Merge patch series "bootstd: New bootmeth for RAUC A/B systems"

Martin Schwan <m.schwan@phytec.de> says:

This series implements a new bootmeth for RAUC A/B systems. RAUC (Robust
Auto Update Controller) is a lightweight update client, providing "Safe
and Secure OTA Updates for Embedded Linux". See the following links for
more information about RAUC:

  https://rauc.io/
  https://rauc.readthedocs.io/en/latest/

PHYTEC uses RAUC in its Yocto based distribution "Ampliphy" as the
default way of updating embedded devices based on PHYTEC hardware. So
far, the logic selecting the correct partitions and files to boot was
being implemented in the U-Boot environment. While this is a
straightforward way to do it, adding and supporting new platforms became
somewhat tedious and is platform-specific. The introduction of U-Boot's
"Standard Boot" provided a convincing alternative, promising a simpler
and more portable way of booting, even for RAUC systems. This led me to
implement a new bootmeth supporting RAUC A/B systems. Note, that this
new bootmeth is not proprietary to PHYTEC products and is designed to
work on other hardware with a RAUC A/B system, too.

The bootmeth currently only supports symmetric A/B partitioning layouts.
E.g. A/rescue is not (yet) supported. The partition indexes and default
slot tries can be specified via configuration options.

For now, the bootmeth_rauc uses a similar approach for loading the
Kernel and device tree as the bootmeth_script, in that it requires a FIT
containing a U-Boot script loading the desired distro. It could be
possible to support booting without a script and load the Kernel and DT
directly with this bootmeth, but I found the script method to be very
flexible for now, in letting the distro decide what to load.

The bootmeth_rauc was tested on a phyBOARD-Pollux i.MX8M Plus [1] with
BSP-Yocto-Ampliphy-i.MX8MP-PD24.1.2 [2].

Supported boot devices are currently only MMC devices, but it should be
possible to add SPI flashes in the future.

To test this patch stack with PHYTEC's phyBOARD-Pollux i.MX8M Plus
board, you need to adjust the boot files to include the boot.scr.uimg
containing the distro's boot script and set "optargs" to "${raucargs}"
in it. Also disable any legacyboot in the U-Boot environment and simply
boot with Standard Boot:

  bootmeth order rauc
  bootflow scan -lb

[1]: https://www.phytec.eu/en/produkte/single-board-computer/phyboard-pollux/
[2]: https://download.phytec.de/Software/Linux/BSP-Yocto-i.MX8MP/BSP-Yocto-Ampliphy-i.MX8MP-PD24.1.2/

Link: https://lore.kernel.org/r/20250604-wip-bootmeth-rauc-v3-0-f9fad913c57e@phytec.de
[trini: Don't enable by default]

6 files changed, 541 insertions, 0 deletions

diff --git a/boot/Kconfig b/boot/Kconfig
index 30eb5b328d7..f5dfae28f08 100644
--- a/boot/Kconfig
+++ b/boot/Kconfig
@@ -855,6 +855,56 @@ config EXPO
 	  The expo can be presented in graphics form using a vidconsole, or in
 	  text form on a serial console.
 
