This document describes the server firmware design to be configured in the backplane microcontroler.

{{>toc}}

h1. Bootloader

# Waits for 1 second for an USB/UART (FTDI or CH340G) upgrade.
# If the boot failure value in the external flash is greater than 2 (configurable threshold in EEPROM) : Switch to the other firmware
## Enable the other external firmware
## Reset the boot failure failure value to zero
# If the enabled external flash firmware version is different (not necessarily higher for downgrades) from the internal flash one
## Check the enabled firmware signature with the ATSHA crypto chip
## Copy the enabled firmware from the external flash to the internal flash
# Increment the boot failure value in the external flash
# Continue with the internal flash firmware
 
h1. Firmware

# Enable the watchdog
# Sanity self-check
# Reset the boot failure failure value to zero
# Hardware devices check
# Hardware devices initialization if needed (already up and running devices should not be reinitialized to allow firmware upgrade without downtime)
# Configure the admin network (DHCP or fixed)
# Start the enabled services
## RSyslogd
## HTTP REST API
## HTTP web admin interface
### SSL certificates management
### authentication
### permissions
### monitoring
### DB management
## Node manager
## Hardware monitoring service (prom)
## Backup manager
## ...
# On a regular (scheduled) basis
## Update the hardware watchdog
## Query NTP to update the RTC

h3. FPGA start

Check configure the specified FPGA with the specified (in configuration) gateware from the external flash