We have to receive an application update over a serial interface.
The application update cannot be stored in memory so we have to write
to the ApplicationUpdate as we receive the data.
We can add a CRC checksum to every packet we receive,
but what if the data is in fact corrupt.
This means we may already have written 5 pieces of data to the SystemUpdate.ApplicationUpdate,
and at this point we need to abort because the data is corrupt anyway.
How do we back out of this, in order not to corrupt the main application,
or is the main application already corrupted at this point?
And if the main application is corrupted,
is there a way to make sure the Panda will automatically fallback to the bootloader mode?
(Without starting the bootloader mode at startup every time, even if the application is valid)
(Another option, that wouldn’t fully fix the problem above is that I simply send an error
to the client and then reset the device so that it will load in bootloader mode again, until
the update has actually been completed correctly)
Are there any suggestions for doing an update like this?