"Boot this kernel once" functionality? (amd64)

[Anthony Mallet <anthony.mallet%laas.fr@localhost>]

Hi,

I own a remote amd64 machine, with no physical access at all (no
serial console either). It can be remotely power cycled,
though. Upgrading a kernel there is always a bit frightening. In case
of a boot failure, the recovery process to revert to the old kernel is
painful and a bit involved (netboot on a debian system is doable, but
then accessing the netbsd UFS partition is tricky).

I was wondering how easy that would be to add a "boot once" feature to
our secondary boot loader. I know that OpenBSD has a trick that
searches for a "bsd.upgrade" kernel with the +x bit, then `chmod -x`
it and boots that. So, in case of failure, a power cycle will
reboot into the regular kernel. Grub also has some tricks to achieve
this, although a bit more obfuscated.

I checked a bit the secondary boot loader code. It seems that the bios
disk I/O routines are read-only (I was checking amd64 BIOS and UEFI
boot loaders). So this prevents implementing the OpenBSD trick. Is
this by design, or just because it was never required to add a writing
capability in the biosdisk_strategy() function? Is it just a matter of
implementing it?

I was also wondering if it would be possible to pass arguments to the
primary or secondary bootloader via reboot(2) and the boothowto
flags. But this doesn't seem doable. Right?

So I was about to give up with this idea, but I'm checking here for
more comments, feedback ... especially on adding write support to
biosdisk_strategy(), since I have no clue about BIOS in general :)

Cheers,
Anthony