is shortened, and the electric quantity supply of the backup power supply in the time is met, so that the system data is not damaged in the process of upgrading power failure, and the system can be started again smoothly after the power failure.
In addition, the technical features involved in the embodiments of the present invention described below may be combined with each other as long as they do not conflict with each other.
Example 1:
embodiment 1 of the present invention provides an embedded network device system upgrade data protection apparatus, as shown in fig. 1, including a voltage monitoring module 1, a backup power module 2, a logic control module 3, a software downloading module 4, and a backup starting module 5, specifically:
the voltage monitoring module 1 judges whether the input voltage is lower than a threshold value through the double-input comparator, and informs the logic control module 3 once the voltage drops.
When the device is suddenly powered off, the voltage monitoring module 1 judges whether the input voltage is lower than a threshold value through the dual-input comparator, and once the voltage drops, the logic control module 3 is informed in a hardware signal mode at the first time. Meanwhile, the backup power module 2 starts to provide power supply for a short time, and continues to maintain normal operation of the system.
The backup power supply module 2 is used for starting power supply for a short time under the control of the software downloading module 4 and continuously maintaining the normal operation of the system; the backup power module 2 is usually realized by a power management chip with an energy storage function; the high-density energy storage capacitor is matched on hardware, the model of the power management chip is not specifically limited by the scheme, and only the voltage conversion output function of capacitor energy storage can be realized.
The logic control module 3 is used for realizing information transmission between the CPUs in the voltage monitoring module 1 and the software downloading module 4, informing the CPUs of the occurrence of power-down events, and simultaneously controlling the reset of peripheral devices of the embedded network equipment system and the on-off of a backup power supply module by the CPUs; the logic control module 3 is typically implemented by a programmable logic device (CPLD).
The software downloading module 4 is used for comparing specific storage data controlled by an upgrading program and erasing and writing the specific storage data into an upgrading process in the upgrading process of the system starting file;
the backup start module 5 provides one or more sets of start modes for starting the system, and reads the parameters of the start media from the logic control module 3 via the CPU to determine whether the current start position to be executed is started by the default address or the backup start module.
In this embodiment of the present invention, based on the designed backup starting module 5, the starting medium parameters at least include starting medium 0 and starting medium 1, specifically: the starting medium 0 is used as a default starting medium of the CPU and is NOR FLASH in the embedded system; the boot medium 1 is used to store a backup boot program.
The embodiment of the invention provides a design and operation method for minimum system file upgrading, which is characterized in that a double-input voltage comparator is used for timely detecting the occurrence of external voltage drop, a logic device is used for controlling the reset of a peripheral device and the turn-off of a power supply, the power consumption of a system is reduced, and the power supply time of a backup power supply is prolonged. After receiving the power failure interrupt, the CPU immediately finishes the downloading operation of one unit data block in the current memory and terminates the follow-up memory erasing task, thereby ensuring the integrity of the data in the memory.
In the embodiment of the present invention, the specific stored data comparison and erasure writing upgrading process controlled by the upgrading program specifically includes:
judging that the target upgrading file is longer than a first preset length by an upgrading program, dividing the target file into a corresponding number of sectors by taking the first preset length as a unit according to the storage characteristics of the FLASH, and sequentially numbering the sectors according to a physical storage sequence; wherein the first predetermined length comprises 16KB, 32KB, 64KB or 128 KB. The selection of the parameter values of the backup power module 2 can be realized by considering the cost of the reference backup power module 2 and the total data size of system upgrading, and in the actual realization process, if the first preset length is closer to the number of the system upgrading, the overall upgrading efficiency and the upgrading efficiency after power failure can be ensured, so that the requirement on the energy storage capacity of the backup power module 2 can be correspondingly improved, and the input cost of the backup power module is increased. The final selected parameter value may therefore be a compromise of the two factors mentioned above.
Reading the content of a sector with a first preset length corresponding to the current downloading progress number in the old system starting file by the upgrading program, and comparing the content with the data of the corresponding sector in the target upgrading file to see whether the content is the same; if yes, skipping the erasing process of the file of the current numbered sector; and if not, erasing the unit address range corresponding to the target file and writing data corresponding to the new system starting file.
The next sector number is addressed until the associated sector file is traversed, ending the write process.
