1.. SPDX-License-Identifier: GPL-2.0+ 2 3Boot Count Limit 4================ 5 6This is enabled by CONFIG_BOOTCOUNT_LIMIT. 7 8This allows to detect multiple failed attempts to boot Linux. 9 10After a power-on reset, the "bootcount" variable will be initialized to 1, and 11each reboot will increment the value by 1. 12 13If, after a reboot, the new value of "bootcount" exceeds the value of 14"bootlimit", then instead of the standard boot action (executing the contents of 15"bootcmd"), an alternate boot action will be performed, and the contents of 16"altbootcmd" will be executed. 17 18If the variable "bootlimit" is not defined in the environment, the Boot Count 19Limit feature is disabled. If it is enabled, but "altbootcmd" is not defined, 20then U-Boot will drop into interactive mode and remain there. 21 22It is the responsibility of some application code (typically a Linux 23application) to reset the variable "bootcount" to 0 when the system booted 24successfully, thus allowing for more boot cycles. 25 26CONFIG_BOOTCOUNT_EXT 27-------------------- 28 29This adds support for maintaining boot count in a file on an EXT filesystem. 30The file to use is defined by: 31 32CONFIG_SYS_BOOTCOUNT_EXT_INTERFACE 33CONFIG_SYS_BOOTCOUNT_EXT_DEVPART 34CONFIG_SYS_BOOTCOUNT_EXT_NAME 35 36The format of the file is: 37 38==== ================= 39type entry 40==== ================= 41u8 magic 42u8 version 43u8 bootcount 44u8 upgrade_available 45==== ================= 46 47To prevent unattended usage of "altbootcmd", the "upgrade_available" variable is 48used. 49If "upgrade_available" is 0, "bootcount" is not saved. 50If "upgrade_available" is 1, "bootcount" is saved. 51So a userspace application should take care of setting the "upgrade_available" 52and "bootcount" variables to 0, if the system boots successfully. 53This also avoids writing the "bootcount" information on all reboots. 54