From mboxrd@z Thu Jan  1 00:00:00 1970
From: Jerry Van Baren <gerald.vanbaren@smiths-aerospace.com>
Date: Tue, 1 Feb 2005 14:06:10 -0500
Subject: [U-Boot-Users] Flash environment vs EEPROM environment
In-Reply-To: <20050201184555.1463BC108D@atlas.denx.de>
References: <20050201184555.1463BC108D@atlas.denx.de>
Message-ID: <41FFD322.4030401@smiths-aerospace.com>
List-Id: <u-boot.lists.denx.de>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
To: u-boot@lists.denx.de

Wolfgang Denk wrote:
> Dear Thomas,
> 
> in message <D9F0B2AD4531B0449D51C1F09199D484050E72@mail.kom-saarbruecken.com> you wrote:
> 
>>Yes, I know that this has been discussed recently and the recommendation
>>is to store the environment in flash, but:
> 
> Indeed.

[snip]

>>- Are there conditions known to cause similar effects with flash chips
>>as described for EEPROM devices? Could power loss or similar conditions
> 
> 
> No.
> 
> 
>>when writing environment sectors cause a flash device to destroy other
>>sectors than the just written one?
> 
> 
> In theory yes. You could assume a  system  without  power  monitoring
> where  the  power  is failing slowly so that at some point during the
> brownout the CPU migth start executing  bogus  insructions,  or  that
> some  bus  driver  corrupts  the  addresses  or data, or... In theory
> anything can happen.
> 
> Best regards,
> 
> Wolfgang Denk

Flash corruption is more than in theory: proper hardware design is to 
have a power fail warning sufficient to allow a flash write cycle to 
complete before power completely fails and your software should not 
write to the flash when the power fail warning is active.

If you do a lot of flash erase/writing and glitch the power rapidly and 
repeatedly during the flash activity, you _will_ have corrupted flash at 
_unpredictable_ (i.e. not necessarily the block you were intending to 
write/erase) locations.  Guaranteed.  Want to see the scars :-)?

Fortunately, most people (a) don't write rapidly and repeatedly to 
flash, (b) have stable power supplies that don't glitch rapidly and 
repeatedly (large output filter capacitors and power supervisory chips 
are your friends!) and (c) flash operations are relatively fast making 
the window of vulnerability very short.

Thus people get away with not using a power fail warning because the 
probability of corruption is extremely small, not necessarily by design 
but rather by happy coincidence.

gvb