In the embodiment of the present invention, a scenario is provided for showing the backup power module 2, where the backup power module 2 is usually implemented by a power management chip having an energy storage function; the high-density energy storage capacitor is matched on hardware, the model of the power management chip is not specifically limited by the scheme, and only the voltage conversion output function of capacitor energy storage can be realized. The method specifically comprises the following steps: according to the technical scheme, the rated working voltage of an embedded network equipment system is 12V, the rated power consumption is 6.6W, and if the time required by software to download a unit of data is 300ms, a capacitor with the total capacity of at least 40mF needs to be designed in the backup power module 2. The capacitance calculated by this method can ensure that, in a corresponding scenario, when a power failure occurs, the downloading and processing of a unit data can be completed completely, and the processing here will specifically relate to the skip action or erase write operation described in embodiment 2 of the present invention.
As shown in fig. 1, the software downloading module 4 is a minimum system for maintaining the operation of the CPU, and the minimum system specifically includes: operation and maintenance CPU, power supply, clock, memory and FLASH related software program.
In the preferred implementation scheme of the embodiment of the invention, the logic control module 3 mainly carries out quantitative evaluation on the system power consumption, and gives a reasonable power supply time reference value and reports the power supply time reference value to the CPU by combining the design condition of the capacitor in the backup power supply. Referring to the architecture shown in fig. 1, the overall workflow is: after the device is powered on, the CPU in the software downloading module 4 will first obtain a reset configuration word (i.e., a hardware power-on configuration file RCW) from the logic control module 3, and default to load a start program from a start medium 0 (usually NOR FLASH) in the backup start module 5. When the uboot loading is successful, the flag bit of the boot _ good register in the logic control module 3 is actively rewritten for indication, which indicates that the system is successfully started. After the CPU obtains the reset configuration word, the logic device starts an internal timer, and if the system has not written the boot _ good flag bit after the 60 second time, the logic device actively resets the system, outputs another set of reset configuration word, and loads the boot program from the backup boot medium 1 (usually, the boot partition of the eMMC). The starting function of the CPU from different types of storage media can be automatically selected through the steps without manual intervention.
When sudden power failure occurs in the system operation process, the 12V bus voltage begins to drop, an alarm is transmitted to the logic control module 3 by an external voltage comparison circuit in the voltage detection module 1, and meanwhile, the backup power supply module 2 continues to supply power through the charges stored in the capacitor. Fig. 2 shows a specific hardware implementation method of the logic control module 3 in fig. 1 for controlling the peripheral device reset and the power switch, and the logic control module 3 controls the system peripheral device reset in the embedded system and the PWR switch signal (PWR _ dev _ switch shown in fig. 2) to control the power off thereof through the RST (such as PHY _ RST, eMMC _ RST, PCIe _ RST, etc. shown in fig. 2). The peripheral device of the system mainly refers to a device which does not influence the normal operation of the CPU and the program downloading function in the embedded system. Such as devices that interface with the PCIe, IIC, and ethernet interfaces of the CPU. According to the overall architecture of the computer, the minimum system (i.e. the software downloading module 4) for maintaining the operation of the CPU at least comprises units such as a CPU, a power supply, a clock, a memory, a FLASH and the like. The method can reduce the overall power consumption of the system and report the power failure alarm interrupt to the CPU. Referring to fig. 3, a linear relationship exists between the power supply time of the backup power supply and the power consumption of the capacitor and the system, and the power supply magnitude can be dynamically adjusted according to a specific design. For example, if the power consumption of an embedded system is rated at 6.6W and the time required for software to download a unit of data is 300ms, a capacitor with a total capacity of 40mF needs to be designed in the backup power module 2. The above scenario is the holding time when the power down delay module supplies power at 3.3V/2A, and the default setting T is 300ms under this condition. The timer time is adjusted through the logic configuration pins, and the value can be adjusted according to the design conditions of different equipment. By analogy, if the time required for software download is more or less, the total amount of capacitance in the hardware design is increased or decreased proportionally. The logic control module 3 starts a timer with corresponding duration through a hardware signal configuration value according to the magnitude of the current capacitor design, and the CPU finishes erasing and writing of the current sector and compares subsequent file blocks. When the counting of the logic internal timer is finished, the electric quantity of the backup power supply is about to be exhausted, the interruption is sent again, and the CPU does not perform unreliable erasing work any more. And the equipment is started again, and is started from the main boot partition and the standby boot partition according to the condition, so that normal loading of the uboot can be ensured. And loading a default kernel and a default file system according to the condition. If the subsequent file is abnormal, loading another set of system file from the standby partition of the storage medium is set, so that the normal starting of the system is ensured, and the serial port of the network port is available.
Example 2:
