Upgrading software for embedded devices often has the possibility of "bricking" the device, e.g. if power should happen to fail while in the midst of writing software to FLASH. Two questions:
- What are some best practices for implementing the upgrade mechanism so as to minimize the probability that the device will be "bricked"?
- What are some best practices for making the upgrade process fail-safe, so that events like power failures while installing software to FLASH can be recovered from?