@@ -612,11 +612,21 @@ int do_bootm_states(cmd_tbl_t *cmdtp, int flag, int argc, char * const argv[],
612612
613613#ifdef CONFIG_UPDATE_KUBOS
614614 /* Check the boot counter. If it's too high, we need to try and recover */
615- if (bootcount_load () > 2 )
615+ unsigned long bootcount = bootcount_load ();
616+ if (bootcount > 2 )
616617 {
617- ret = BOOTM_ERR_OTHER ;
618- printf ("ERROR: Failed to boot too many times, triggering recovery\n" );
619- goto err ;
618+ /*
619+ * If the bootlimit has been reached, then we're trying to execute the
620+ * alternate boot logic. It's entirely possible that we're still using
621+ * a `bootm` command to load an alternate OS, so don't automatically
622+ * fall into the recovery logic
623+ */
624+ unsigned long bootlimit = getenv_ulong ("bootlimit" , 10 , 0 );
625+ if (bootcount <= bootlimit ) {
626+ ret = BOOTM_ERR_OTHER ;
627+ printf ("ERROR: Failed to boot too many times, triggering recovery\n" );
628+ goto err ;
629+ }
620630 }
621631#endif
622632
@@ -789,10 +799,7 @@ int do_bootm_states(cmd_tbl_t *cmdtp, int flag, int argc, char * const argv[],
789799 * can track the failure and run the altbootcmd instead, if it's available.
790800 */
791801 printf ("Boot failed. No rollback could be completed\n" );
792- if (getenv_yesno ("recovery_available" ))
793- {
794- do_reset (cmdtp , flag , argc , argv );
795- }
802+ do_reset (cmdtp , flag , argc , argv );
796803
797804#endif
798805
0 commit comments