in the embodiment of the present invention, a method for protecting system upgrade data of an embedded network device is provided, and a key point is to explain the method content associated with the technical solution of the present invention from an upgrade system side, and input a system upgrade instruction under a system to start an upgrade program, as shown in fig. 4, the method includes:
in step 201, the upgrade program determines that the target upgrade file is longer than a first preset length, divides the target file into a corresponding number of sectors by taking the first preset length as a unit according to the storage characteristics of the FLASH, and sequentially performs sector numbering according to a physical storage sequence. In the embodiment of the invention, a target upgrade file example is also shown, wherein the target upgrade file example comprises a boot starting file uboot and/or a power-on configuration file RCW; wherein, the reference size of the uboot file is 512 KB; the RCW file reference size is 128 KB.
In the example scenario proposed by the present invention, the first preset length is set to 64 KB. In an actual situation, the selection of the parameter value is realized by considering the cost of the reference backup power module 2 and the total data size of the system upgrade, and in an actual realization process, if the first preset length is closer to the number of the system upgrade, the efficiency of the whole upgrade and the efficiency of further finishing the upgrade after the power failure are ensured, so that the requirement on the energy storage capacity of the backup power module 2 is correspondingly improved, and the input cost of the backup power module is increased. The final selected parameter value may therefore be a compromise of the two factors mentioned above.
In step 202, the upgrade program reads the content of a sector with a first preset length corresponding to the current download progress number in the old system startup file, and compares the content with the data of the corresponding sector in the target upgrade file to see whether the content is the same; if yes, skipping the erasing process of the file of the current numbered sector; if not, erasing the unit address range corresponding to the target file, and writing the data corresponding to the new system starting file.
In step 203, the next sector number is addressed until the associated sector file is traversed, ending the write process.
The embodiment of the invention provides a set of minimum system file upgrading operation method, which is characterized in that a double-input voltage comparator is used for timely detecting the occurrence of external voltage drop, a logic device is used for controlling the reset of a peripheral device and the turn-off of a power supply, the power consumption of a system is reduced, and the power supply time of a backup power supply is prolonged. After receiving the power failure interrupt, the CPU immediately finishes the downloading operation of one data block in the current memory and terminates the erasing task of the subsequent memory so as to ensure the integrity of the data in the memory.
In the embodiment of the present invention, when a system upgrade instruction is input under a system and an upgrade program is started, the method further includes:
reading the version number of the system starting file by the upgrading program, and judging whether the current system starting file is the latest version; if yes, the system starting file does not need to be upgraded again; if not, the description file needs to be updated, and an upgrading program is started. Corresponding to the prerequisite steps of the above steps 201 to 203, the winjiang upgrade procedure, that is, the contents of the above steps 201 to 203, is started only when the determination is no and the description file needs to be updated.
Example 3:
the embodiment of the invention is an example of the transmission of the device polarity integrity scheme provided in the embodiment 1 through a complete example scene on the basis of the method in the embodiment 2. As shown in fig. 5, the method includes:
step S301: and inputting a system upgrading instruction under the system, starting an upgrading program, and turning to the step S302.
Step S302: and reading the version number of the system starting file by the upgrading program, and judging whether the current system starting file is the latest version.
The determination of the version involved in the embodiment of the present invention includes the version of the boot file in step S302, and also includes the version of the kernel file involved in step S310, which together form an upgrade object.
If yes, the system starting file does not need to be upgraded again, and the step S310 is switched to; if not, the instruction file needs to be updated, and the process proceeds to step S303.
Step S303: whether the target upgrade file is smaller than 64KB (i.e. the first preset length in embodiment 2) is determined by the upgrade program, and if so, the erase-write operation is directly performed. If the file is judged to be larger than 64KB, the process proceeds to step S304.
Step S304: according to the storage characteristics of FLASH, the target file is divided into a plurality of sectors by taking 64KB as a unit, numbering is sequentially carried out according to the physical storage sequence, the number of the current downloading progress is the number of the first sector, and the step S305 is carried out.
Step S305: the upgrade program reads the content of a 64KB sector corresponding to the current download progress number in the old system startup file, and compares the content with the data of the corresponding sector in the target upgrade file to see whether the content is the same. If so, the erasing process is skipped and the process proceeds to step S307. Otherwise, the process proceeds to step S306.
The reason that the comparison results of the data are the same appears here, and two levels of possible factors are caused; on one hand, the data of the program and the data of the program to be upgraded in the corresponding divided sectors are the same, which is usually strongly related to the storage and design of the modular program; on the other hand, it may be the sector that has been erased and written before the power down, and at the time of subsequent power-up again, the same conclusion may be reached and the erasing operation may be skipped when the comparison in step 305 is performed.
