|
From: | Claudius Heine |
Subject: | Atomic writing to environment file |
Date: | Tue, 16 Feb 2021 08:44:43 +0100 |
User-agent: | Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.6.1 |
Hi,we were looking into using grub to implement an A/B system update mechanism [1] and came to the point where we need to change the grub environment from user space (grub-editenv) and from grub itself (save_env).
We looked at the code [2] and [3], and it sort of looks like the environment file is written directly in both cases. We suspect that this might cause the environment file to become invalid/empty in a power-loss scenario.
Other write schemes, like: `write file.tmp; mv file.tmp file` or using hard-links (if the fs supports it) might provide a better protection against a power-loss scenario.
If this is an issue, then we would be willing to contribute some changes to grub for this.
kind regards, Claudius Heine[1] https://sbabic.github.io/swupdate/overview.html#double-copy-with-fall-back [2] https://git.savannah.gnu.org/cgit/grub.git/tree/grub-core/commands/loadenv.c#n380
[3] https://git.savannah.gnu.org/cgit/grub.git/tree/util/grub-editenv.c#n186
[Prev in Thread] | Current Thread | [Next in Thread] |