Firmware Upgrade Safety

Updating firmware is still often a somewhat risky task. The firmware is the software built into a chip in the hardware that provides the low-level functionality (drivers are the higher-level software that provides more advanced functionality).

The problem with updating firmware is that if the update does not go perfectly, this can leave the device in an indeterminate state without the ability to even try again since the low-level functionality is needed to upload firmware to the device in the first place.

In the old days, flashing a new BIOS or CD drive firmware was quite risky and resulting in much “bricking” (rendering a device useless). (Technically, there are usually ways to restore a working copy of the firmware like the manufacturer did in the first place, by cracking the device open and connecting to special ports on the motherboard (e.g., JTAG). Not surprisingly, manufacturers have tried coming up with better, safer solutions. Yet, updating firmware, especially with untested or third-party firmware remains risky to this day.

This is silly because there are numerous ways to prevent bricking devices.

One method that some manufacturers have implemented (usually on motherboards) is to use two BIOSes on the board. That way, if the main one fails, then the user can hold a special key combination or short a specific jumper or some such to restore a copy of the non-writable ROM backup to the erasable one.

This method is effective and can even be adapted in another way. Instead of having two copies of the firmware, simply have two flash drives. That way, when you upload a firmware, instead of being written to the main chip, it is saved to the storage chip, then if and only if it was successfully uploaded, it is quickly written (“flashed” if you will) to the main one. This way, the device can easily detect if the upload failed and provides an all-or-nothing flashing experience (an atomic transaction/operation in database parlance).