Step S306: the unit address range corresponding to the target file is erased, and data corresponding to the new system boot file is written, and the process proceeds to step S307.
Step S307: the unit number of the upgrade file downloaded under the control of the upgrade program is increased by one to indicate that the updating of the sector data corresponding to the current unit number is completed, and the process proceeds to step S308.
Step S308: judging whether the current file downloading progress number is larger than N or not by the upgrading program, if not, indicating that the whole file downloading is not finished, and turning to the step S305; if yes, the process proceeds to step S309.
Step S309: and (4) the upgrading program confirms that the upgrading of the system starting file is finished, all progress flag bits are reset, at the moment, the system starting file can be normally loaded, and the step S310 is carried out.
Step S310: the upgrade program determines whether the current system kernel file is the latest version, and if the current system kernel file is also the latest version, the update is not required, and the process proceeds to step S312. Otherwise, the process proceeds to step S311.
Step S311: and copying the kernel in the storage backup partition and the file system data to the main partition by the upgrading program to finish the repair of the large file of the system. Proceed to step S312.
Step S312: and after the minimum system is upgraded, the equipment can be normally started after being electrified. The minimum system file herein includes the system boot file (small file) related to steps S302 to S309, and also includes the driver and application files required by the basic functions of the system kernel, the file system, and the maintenance of the system network port serial port. The file classification method is a file classification method commonly used in the field of embedded software.
The system boot files typically include, but are not limited to, a power-on configuration file and a boot file, and the boot may be divided into multiple granules for as small granular erase and write as possible. From the starting function of the boot itself, the boot can be divided into 2 stages, the first stage is a stage in which the boot runs in ram and includes a boot with spl, and the second stage is a stage in which the initial DDR is moved to the memory to run. Typically the first stage involves a read data size of 4K and the second stage involves a data operation size of greater than 300K. Since 4K is smaller than the erase sector of a general storage flash, the first phase is linked into one sector separately in the Makefile connection configuration of boot for the purpose of the granulation of the erase. And then, the storage offset of the second stage in the flash is appointed in the execution address offset, so that the boot can correctly execute the second stage code copied to the memory.
In erasing and writing in the system, read-compare is performed according to erased sectors, and only data are written when different. The sector size of FLASH is usually 64KB nowadays, erasing takes the largest time in the upgrade of Norflash, and it can be known by querying the NOR FLASH manual that one 64KB sector needs 200ms for erasing, and 32KB sector needs 120ms for erasing, and performing read-compare can save unnecessary erasing of particles, and greatly save writing time.
Example 4:
referring to FIG. 6, it is a supplementary description of the file downloading steps S305 to S309 of FIG. 5. Mainly aiming at the situation that sudden power failure occurs in the system upgrading process, the specific coping steps provided by the scheme are as follows:
step S401: and running a system upgrading program, starting downloading a system starting file, and turning to the step S402.
Step S402: if a sudden power failure occurs in the system at this time, the logic control module 3 in fig. 1 starts an internal power-off timer, and the process proceeds to step S403.
Step S403: the logic control module 3 outputs power control and reset signals to the outside, reports Pwr _ Loss power failure interruption to the CPU in the minimum hardware system, and proceeds to step S404.
Here, the externally output power control and reset signal includes a reset and power switch control signal output to the system peripheral device in the drawing, and a power enable signal sent to the power backup module 2 in the drawing; the former is to put the corresponding system peripheral devices into a sleep (i.e. non-operational) state, so as to shut down the functions not associated with the upgrade as much as possible, and the latter is to control the backup power module 2 into a backup power supply powered state, i.e. the process represented by the system backup power supply arrow in fig. 1.
Step S404: after receiving the power-down interrupt event, the CPU first closes the system peripheral interface to reduce the overall power consumption, and at the same time, the upgrade program operates the power-down flag bit, and the process proceeds to step S405.
Step S405: the upgrade program determines whether the erase-write operation is currently being performed, if not, it indicates that the comparison operation is currently being performed or the system is in an idle period, and the system should not perform a new file erase-write operation any more, and then step S407 is performed. If so, the process proceeds to step S406.
Step S406: within the limited backup power supply time, the erasing operation of the current numbered sector is completed, and the step S407 is performed.
Step S407: the upgrade program records the current downloading progress, and after the timer in the logic control module finishes timing, the CPU does not perform any action any more, and the process goes to step S408.