+config BOOTMETH_RAUC
+	bool "Bootdev support for RAUC A/B systems"
+	depends on CMDLINE
+	select BOOTMETH_GLOBAL
+	select HUSH_PARSER
+	help
+	  Enables support for booting RAUC A/B systems from MMC devices. This
+	  makes the bootdevs look for a 'boot.scr.uimg' or 'boot.scr' in the
+	  respective boot partitions, describing how to boot the distro.
+
+if BOOTMETH_RAUC
+
+config BOOTMETH_RAUC_BOOT_ORDER
+	string "RAUC boot order"
+	default "A B"
+	help
+	  Sets the default boot order. This must be list of space-separated
+	  strings naming the individual boot slots. Each entry in this string
+	  should correspond to an existing slot on the target's flash device.
+
+config BOOTMETH_RAUC_PARTITIONS
+	string "RAUC boot and root partitions indexes"
+	default "1,2 3,4"
+	help
+	  Sets the partition indexes of boot and root slots. This must be a list
+	  of comma-separated pair values, which in turn are separated by spaces.
+	  The first value in pair is for the boot partition and second for the
+	  root partition.
+
+config BOOTMETH_RAUC_DEFAULT_TRIES
+	int "RAUC slot default tries"
+	default 3
+	help
+	  Sets how many times a slot should be tried booting, before considering
+	  it to be bad.
+
+config BOOTMETH_RAUC_RESET_ALL_ZERO_TRIES
+	bool "Reset slot tries when all RAUC slots have zero tries left"
+	default y
+	help
+	  When all slots have zero tries left or no valid slot was found, reset
+	  to the default boot order set by BOOTMETH_RAUC_BOOT_ORDER and set the
+	  slot tries to their default value specified by
+	  BOOTMETH_RAUC_DEFAULT_TRIES.
+
+	  This prevents a system from remaining in an unbootable state, after
+	  all slot tries were decremented to zero.
+
+endif # BOOTMETH_RAUC
+
 config BOOTMETH_SANDBOX
 	def_bool y
 	depends on SANDBOX
diff --git a/boot/Makefile b/boot/Makefile
index e0d1579827d..3da6f7a0914 100644
--- a/boot/Makefile
+++ b/boot/Makefile
@@ -32,6 +32,7 @@ obj-$(CONFIG_$(PHASE_)BOOTMETH_EXTLINUX_PXE) += bootmeth_pxe.o
 obj-$(CONFIG_$(PHASE_)BOOTMETH_EFILOADER) += bootmeth_efi.o
 obj-$(CONFIG_$(PHASE_)BOOTMETH_CROS) += bootm.o bootm_os.o bootmeth_cros.o
 obj-$(CONFIG_$(PHASE_)BOOTMETH_QFW) += bootmeth_qfw.o
+obj-$(CONFIG_$(PHASE_)BOOTMETH_RAUC) += bootmeth_rauc.o
 obj-$(CONFIG_$(PHASE_)BOOTMETH_SANDBOX) += bootmeth_sandbox.o
 obj-$(CONFIG_$(PHASE_)BOOTMETH_SCRIPT) += bootmeth_script.o
 obj-$(CONFIG_$(PHASE_)CEDIT) += cedit.o
diff --git a/boot/bootmeth_rauc.c b/boot/bootmeth_rauc.c
new file mode 100644
index 00000000000..fc60e6e355d
--- /dev/null
+++ b/boot/bootmeth_rauc.c
@@ -0,0 +1,432 @@
+// SPDX-License-Identifier: GPL-2.0+
+/*
+ * Bootmethod for distro boot with RAUC
+ *
+ * Copyright 2025 PHYTEC Messtechnik GmbH
+ * Written by Martin Schwan <m.schwan@phytec.de>
+ */
+
+#define LOG_CATEGORY UCLASS_BOOTSTD
+
+#include <blk.h>
+#include <bootflow.h>
+#include <bootmeth.h>
+#include <bootstd.h>
+#include <dm.h>
+#include <env.h>
+#include <fs.h>
+#include <malloc.h>
+#include <mapmem.h>
+#include <string.h>
+#include <asm/cache.h>
+
+/* Length of env var "BOOT_*_LEFT" */
+#define BOOT_LEFT_LEN	(5 + 32 + 5)
+
+static const char * const script_names[] = { "boot.scr", "boot.scr.uimg", NULL };
+
+/**
+ * struct distro_rauc_slot - Slot information
+ *
+ * A slot describes the unit of a bootable system consisting of one or multiple
+ * partitions. This usually includes a root filesystem, kernel and potentially other
+ * files, like device trees and boot scripts for that particular distribution.
+ *
+ * @name	The slot name
+ * @boot_part	The boot partition number on disk
+ * @root_part	The root partition number on disk
