Hector Martin on Nostr: We have U-Boot UEFI so if you can at least have some indirection at the EFI layer to ...
We have U-Boot UEFI so if you can at least have some indirection at the EFI layer to select a kernel and do the "last known good booting" logic that would be good enough. We're not married to GRUB, any reasonable UEFI loader approach should work.
We just don't have EFI variable storage so you can't do it with the regular UEFI boot config, it has to be another layer (right now). The only storage available for EFI vars is NVMe, so there is no way to have EFI runtime services that allow variable access, i.e. if you enable EFI var support in U-Boot then you need Linux to understand its var storage format file and write to it directly, since there's no way to provide post-ExitServices runtime variable services.
The platform *does* have a boot failure counter in the PMU (currently reset by the Linux driver unconditionally), which at 5 (IIRC) triggers Apple's boot recovery (useless to us). So you could check for, like, 3 or 4 and boot a different kernel in that case. But then you still need some logic somewhere to implement that (and probably a tweak to the Linux driver to not reset it automatically, but rather wait for a userspace signal).
(We also have the whole thing with multiple ESPs for multiple installs and a device tree property to identify it, but that's platform-specific logic you would have to add anyway)
We just don't have EFI variable storage so you can't do it with the regular UEFI boot config, it has to be another layer (right now). The only storage available for EFI vars is NVMe, so there is no way to have EFI runtime services that allow variable access, i.e. if you enable EFI var support in U-Boot then you need Linux to understand its var storage format file and write to it directly, since there's no way to provide post-ExitServices runtime variable services.
The platform *does* have a boot failure counter in the PMU (currently reset by the Linux driver unconditionally), which at 5 (IIRC) triggers Apple's boot recovery (useless to us). So you could check for, like, 3 or 4 and boot a different kernel in that case. But then you still need some logic somewhere to implement that (and probably a tweak to the Linux driver to not reset it automatically, but rather wait for a userspace signal).
(We also have the whole thing with multiple ESPs for multiple installs and a device tree property to identify it, but that's platform-specific logic you would have to add anyway)