Step S408: and when the system backup power supply is exhausted, the upgrading operation is automatically ended. At this time, no damaged sector with incomplete erasing is generated in the memory.
Example 5:
referring to fig. 7, a flowchart of an embodiment of the present invention is shown to describe details of an effective mechanism of the backup boot module 5 in fig. 1. The specific execution steps are as follows:
step S501: when the system is powered on and started, the internal register of the logic control module 3 in fig. 1 is initialized to power-on reset, and boot _ sel and boot _ good are set to 0 by default, and the process proceeds to step S502.
Step S502: judging whether the internal boot _ sel register is 0 or not by the logic control module, and if so, turning to step S503; otherwise, the process proceeds to step S504. If the boot _ sel register is 0, the program stored in the NOR FLASH in the embedded system is used as a starting program; if the boot _ sel register is 1, it indicates that the program stored in the corresponding NOR FLASH cannot be started, and jumps to the location for storing the backup startup program to perform the startup program acquisition, which should be caused by incomplete program upgrade in the NOR FLASH in the embodiment of the present invention.
Step S503: the logic control module outputs the level combination of the configuration signals required by the CPU to start the medium 0, and the process proceeds to step S505.
Step S504: the logic control module outputs the level combination of the configuration signals required by the CPU to start the medium 1, and the process proceeds to step S505.
Step S505: and the CPU in the hardware minimum system completes the solution reset and actively loads the starting program. At the same time, the logic control module starts to start time counting, and the process proceeds to step S506.
Step S506: after the CPU is normally started, the boot _ good register is actively written into 1 by the system program, and the process proceeds to step S507.
Step S507: if the boot _ good register is 1, indicating that the start is normal, the logic control module proceeds to step S310. Otherwise, go to step S508.
Step S508: the logic control module performs an inversion operation on the boot _ sel register, and proceeds to step S509.
Step S509: entering this step accounts for CPU boot exceptions and files in the default boot medium may be corrupted. At this time, the logic control module actively executes the CPU reset operation, and the process proceeds to step S502.
Step S510: and finally, smoothly loading the program from the starting medium 0 or 1 and successfully starting the program according to the completeness of the starting file in the storage medium.
In order to absolutely secure and reliable starting data, eMMC used as external storage in the system can be set as a standby starting partition, so that redundant replacement is formed, and the design cost is not increased. If other storage media are selected as backup starting media, a storage chip needs to be additionally designed on hardware for backup, and the device is started from a starting medium 0(NOR FLASH) by default. The method can ensure the validity of the upgrade mirror image and ensure that the system cannot be restarted due to upgrade failure.
Example 6:
fig. 8 is a schematic structural diagram of an embedded network device system upgrade data protection apparatus according to an embodiment of the present invention. The embedded network equipment system upgrade data protection device of the present embodiment includes one or more processors 21 and a memory 22. In fig. 8, one processor 21 is taken as an example.
The processor 21 and the memory 22 may be connected by a bus or other means, and fig. 8 illustrates the connection by a bus as an example.
The memory 22 is a non-volatile computer-readable storage medium and can be used to store a non-volatile software program and a non-volatile computer-executable program, such as the embedded network device system upgrade data protection method in embodiment 1. The processor 21 executes the embedded network device system upgrade data protection method by executing the non-volatile software programs and instructions stored in the memory 22.
The memory 22 may include high speed random access memory and may also include non-volatile memory, such as at least one magnetic disk storage device, flash memory device, or other non-volatile solid state storage device. In some embodiments, the memory 22 may optionally include memory located remotely from the processor 21, and these remote memories may be connected to the processor 21 via a network. Examples of such networks include, but are not limited to, the internet, intranets, local area networks, mobile communication networks, and combinations thereof.
The program instructions/modules are stored in the memory 22, and when executed by the one or more processors 21, perform the method for protecting the upgrade data of the embedded network device system in the above embodiment 1, for example, perform the steps shown in fig. 4 to 7 described above.
It should be noted that, for the information interaction, execution process and other contents between the modules and units in the apparatus and system, the specific contents may refer to the description in the embodiment of the method of the present invention because the same concept is used as the embodiment of the processing method of the present invention, and are not described herein again.
Those of ordinary skill in the art will appreciate that all or part of the steps of the various methods of the embodiments may be implemented by associated hardware as instructed by a program, which may be stored on a computer-readable storage medium, which may include: read Only Memory (ROM), Random Access Memory (RAM), magnetic or optical disks, and the like.
The above description is only for the purpose of illustrating the preferred embodiments of the present invention and is not to be construed as limiting the invention, and any modifications, equivalents and improvements made within the spirit and principle of the present invention are intended to be included within the scope of the present invention.