+ */
+struct distro_rauc_slot {
+	char *name;
+	int boot_part;
+	int root_part;
+};
+
+/**
+ * struct distro_rauc_priv - Private data
+ *
+ * @slots	All slots of the device in default order
+ * @boot_order	String of the current boot order containing the active slot names
+ */
+struct distro_rauc_priv {
+	struct distro_rauc_slot **slots;
+};
+
+static struct distro_rauc_slot *get_slot(struct distro_rauc_priv *priv,
+					 const char *slot_name)
+{
+	int i;
+
+	for (i = 0; priv->slots[i]->name; i++) {
+		if (!strcmp(priv->slots[i]->name, slot_name))
+			return priv->slots[i];
+	}
+
+	return NULL;
+}
+
+static int distro_rauc_check(struct udevice *dev, struct bootflow_iter *iter)
+{
+	/*
+	 * This distro only works on whole MMC devices, as multiple partitions
+	 * are needed for an A/B system.
+	 */
+	if (bootflow_iter_check_mmc(iter))
+		return log_msg_ret("mmc", -EOPNOTSUPP);
+	if (iter->part)
+		return log_msg_ret("part", -EOPNOTSUPP);
+
+	return 0;
+}
+
+static int distro_rauc_scan_boot_part(struct bootflow *bflow)
+{
+	struct blk_desc *desc;
+	struct distro_rauc_priv *priv;
+	char *boot_order;
+	const char **boot_order_list;
+	bool exists;
+	int ret;
+	int i;
+	int j;
+
+	desc = dev_get_uclass_plat(bflow->blk);
+
+	priv = bflow->bootmeth_priv;
+	if (!priv || !priv->slots)
+		return log_msg_ret("priv", -EINVAL);
+
+	boot_order = env_get("BOOT_ORDER");
+	boot_order_list = str_to_list(boot_order);
+	for (i = 0; boot_order_list[i]; i++) {
+		exists = false;
+		for (j = 0; script_names[j]; j++) {
+			const struct distro_rauc_slot *slot;
+
+			slot = get_slot(priv, boot_order_list[i]);
+			if (!slot)
+				return log_msg_ret("env", -ENOENT);
+			ret = fs_set_blk_dev_with_part(desc, slot->boot_part);
+			if (ret)
+				return log_msg_ret("blk", ret);
+			exists |= fs_exists(script_names[j]);
+		}
+		if (!exists)
+			return log_msg_ret("fs", -ENOENT);
+	}
+	str_free_list(boot_order_list);
+
+	return 0;
+}
+
+static int distro_rauc_read_bootflow(struct udevice *dev, struct bootflow *bflow)
+{
+	struct distro_rauc_priv *priv;
+	int ret;
+	char *slot;
+	int i;
+	char *partitions;
+	char *boot_order;
+	const char *default_boot_order;
+	const char **default_boot_order_list;
+	char *boot_order_copy;
+	char boot_left[BOOT_LEFT_LEN];
+	char *parts;
+
+	/* Get RAUC variables or set their default values */
+	boot_order = env_get("BOOT_ORDER");
+	if (!boot_order) {
+		log_debug("BOOT_ORDER did not exist yet, setting default value\n");
+		if (env_set("BOOT_ORDER", CONFIG_BOOTMETH_RAUC_BOOT_ORDER))
+			return log_msg_ret("env", -EPERM);
+		boot_order = CONFIG_BOOTMETH_RAUC_BOOT_ORDER;
+	}
+	default_boot_order = CONFIG_BOOTMETH_RAUC_BOOT_ORDER;
+	default_boot_order_list = str_to_list(default_boot_order);
+	for (i = 0; default_boot_order_list[i]; i++) {
+		sprintf(boot_left, "BOOT_%s_LEFT", default_boot_order_list[i]);
+		if (!env_get(boot_left)) {
+			log_debug("%s did not exist yet, setting default value\n",
+				  boot_left);
+			if (env_set_ulong(boot_left, CONFIG_BOOTMETH_RAUC_DEFAULT_TRIES))
+				return log_msg_ret("env", -EPERM);
+		}
+	}
+	str_free_list(default_boot_order_list);
+
+	priv = calloc(1, sizeof(struct distro_rauc_priv));
+	if (!priv)
+		return log_msg_ret("buf", -ENOMEM);
+	priv->slots = calloc(1, sizeof(struct distro_rauc_slot));
+
+	/* Copy default boot_order, so we can leave the original unmodified */
+	boot_order_copy = strdup(default_boot_order);
+	partitions = strdup(CONFIG_BOOTMETH_RAUC_PARTITIONS);
+
+	for (i = 1;
+	     (parts = strsep(&partitions, " ")) &&
+	     (slot = strsep(&boot_order_copy, " "));
