Reliable storage of settings in EEPROM

Embedded systems often require permanent storage of some configuration parameters eg. radio channel, volume in a radio etc. All settings must be saved and read reliably, otherwise the device may become unpredictable. Imagine a variable frequency drive (an “electric motor controller”) set to a certain speed, that after a power cut reads bad data from it’s memory and overspeeds an expensive piece of moving machinery leading to physical damage.

The issue of reliable configuration data can be broken down into smaller tasks:

  • At power-on: read data from permanent storage, verify that it is correct (if not – reset to safe defaults).
  • At runtime: compare current settings with the ones in permanent storage and update if necessary
    • Do it a way that will guarantee consistency in case of a power cut.

In my projects I group all settings into structs. Sample from my upcoming project:

In this case repeater_configuration_t is the main configuration struct that I want to store in EEPROM.

My approach is to duplicate this struct across several places in EEPROM, each one with an incrementing counter (revision) and a CRC to verify that a particular set of data is valid. I described Xmega’s hardware CRC in another post. At power on all “sectors” are scanned to determine if they contain valid data and the one with highest revision counter is copied to RAM. Whenever configuration is changed and needs saving, the oldest set is erased and written with latest data that has revision counter incremented by one.

Easy. Here is the code for an Xmega.

Address declarations

First I declare an array that holds addresses of structs in EEPROM, so for example settings_bank[1] is the address of a second copy of my settings in EEPROM. Xmega’s EEPROM is small enough to be addressed using 16-bits. The addresses can be anywhere inside the EEPROM as long as they obviously don’t overlap assuming the size of repeater_configuration_t. I have picked 3 banks, but 2 is enough to implement a reliable storage protocol. Having more of them has the additional benefit of wear leveling (in case the settings change often).

Checking CRC of a struct in RAM

This function just calculates the CRC of whole struct (except the CRC at the beginning itself) and compares the computed one with the one already present in the struct. If they match the data is valid.

Reading settings at startup

This piece of code has two loops – the inner loops across all banks to find the one that has valid CRC and and has the highest revision number. The outer loop handles eventual EEPROM read failure. To conserve memory I read only one bank to RAM at a time. When the inner loop is done I again read the “best” bank to RAM. The outer loop will retry if the last read detects a CRC error. I think that it would be extremely rare, but not impossible. If the last read is correct the function returns.

Saving new settings

The write function is similar to read function, but it looks for the memory bank with oldest revision number or one with invalid CRC and simply writes current configuration to that bank. It assumes that a write is successful. If power is cut, then in worst case just a single bank is erased or incompletely written. The device will start using other valid settings.

Determining if a write operation is needed

Every couple of seconds the code reads current settings from EEPROM and compares it with current settings in RAM, if they differ, then settings_write is called and saves the new settings.

Using this code I can achieve reliable storing of configuration data, have very long device lifetime (memory wear leveling) and good usability 🙂

Complete code