Claims (10)

1. The utility model provides an embedded network equipment system upgrading data protection device which characterized in that, includes voltage monitoring module (1), backup power module (2), logic control module (3), software download module (4) and backup start module (5), specifically:
the voltage monitoring module (1) judges whether the input voltage is lower than a threshold value through a double-input comparator, and informs the logic control module (3) once the voltage drops;
the backup power supply module (2) is used for starting power supply for a short time under the control of the software downloading module (4) and continuously maintaining the normal operation of the system;
the logic control module (3) is used for realizing information transmission between the CPUs in the voltage monitoring module (1) and the software downloading module (4), informing the CPUs of the occurrence of power-down events, and controlling the resetting of peripheral devices of the embedded network equipment system and the switching of the backup power supply module by the CPUs;
the software downloading module (4) is used for comparing specific storage data controlled by an upgrading program and erasing and writing the specific storage data into an upgrading process in the upgrading process of the system starting file;
the backup starting module (5) provides one or more sets of starting position selection for starting the system, and reads starting medium parameters from the logic control module (3) through the CPU to determine whether the current starting position to be executed is started through a default address or the backup starting module.
2. The device for protecting upgrade data of an embedded network device system according to claim 1, wherein the specific stored data comparison and erasure write-in upgrade procedure controlled by the upgrade program specifically includes:
judging that the target upgrading file is longer than a first preset length by an upgrading program, dividing the target file into a corresponding number of sectors by taking the first preset length as a unit according to the storage characteristics of the FLASH, and sequentially numbering the sectors according to a physical storage sequence;
reading the content of a sector with a first preset length corresponding to the current downloading progress number in the old system starting file by the upgrading program, and comparing the content with the data of the corresponding sector in the target upgrading file to see whether the content is the same; if yes, skipping the erasing process of the file of the current numbered sector; if not, erasing the unit address range corresponding to the target file and writing data corresponding to the new system starting file;
the next sector number is addressed until the associated sector file is traversed, ending the write process.
3. The embedded network device system upgrade data protection apparatus of claim 2, wherein the first preset length comprises 16KB, 32KB, 64KB or 128 KB.
4. The device for protecting upgrading data of an embedded network device system according to claim 2, wherein the backup power module 2 specifically includes:
according to the technical scheme, the rated working voltage of an embedded network equipment system is 12v, the rated power consumption is 6.6W, and if the time required by software to download a unit of data is 300ms, a capacitor with the total capacity of at least 40mF needs to be designed in a backup power supply module (2).
5. The device for protecting upgrading data of an embedded network device system according to any of claims 1-4, wherein the starting medium parameters at least include a starting medium 0 and a starting medium 1, specifically:
the starting medium 0 is used as a default starting medium of the CPU and is NOR FLASH in the embedded system; the boot medium 1 is used to store a backup boot program.
6. The device for protecting system upgrade data of an embedded network device according to claim 1, wherein the software download module (4) is a minimum system for maintaining the operation of a CPU, and the minimum system specifically comprises: the operation and maintenance CPU, a power supply, a clock, a memory and a FLASH related software program;
the embedded network equipment system peripheral device comprises one or more of PCIe, IIC and Ethernet.
7. A method for protecting the system upgrading data of embedded network equipment is characterized in that a system upgrading instruction is input under a system, and an upgrading program is started, and the method comprises the following steps:
judging that the target upgrading file is longer than a first preset length by an upgrading program, dividing the target file into a corresponding number of sectors by taking the first preset length as a unit according to the storage characteristics of the FLASH, and sequentially numbering the sectors according to a physical storage sequence;
reading the content of a 64KB sector corresponding to the current downloading progress number in the old system starting file by the upgrading program, and comparing the content with the data of the corresponding sector in the target upgrading file to see whether the content is the same; if yes, skipping the erasing process of the file of the current numbered sector; if not, erasing the unit address range corresponding to the target file, and writing data corresponding to a new system starting file;
the next sector number is addressed until the associated sector file is traversed, ending the write process.
8. The method for protecting the upgrade data of the embedded network device system according to claim 7, wherein when the system upgrade command is input under the system and the upgrade program is started, the method further comprises:
reading the version number of the system starting file by the upgrading program, and judging whether the current system starting file is the latest version; if yes, the system starting file does not need to be upgraded again; if not, the system starting file needs to be updated, and an upgrading program is started.
9. The method for protecting the upgrade data of the embedded network device system according to claim 7, wherein the target upgrade file includes: starting a boot file uboot and/or a power-on configuration file RCW; wherein, the reference size of the uboot file is 512 KB; the RCW file reference size is 128 KB.
10. The method as claimed in claim 7, wherein the first predetermined length is 64 KB.
CN202111198556.2A 2021-10-14 2021-10-14 Embedded network equipment system upgrading data protection device and method Active CN113918001B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202111198556.2A CN113918001B (en) 2021-10-14 2021-10-14 Embedded network equipment system upgrading data protection device and method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202111198556.2A CN113918001B (en) 2021-10-14 2021-10-14 Embedded network equipment system upgrading data protection device and method

