On Jan 31, 2016, at 11:37 AM, Kilian Krause <kil...@debian.org> wrote:
> If you have the impression that "most" of the > ARM systems out there are only equipped with a single boot device that's not > removable, please do give a list. Otherwise, unbricking a vfat or ext4 > partition on a PC should be piece of cake. I agree that installing U-boot to a removable μSD is, as you say, "a piece of cake" for most Linux users. And as long as you keep an old, working, μSD around, you're safe enough if you know what you're doing. Except for three things: 1) Not all machines that run U-boot have their boot firmware on removable media. I know of at least two fairly popular, though admittedly old, armel architecture series of machines, each with several models -- SheevaPlug and OpenRD -- all of which boot from internal MMC flash that is soldered to the mainboard. I believe there are others as well. Modern machines are less likely to be that way, but I'm not willing to bet that the upcoming IoT generation will follow that trend. If manufacturers can save a few pennies by soldering the boot ROM, they probably will -- even if it inconveniences a few of us Linux hackers. 2) We're talking about auto-updating, not about a manual process that involves pulling out the old μSD and replacing it with a new one that you have prepared off-line. In those circumstances, the risk of corrupting the only working copy is not small. 3) The users of such devices can hardly be expected to be very hardware/software/firmware sophisticated, regardless of whether the boot firmware is on removable media. I know a lot of people who might want a smart thermostat, but I wouldn't trust more than a tiny handful of them with the man page for the dd command and a μSD card to recover from a U-boot auto-update that went catastrophically wrong. So, if the feature is optional, and the default is OFF, do what you like. But I would recommend for most users to leave the feature turned off. Just my two cents worth... Rick