Sophos Firewall v22 EAP is now available! Click here to learn more.

Thread Info
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SFOS disk structure arrangements

Jay Jay

Testing sfos in vm I see it gives option to rollback to an older firmware after update.

How is this practically implemented?

Is the firmware OS partition separate from the user settings/config?

I tried searching but couldn't info on how the disk/partition layout is arranged.

Thank you



This thread was automatically locked due to age.
  • 0

    Essentially you have a config partition and the alternative config partition. Config is only the layout of the structure - Means like UTM the backup file (it is not the core system structure duplicated on disk). 

    So if you update to a new version, the files will get updated, the configuration will be migrated to the new configuration and your current/then old config will be freezed in the alternative slot. 

    If you roll back to the old slot, your config will come up exactly how you left it prior upgrade. 

    __________________________________________________________________________________________________________________

    • 0 in reply to LuCar Toni

      Thanks.

      What about the core OS?

      When updating, it copies unchanged parts of the old OS combining the patches of the update file to generate the new "firmware"?

      • 0 in reply to Jay Jay

        Essentially it will also stores binaries from the old part of the OS in the old state, as needed. There is a logic behind it, to not break the downgrade to the old version as well. 

        So to speak, if you update to a version, which fixes a bug or a vulnerability and you downgrade, you will once again experience the bug / be vulnerable in that system. 

        The use case / point of this feature is to have always a smooth downgrade possibility, if you do an upgrade to a new version and something does not work. So people have a chance to go back to the old state and continue to work. Plenty of users utilize this option to have a fallback without the need to reinstall everything etc. 

        __________________________________________________________________________________________________________________