Publications (2)

Publication Number Publication Date
CN113918001A true CN113918001A (en) 2022-01-11
CN113918001B CN113918001B (en) 2022-08-23

Family

ID=79240338

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202111198556.2A Active CN113918001B (en) 2021-10-14 2021-10-14 Embedded network equipment system upgrading data protection device and method

Country Status (1)

Country Link
CN (1) CN113918001B (en)

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111104146A (en) * 2019-12-18 2020-05-05 天地伟业技术有限公司 Embedded equipment with high stability and maintainability
CN113434162A (en) * 2021-03-30 2021-09-24 西南电子技术研究所(中国电子科技集团公司第十研究所) Method for remotely updating FPGA multi-version program on line
CN113485764A (en) * 2021-07-05 2021-10-08 珠海格力电器股份有限公司 Embedded system, control method and device thereof and storage medium

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111104146A (en) * 2019-12-18 2020-05-05 天地伟业技术有限公司 Embedded equipment with high stability and maintainability
CN113434162A (en) * 2021-03-30 2021-09-24 西南电子技术研究所(中国电子科技集团公司第十研究所) Method for remotely updating FPGA multi-version program on line
CN113485764A (en) * 2021-07-05 2021-10-08 珠海格力电器股份有限公司 Embedded system, control method and device thereof and storage medium

Also Published As

Publication number Publication date
CN113918001B (en) 2022-08-23

Similar Documents

Publication Publication Date Title
CN110795027B (en) Solid state storage device and electronic system including the same
JP3544610B2 (en) Memory device
US5978922A (en) Computer system having resume function
KR100444537B1 (en) Data processor
US8914594B2 (en) Systems and methods of loading data from a non-volatile memory to a volatile memory
US9389673B2 (en) Systems and methods of performing a data save operation
US20140218078A1 (en) Enhanced recovery mechanisms
CN101634884B (en) Power source management controller and method thereof
US8151130B2 (en) Plural voltage level detection upon power drop for switching to standby mode with or without complete state saving interrupt processing
JPH05189075A (en) Lithium processing method for os/2 operating system
US20020129195A1 (en) Microcomputer with built-in programmable nonvolatile memory
US10579300B2 (en) Information handling system firmware persistent memory runtime reclaim
CN110865822B (en) Boot architecture and method for Bootloader brush writing program for whole vehicle controller
US11733883B2 (en) Storage device initiating maintenance operation actively without instruction of host and electronic system including the same
JP5981906B2 (en) Image forming apparatus
US20040250147A1 (en) Uninterrupted system operation
CN113918001B (en) Embedded network equipment system upgrading data protection device and method
JP5077385B2 (en) Vehicle navigation device
JP5795758B2 (en) Method for protecting data in non-volatile storage device
US10496303B2 (en) Method for reducing power consumption memory, and computer device
JPH0126086B2 (en)
CN113835512B (en) Power control method of memory storage device and memory storage system
JPH06222986A (en) Memory controller
JP2017072920A (en) Information processing device
JPH0228856A (en) Computer system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant