This is standard for devices which receive firmware and OS updates non-interactively. Edge devices, phones, routers…etc. It’s a simple and effective way to lessen the chance that a device may brick during an update failure or similar event.
One running partition is the primary known-good copy of the system, and the other is a failover of a previous known-good. When an update is received, it isn’t applied directly to the current primary, it’s applied to failover. When the system reboots, the bootloader attempts to boot the newly updated partition to see if it works, and if it does, it is marked as the “new” known-good primary and boots from then on. If not, the existing primary is rebooted, and the user is notified that a failure occured, and dually an error or recourse to take if so.
Subvolumes and such require a kernel to be loaded in order to use, so that’s why the base device partitions don’t run that way. Even if you wanted to go that way, it’s safer working at the lower levels as above when you’re dealing with deployed devices out in the world. Nobody wants a customer service disaster on their hands if devices start bricking themselves from a bad update.
This is standard for devices which receive firmware and OS updates non-interactively. Edge devices, phones, routers…etc. It’s a simple and effective way to lessen the chance that a device may brick during an update failure or similar event.
One running partition is the primary known-good copy of the system, and the other is a failover of a previous known-good. When an update is received, it isn’t applied directly to the current primary, it’s applied to failover. When the system reboots, the bootloader attempts to boot the newly updated partition to see if it works, and if it does, it is marked as the “new” known-good primary and boots from then on. If not, the existing primary is rebooted, and the user is notified that a failure occured, and dually an error or recourse to take if so.
Subvolumes and such require a kernel to be loaded in order to use, so that’s why the base device partitions don’t run that way. Even if you wanted to go that way, it’s safer working at the lower levels as above when you’re dealing with deployed devices out in the world. Nobody wants a customer service disaster on their hands if devices start bricking themselves from a bad update.