Skip to content

Guidance for systems that do not have the ability to rollback #256

New issue
New issue
Open
Feature
Open
Guidance for systems that do not have the ability to rollback#256
Feature
Assignees
athoelke
Labels
Firmware Update APIIssue or PR related to the Firmware Update APIclarificationSomething is confusing or missing in the documentation
@athoelke

Description

@athoelke
athoelke
opened on May 1, 2025

The programming model for the FIrmware Update API assumes that the system will always reboot back to a point where the FWU API can be queried to determine the FWU state of the system compoments.

Although this is technically true from the point of view that this model is describing the view presented by the Update service to the Update client via calls to the API - and therefore there is no "FWU state" that is relevant to the specification if the system fails to boot the firmware (i.e. the device is 'bricked', or the device boots some alternative recovery firmware).

This possiblity is mentioned in 4.6 Bootloader operation, under §4.6.4.

It would be helpful for the earlier sections on State transitions, Volatile states, and Behavior on error to mention scenarios where the system fails to restart and thus never complete a state transition.

Metadata

Metadata

Assignees

Labels

Firmware Update APIIssue or PR related to the Firmware Update APIclarificationSomething is confusing or missing in the documentation

Type

Feature

Projects

PSA Certified API development

Status

No status

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions