Transaction-Safe FAT File System

A transaction-safe FAT (TFAT) file system is a file system designed specifically to provide transaction-safety for data stored on a disk. TFAT requires a hardware-specific driver designed for the type of media on which the TFAT volume resides.

In addition, TFAT only can be implemented in a system using the extended FAT (exFAT) file system. TFAT supported by an exFAT file system is also known as TexFAT.

The original file allocation table (FAT) file system enabled file modification operations to be interrupted before completion. In this way, actions such as sudden power loss or sudden removal of a storage card frequently resulted in data loss and file system corruption. By making file operations transaction-safe, TFAT stabilizes the file system and ensures that the file system is not corrupted when an interruption occurs.

TFAT works with two copies of the FAT table, a FAT1 table in which current operations are being conducted and a FAT0 table that is a stable copy of the last known good FAT. Modifications to FAT0 are not committed until all elements in a transaction have completed successfully. If a transaction fails to complete properly, the disk is set in the same state as it was before the transaction began. After all transactions are successfully completed, the FAT1 table is copied to FAT0.

The theoretical limit for TFAT is 2 TB, with 512 byte sectors. File systems up to about 500 GB have been tested.

By default, only modifications to a directory and the FAT are backed up during a transaction using TFAT. To back up modifications to the data of a file, you must set the TransactData registry key to 1. If you set this value and also set the ForceWriteThrough value to 1, all successful write operations are committed.

To modify existing files, TFAT allocates a new cluster for the modified bits and reroutes the FAT chain for a file to include the new cluster. This is to ensure that if the transaction fails to complete successfully, the original copy of the file is left untouched.

The TFAT file system is best suited for non-removable media, such as NAND and NOR flash memory. Removable media can also use TFAT, but there are potential issues when attempting to use a TFAT removable card on a Windows desktop OS. Because there is no implementation of TFAT on Windows desktop OSs, Windows handles the removable media as if it were a FAT file system. If the card is removed during a critical operation, the Windows desktop OS may not correctly recognize the volume. If a directory is created on the removable media using a Windows desktop OS, and then used with TFAT in Windows Embedded CE, operations on files in that directory may not be transaction-safe. In addition, TFAT directories cannot be deleted using a Windows desktop OS.

The interfaces exposed by the transaction-safe FAT (TFAT) file system are equivalent to those associated with the FAT file system. The following enhancements are provided by TFAT to ensure transaction safety:

• TFAT-specific drivers
• TFAT atomic sector writes
• FILE_FLAG_WRITE_THROUGH attribute
• FAT volume operations
• Operations from other components

TFAT is an extension of the FAT file system. TFAT requires a hardware-specific driver designed for the type of media on which the volume resides. The driver abstracts the media storage and provides atomic block operations.

For flash storage, the block driver must provide a verification of atomicity on the block level to provide transaction-safety for data on a disk.

TFAT requires the underlying block structure to support atomic sector writes. The flash driver and most CF card hardware provide atomic sector write operations. If the block driver is not atomic, TFAT cannot guarantee transaction-safety.

Use the following settings for hard drives and other media with non-atomic sector writes:

 [HKEY_LOCAL_MACHINE\System\StorageManager\Profiles\HDProfile\FATFS]
    "TfatMarkAlways"=dword:1
    "NonatomicSector"=dword:1
    "DisableAutoScan"=dword:1

Use the following settings for storage media with atomic sector writes:

 [HKEY_LOCAL_MACHINE\System\StorageManager\Profiles\<Profile Name>\FATFS]
    "DisableAutoScan"=dword:1
 
  FILE_FLAG_WRITE_THROUGH attribute

Most TFAT operations are triggered by the FILE_FLAG_WRITE_THROUGH file attribute, as follows:

• When the file attribute FILE_FLAG_WRITE_THROUGH is set to TRUE for any file, each WriteFile function call is committed to the disk in an individual transaction. This means that TFAT has written data to both the volume and the FAT tables. If this attribute is not set, the data written by the WriteFile function is not committed until the CloseHandle or the FlushFileBuffers function is called.
• When CreateFile creates a memory-mapped file, it automatically sets the FILE_FLAG_WRITE_THROUGH value to TRUE.
• All databases and memory-mapped files must commit every WriteFile operation to the FAT atomically and set the FILE_FLAG_WRITE_THROUGH value to TRUE.

Other operations such as rename, createdir, and RemoveDirectory are all transaction-safe and committed when the CloseHandle, the FlushFileBuffers, the or WriteFile function is called.

The file allocation table (FAT) file system retrieves driver specific settings from the registry.

You can place settings for FAT, exFAT, and TFAT at

 HKEY_LOCAL_MACHINE\System\StorageManager\FATFS

- or -

 HKEY_LOCAL_MACHINE\System\StorageManager\Profile\<MyProfileName>\FATFS.

In addition to settings that can be made at these levels, you can set formatting options for FAT, TFAT, and exFAT at

 HKEY_LOCAL_MACHINE\System\StorageManager\FATFS\FormatOptions

• List of file systems

• Transaction-Safe FAT File System