Hello,
After much experimentation, since then I was able to resolve the abovementioned issues and develop an OTA update procedure for L4T R35.1 using A/B rootfs redundancy.
(Should there be interest from this community, I can share the patch files that shows my changes.)
However, I would like the OTA update to gracefully fail by booting into the same rootfs (rather than the new one) if the new one is faulty. This is a feature of the rootfs redundancy that can be controlled (MAX_ROOTFS_AB_RETRY_COUNT).
However, after the new rootfs is declared unbootable and the update fails, there is no way to mark it as bootable after repairing it (e.g. clean flash). This is something others have noticed for L4T 35.1, e.g. L4T 35.1.0 nvbootctrl mark as bootable
There is no solution for AGX Orin yet. This is the solution for Xavier NX: L4T 35.1.0 nvbootctrl mark as bootable - #12 by JerryChang?
Could someone, e.g. @JerryChang, please provide the solution for AGX Orin?
Thank you