[Dev] [RFC] Tizen system rollback

Aliaksei Katovich a.katovich at samsung.com
Mon Dec 2 13:39:36 GMT 2013

>    Hi,
>    On 2 December 2013 13:58, Aliaksei Katovich <[1]a.katovich at samsung.com>
>    wrote:
>              If my understanding is correct, then we are talking about
>      two different
>              things handling two different use-cases:
>              1) rollbacks in case devices fails to act stable or at all
>      (my proposal)
>              vs.
>              2) replication of device configuration if original device is
>      lost/stolen.
>              There is no doubt that these features can co-exist.
>    Well, my question can be simplified as:
>    since 2) has to be implemented anyway, why not levaraging it to
>    implement an alternative to 1) ?

	Because 2) sets different goals and has dependency on connectivity.

	I would prefer old Unix way to do things: specific tool per specific
	task ;)

	But seriously, these two do not look overlapping to me, but rather
	complementing each other in some way.

>    After device failure:
>    1) boot a read-only minimalistic partition, that can connect to servers
>    and download (and install):

	It is dependant on connectivity very much. In fact, you should have
	full blown setup to select proper network (wifi, 3g with all credentials
	etc.) Moreover, how that minimalistic partition will be kept in tact
	with data stored on external partitions (configs, credentials). These
	can become incompatible after several updates.

>     a) user specific information present on cloud (user data, list of
>    installed apps, cgf for each app, etc)
>     b) last known base OS
>     c) extra apps that the user had installed.
>    2) reboot the device into the newly reconstructed setup
>    This would also take care of a gap you currently have: keeping in sync
>    the modem FW.

	Modem FW is not a gap if it is a part of OTA updates.

	The be problematic scenario with modem updates is cold flashing.
	But I somehow believe that modem firmware can have some immune
	to rollbacks.

>    It could be easily re-flashed as part of the reconstruction process.
>    Same goes for whatever other peripheral that might have non volatile
>    FW.
>    Same process could be used to perform the so called "factory reset":
>    have a blank user with no apps/data configured.
>    So, if the process is performed through a "safe" partition, it doesn't
>    even require a PC,
>    only connectivity of some sort.

	Connectivity renders to be a problem in certain situations.

	Again, I am trying to offer _robust_ independent solution with minimal
	dependencies and _ifs_ attached. While reconstruction requires bigger
	and more fragile infrastructure to maintain.


>    --
>    cheers, igor
> References
>    1. mailto:a.katovich at samsung.com

More information about the Dev mailing list