Got it, let's walk through how to validate your updated passive partition's checksum in U-Boot before rebooting—this is totally feasible with U-Boot's built-in tools, you just need to tie a few pieces together.

U-Boot comes with built-in filesystem access and checksum calculation commands, so we can directly mount the passive partition, retrieve the precomputed checksum, calculate the checksum of the updated content, and compare the two before switching partitions.

1. Verify U-Boot Filesystem Support #

First, confirm your U-Boot build includes support for the filesystem on your passive partition (e.g., ext4, FAT). You can check this by running:

help

Look for commands like ext4ls, ext4load (for ext4) or fatls, fatload (for FAT). If they're missing, you'll need to recompile U-Boot with the corresponding config flags enabled (e.g., CONFIG_CMD_EXT4=y for ext4).

2. Store the Precomputed Checksum #

When pushing updates to the passive partition, save the precomputed checksum (SHA256 is recommended) in a reliable, non-overwriteable location:

• Option 1: Store it in a dedicated U-Boot environment variable (use setenv and saveenv).
• Option 2: Save it as a small text file on the passive partition itself (e.g., /boot/update_sha256.txt).
• Option 3: Use a separate small storage partition reserved for metadata.

3. Validate Checksum in U-Boot #

Method 1: Validate a Single Update File #

If your update is a single image (e.g., rootfs.img), load it into memory and calculate its checksum:

# Load the update file from passive partition (adjust mmc device/partition and path as needed)
ext4load mmc 0:3 ${loadaddr} /path/to/rootfs.img

# Calculate SHA256 checksum of the loaded file
sha256sum ${loadaddr} ${filesize}

# Compare with precomputed checksum (example using environment variable)
setenv expected_checksum "a1b2c3d4e5f6..."
if test "${sha256_result}" = "${expected_checksum}"; then
    echo "✅ Checksum matched! Preparing to switch active partition..."
    # Update boot partition to the passive one (adjust partition number)
    setenv bootpart 0:3
    saveenv
else
    echo "❌ Checksum mismatch! Update aborted."
fi

Method 2: Validate the Entire Passive Partition #

If you need to validate the entire partition, read its contents into memory (ensure you have enough RAM) and compute the checksum:

# Get partition details with `mmc part`, then read the partition into memory
mmc read ${loadaddr} 0x10000 0x20000  # Replace with your partition's start sector and sector count

# Calculate checksum (sector size is typically 512 bytes)
sha256sum ${loadaddr} $((0x20000 * 512))

# Compare logic is the same as above

4. Integrate into Your Update Workflow #

To automate this, wrap the validation logic into a U-Boot environment script. For example:

# Define the validation script as an environment variable
setenv validate_update '
ext4load mmc 0:3 ${loadaddr} /boot/update_sha256.txt;
env import -t ${loadaddr} ${filesize};
ext4load mmc 0:3 ${loadaddr} /path/to/rootfs.img;
sha256sum ${loadaddr} ${filesize};
if test "${sha256_result}" = "${expected_sha256}"; then
    setenv bootpart 0:3;
    saveenv;
    echo "Update validated successfully. Ready to reboot!";
else
    echo "Checksum verification failed. Update canceled.";
fi'

Then call this script after your update finishes:

run validate_update

Key Notes #

• Adjust all partition numbers, file paths, and memory addresses to match your TI board's hardware configuration. Use mmc part to confirm SD card partition details.
• If your update file is too large to fit in RAM, you can split it into chunks and compute an incremental checksum (check if your U-Boot version supports sha256sum -c for file-based validation).
• Always test the validation logic in a safe environment before deploying to production boards.

内容的提问来源于stack exchange，提问作者Nalin