+	     i++) {
+		struct distro_rauc_slot *s;
+
+		s = calloc(1, sizeof(struct distro_rauc_slot));
+		s->name = strdup(slot);
+		s->boot_part = simple_strtoul(strsep(&parts, ","), NULL, 10);
+		s->root_part = simple_strtoul(strsep(&parts, ","), NULL, 10);
+		priv->slots = realloc(priv->slots, (i + 1) *
+				      sizeof(struct distro_rauc_slot));
+		priv->slots[i - 1] = s;
+		priv->slots[i]->name = NULL;
+	}
+
+	bflow->bootmeth_priv = priv;
+
+	ret = distro_rauc_scan_boot_part(bflow);
+	if (ret < 0) {
+		for (i = 0; priv->slots[i]->name; i++) {
+			free(priv->slots[i]->name);
+			free(priv->slots[i]);
+		}
+		free(priv);
+		free(boot_order_copy);
+		bflow->bootmeth_priv = NULL;
+		return ret;
+	}
+
+	bflow->state = BOOTFLOWST_READY;
+
+	return 0;
+}
+
+static int distro_rauc_read_file(struct udevice *dev, struct bootflow *bflow,
+				 const char *file_path, ulong addr,
+				 enum bootflow_img_t type, ulong *sizep)
+{
+	/*
+	 * Reading individual files is not supported since we only operate on
+	 * whole MMC devices (because we require multiple partitions).
+	 */
+	return log_msg_ret("Unsupported", -ENOSYS);
+}
+
+static int distro_rauc_load_boot_script(struct bootflow *bflow,
+					const struct distro_rauc_slot *slot)
+{
+	struct blk_desc *desc;
+	struct distro_rauc_priv *priv;
+	struct udevice *bootstd;
+	const char *const *prefixes;
+	int ret;
+	int i;
+	int j;
+
+	ret = uclass_first_device_err(UCLASS_BOOTSTD, &bootstd);
+	if (ret)
+		return log_msg_ret("std", ret);
+	prefixes = bootstd_get_prefixes(bootstd);
+
+	desc = dev_get_uclass_plat(bflow->blk);
+	priv = bflow->bootmeth_priv;
+	if (!priv || !priv->slots)
+		return log_msg_ret("priv", -EINVAL);
+
+	bflow->part = slot->boot_part;
+	if (!bflow->part)
+		return log_msg_ret("part", -ENOENT);
+
+	ret = bootmeth_setup_fs(bflow, desc);
+	if (ret)
+		return log_msg_ret("set", ret);
+
+	for (i = 0; prefixes[i] && bflow->state != BOOTFLOWST_FILE; i++) {
+		for (j = 0; script_names[j] && bflow->state != BOOTFLOWST_FILE; j++) {
+			if (!bootmeth_try_file(bflow, desc, prefixes[i], script_names[j])) {
+				log_debug("Found file '%s%s' in %s.part_%x\n",
+					  prefixes[i], script_names[j],
+					  bflow->dev->name, bflow->part);
+				bflow->subdir = strdup(prefixes[i]);
+			}
+		}
+	}
+	if (bflow->state != BOOTFLOWST_FILE)
+		return log_msg_ret("file", -ENOENT);
+
+	ret = bootmeth_alloc_file(bflow, 0x10000, ARCH_DMA_MINALIGN,
+				  (enum bootflow_img_t)IH_TYPE_SCRIPT);
+	if (ret)
+		return log_msg_ret("read", ret);
+
+	return 0;
+}
+
+static int find_active_slot(char **slot_name, ulong *slot_tries)
+{
+	ulong tries;
+	char boot_left[BOOT_LEFT_LEN];
+	char *boot_order;
+	const char **boot_order_list;
+	bool slot_found = false;
+	int ret;
+	int i;
+
+	boot_order = env_get("BOOT_ORDER");
+	if (!boot_order)
+		return log_msg_ret("env", -ENOENT);
+	boot_order_list = str_to_list(boot_order);
+	for (i = 0; boot_order_list[i] && !slot_found; i++) {
+		sprintf(boot_left, "BOOT_%s_LEFT", boot_order_list[i]);
+		tries = env_get_ulong(boot_left, 10, ULONG_MAX);
+		if (tries == ULONG_MAX)
+			return log_msg_ret("env", -ENOENT);
+
+		if (tries) {
+			ret = env_set_ulong(boot_left, tries - 1);
+			if (ret)
+				return log_msg_ret("env", ret);
+			*slot_name = strdup(boot_order_list[i]);
+			*slot_tries = tries;
+			slot_found = true;
+		}
+	}
+	str_free_list(boot_order_list);
+
+	if (!slot_found) {
+		if (IS_ENABLED(CONFIG_BOOTMETH_RAUC_RESET_ALL_ZERO_TRIES)) {
+			log_warning("WARNING: No valid slot found\n");
+			log_info("INFO: Resetting boot order and all slot tries\n");
+			boot_order_list = str_to_list(CONFIG_BOOTMETH_RAUC_BOOT_ORDER);
+			for (i = 0; boot_order_list[i]; i++) {
+				sprintf(boot_left, "BOOT_%s_LEFT", boot_order_list[i]);
+				ret = env_set_ulong(boot_left, CONFIG_BOOTMETH_RAUC_DEFAULT_TRIES);
+				if (ret)
+					return log_msg_ret("env", ret);
+			}
+			str_free_list(boot_order_list);
+			ret = env_save();
+			if (ret)
+				return log_msg_ret("env", ret);
+			do_reset(NULL, 0, 0, NULL);
+		}
+		log_err("ERROR: No valid slot found\n");
+		return -EINVAL;
+	}
+
+	return 0;
+}
+
+static int distro_rauc_boot(struct udevice *dev, struct bootflow *bflow)
+{
+	struct blk_desc *desc;
+	struct distro_rauc_priv *priv;
+	const struct distro_rauc_slot *slot;
+	char *boot_order;
+	const char **boot_order_list;
+	char *active_slot;
+	ulong active_slot_tries;
+	char raucargs[64];
+	char boot_left[BOOT_LEFT_LEN];
+	ulong addr;
+	int ret = 0;
+	int i;
+
+	desc = dev_get_uclass_plat(bflow->blk);
+	if (desc->uclass_id != UCLASS_MMC)
+		return log_msg_ret("blk", -EINVAL);
+	priv = bflow->bootmeth_priv;
+
+	/* Device info variables */
+	ret = env_set("devtype", blk_get_devtype(bflow->blk));
+	if (ret)
+		return log_msg_ret("env", ret);
+
+	ret = env_set_hex("devnum", desc->devnum);
+	if (ret)
+		return log_msg_ret("env", ret);
+
+	/* Find active, valid slot */
+	ret = find_active_slot(&active_slot, &active_slot_tries);
+	if (ret)
+		return log_msg_ret("env", ret);
+
+	/* Kernel command line arguments */
+	sprintf(raucargs, "rauc.slot=%s", active_slot);
+	ret = env_set("raucargs", raucargs);
+	if (ret)
+		return log_msg_ret("env", ret);
+
+	/* Active slot info */
+	slot = get_slot(priv, active_slot);
+	if (!slot)
+		return log_msg_ret("env", -ENOENT);
+	ret = env_set_hex("distro_bootpart", slot->boot_part);
+	if (ret)
+		return log_msg_ret("env", ret);
+	ret = env_set_hex("distro_rootpart", slot->root_part);
+	if (ret)
+		return log_msg_ret("env", ret);
+	ret = env_save();
+	if (ret)
+		return log_msg_ret("env", ret);
+
+	/* Load distro boot script */
+	ret = distro_rauc_load_boot_script(bflow, slot);
+	if (ret)
+		return log_msg_ret("load", ret);
+
+	log_info("INFO: Booting slot %s, %lu of %d tries left\n",
+		 active_slot, active_slot_tries, CONFIG_BOOTMETH_RAUC_DEFAULT_TRIES);
+
+	log_debug("devtype: %s\n", env_get("devtype"));
+	log_debug("devnum: %s\n", env_get("devnum"));
+	log_debug("distro_bootpart: %s\n", env_get("distro_bootpart"));
+	log_debug("distro_rootpart: %s\n", env_get("distro_rootpart"));
+	log_debug("raucargs: %s\n", env_get("raucargs"));
+	boot_order = env_get("BOOT_ORDER");
+	if (!boot_order)
+		return log_msg_ret("env", -EPERM);
+	log_debug("BOOT_ORDER: %s\n", boot_order);
+	boot_order_list = str_to_list(boot_order);
+	for (i = 0; boot_order_list[i]; i++) {
+		sprintf(boot_left, "BOOT_%s_LEFT", boot_order_list[i]);
+		log_debug("%s: %s\n", boot_left, env_get(boot_left));
+	}
+	str_free_list(boot_order_list);
+
+	/* Run distro boot script */
+	addr = map_to_sysmem(bflow->buf);
+	ret = cmd_source_script(addr, NULL, NULL);
+	if (ret)
+		return log_msg_ret("boot", ret);
+
+	return 0;
+}
+
+static int distro_rauc_bootmeth_bind(struct udevice *dev)
+{
+	struct bootmeth_uc_plat *plat = dev_get_uclass_plat(dev);
+
+	plat->desc = "RAUC distro boot from MMC";
+	plat->flags = BOOTMETHF_GLOBAL;
+
+	return 0;
+}
+
+static struct bootmeth_ops distro_rauc_bootmeth_ops = {
+	.check		= distro_rauc_check,
+	.read_bootflow	= distro_rauc_read_bootflow,
+	.read_file	= distro_rauc_read_file,
+	.boot		= distro_rauc_boot,
+};
+
+static const struct udevice_id distro_rauc_bootmeth_ids[] = {
+	{ .compatible = "u-boot,distro-rauc" },
+	{ }
+};
+
+U_BOOT_DRIVER(bootmeth_rauc) = {
+	.name		= "bootmeth_rauc",
+	.id		= UCLASS_BOOTMETH,
+	.of_match	= distro_rauc_bootmeth_ids,
+	.ops		= &distro_rauc_bootmeth_ops,
+	.bind		= distro_rauc_bootmeth_bind,
+};
diff --git a/doc/develop/bootstd/index.rst b/doc/develop/bootstd/index.rst
index 4c4e26ccdb7..ec74fc2fb9d 100644
--- a/doc/develop/bootstd/index.rst
+++ b/doc/develop/bootstd/index.rst
@@ -12,5 +12,6 @@ Standard Boot
    qfw
    android
    cros
+   rauc
    script
    sandbox
diff --git a/doc/develop/bootstd/overview.rst b/doc/develop/bootstd/overview.rst
index 9fe5630ab16..0a237359575 100644
--- a/doc/develop/bootstd/overview.rst
+++ b/doc/develop/bootstd/overview.rst
@@ -443,6 +443,7 @@ Bootmeth drivers are provided for booting from various media:
    - :doc:`extlinux / syslinux <extlinux>` boot from a storage device
    - :doc:`extlinux / syslinux <extlinux>` boot from a network (PXE)
    - :doc:`sandbox <sandbox>` used only for testing
+   - :doc:`RAUC distro <rauc>`: A/B system with RAUC from MMC
    - :doc:`U-Boot scripts <script>` from disk, network or SPI flash
    - :doc:`QFW <qfw>`: QEMU firmware interface
    - :doc:`VBE </develop/vbe>`: Verified Boot for Embedded
diff --git a/doc/develop/bootstd/rauc.rst b/doc/develop/bootstd/rauc.rst
new file mode 100644
index 00000000000..b2661d18da4
--- /dev/null
+++ b/doc/develop/bootstd/rauc.rst
@@ -0,0 +1,56 @@
+.. SPDX-License-Identifier: GPL-2.0+:
+
+RAUC Bootmeth
+=============
+
+This bootmeth provides a way to locate and run an A/B system with RAUC as its
+update client. The booted distro must supply a script on an MMC device
+containing the final boot instructions necessary.
+
+This bootmeth assumes a symmetric A/B partition layout, with a separate boot
+partition containing the kernel image and another partition for the root
+filesystem each. The partition numbers must be specified with
+``CONFIG_BOOTMETH_RAUC_PARTITIONS``. The content must be a list of pairs, with
+the following syntax: ``1,2 3,4``, where 1 and 3 are the slots' boot partition
+and 2 and 4 the slots' root partition.
+
+Each pair of boot and rootfs partition form a "slot". The default order in which
+available slots are tried is set through ``CONFIG_BOOTMETH_RAUC_BOOT_ORDER``,
+with the left one tried first.
+
+The default number of boot tries of each slot is set by
+``CONFIG_BOOTMETH_RAUC_DEFAULT_TRIES``.
+
+In case no valid slot can be found and/or all slots have zero tries left, the
+boot order and slot tries are reset to their default values, if
+``CONFIG_BOOTMETH_RAUC_RESET_ALL_ZERO_TRIES`` is enabled. This prevents a system
+from locking up in the bootloader and tries booting again after a specified
+number of tries.
+
+The boot script must be located in each boot partition. The bootmeth searches
+for "boot.scr.uimg" first, then "boot.scr" if not found.
+
+When the bootflow is booted, the bootmeth sets these environment variables:
+
+devtype
+    device type (e.g. "mmc")
+
+devnum
+    device number, corresponding to the device 'sequence' number
+    ``dev_seq(dev)``
+
+distro_bootpart
+    partition number of the boot partition on the device (numbered from 1)
+
+distro_rootpart
+    partition number of the rootfs partition on the device (numbered from 1)
+
+raucargs
+    kernel command line arguments needed for RAUC to detect the currently booted
+    slot
+
+The script file must be a FIT or a legacy uImage. It is loaded into memory and
+executed.
+
+The compatible string "u-boot,distro-rauc" is used for the driver. It is present
+if ``CONFIG_BOOTMETH_RAUC`` is enabled.