Hi,
we were looking into using grub to implement an A/B system update
mechanism [1] and came to the point where we need to change the grub
environment from user space (grub-editenv) and from grub itself (save_env).
We looked at the code [2] and [3], and it sort of looks like the
environment file is written directly in both cases. We suspect that this
might cause the environment file to become invalid/empty in a power-loss
scenario.
Other write schemes, like: `write file.tmp; mv file.tmp file` or using
hard-links (if the fs supports it) might provide a better protection
against a power-loss scenario.
If this is an issue, then we would be willing to contribute some changes
to grub for this.
kind regards,
Claudius Heine
[1]
https://sbabic.github.io/swupdate/overview.html#double-copy-with-fall-back
[2]
https://git.savannah.gnu.org/cgit/grub.git/tree/grub-core/commands/loadenv.c#n380
[3] https://git.savannah.gnu.org/cgit/grub.git/tree/util/grub-editenv.c#n186
_______________________________________________
Grub-devel mailing list
Grub-devel@gnu.org
https://lists.gnu.org/mailman/listinfo/grub-devel
