You are on page 1of 80

Bootloader Design Techniques for

Microcontrollers
Jacob Beningo
Beningo Embedded Group

#ESCconf
#ESCconf
Speaker/Author Details

: jacob@beningo.com Embedded Bytes Newsletter


: 810-844-1522
: Jacob_Beningo
: Beningo Engineering
: JacobBeningo
: Embedded Basics http://bit.ly/1BAHYXm

www.beningo.com

#ESCconf
#ESCconf
Design News CEC Courses Overview
CEC 2013 2015 CEC 2016 2017 Side Topics 2017
Fundamentals of Embedded Bootloader Design for MCUs APIs and HALs
Software (2013) (2016) February 2017 Real-Time Software
Mastering the Software Rapid Prototyping w/ Micro
using Micro Python
Baremetal to RTOS
Design Cycle (2014) Python (2016) April 2017
Python for Embedded Debugging Designing IoT Sensor Nodes Embedded Bytes
Systems(2014) (2016) July 2017 Newsletter
Software Architecture Professional Firmware From C to C++
Design (2014) (2016) October 2017 http://bit.ly/1BAHYXm
Baremetal C (2015)

Mastering the ARM Cortex-


M Processor (2015)
Writing Portable and Robust
Firmware in C (2015)
Design Patterns and the
Internet (2015)

#ESCconf
#ESCconf
Session Overview
Bootloader Models and Concepts
Application Branching
Bootloader Implementation
Bootloader Commands
Image Assembly
Communication Protocol Design
Setting up a Test Application
Troubleshooting Techniques

4 #ESCconf
#ESCconf
Why do I need a bootloader?

5 #ESCconf
#ESCconf
What is a bootloader?

Environment MCU

6 #ESCconf
#ESCconf
Where do bootloaders come from?
1 2 3 4

Silicon Vendors 3rd Party Open Source Roll your own

7 #ESCconf
#ESCconf
DfuSe Utility

8 #ESCconf
#ESCconf
Bootloader Models
Single MCU System (Traditional / Most Common)

Flashing Method

Laptop / Workstation

Tablet or mobile device

USB Flash System

9
#ESCconf
#ESCconf
Bootloader Models
Multi MCU System (Not as Master MCU
common or traditional) Can be updated itself
Passes new application to slave
Flashing Method devices and acts as the flash tool
Laptop / Workstation

Tablet or mobile device

USB Flash System

10
#ESCconf
#ESCconf
Bootloader Models
MCU System Flashing Method
Single MCU Devices Internet Connected Devices
Multi MCU Devices Tablets
Systems are internet enabled Phones
Physical Separation from imaging tool Computers

11 #ESCconf
#ESCconf
Bootloader Models
MCU System Flashing Method
Single MCU Devices Internet Connected Devices
Multi MCU Devices
Tablets
Systems are not internet enabled
Physical Separation from imaging tool Phones
Computers

12 #ESCconf
#ESCconf
Bootloader Models
MCU System Flashing Method
Single MCU Devices Automated web services
Multi MCU Devices
Systems are internet enabled
Physical Separation from imaging tool

13 #ESCconf
#ESCconf
Which model is right for you?

14 #ESCconf
#ESCconf
Bootloader Update Process
There are two behavioral models for the update process
1) Boot-loading process is completely automated and self-contained within the system
boot-loader would automatically detect the new firmware and manage its own flashing
process
Commands from an external source would not be required to successfully carry out the boot-
loading process
Ex. SD card boot-loader, web based automated update, etc

15 #ESCconf
#ESCconf
Bootloader Update Process
There are two behavioral models for the update process
2) Boot-loading process is not self-contained but initializes into an idle state and awaits instructions
from an outside source
a pc based software application commands the boot-loader into the different states necessary
to flash a new image onto the system
Ex. CAN, UART, USB boot-loader

16 #ESCconf
#ESCconf
The Bootloader System

17
#ESCconf
#ESCconf
The Bootloader System

18 #ESCconf
#ESCconf
Setting up the linker

19 #ESCconf
#ESCconf
Setting up the linker

20 #ESCconf
#ESCconf
The Bootloader System

21 #ESCconf
#ESCconf
Startup Branching

Advantages Disadvantages
Code can be in assembly Susceptibility to start-up noise
Branch is executed quickly Dedicated GPIO
Very simple implementation Accidental bootloader entry

22 #ESCconf
#ESCconf
Startup Branching
Example:
brclr $0259, $01, GoBoot ; if PP0 == 0 then start the boot-loader
; if PP0 == 1 then start the application
ldd AppResetVect ; Load the Application Reset Vector
ldx AppResetVect
jmp 0,x ; jump to the application

GoBoot:
lds #StackTop
jmp main ;

23 #ESCconf
#ESCconf
Startup Branching
What is the potential flaw with the previous branch code?

24 #ESCconf
#ESCconf
Startup Branching
Example: Checking the reset vector

brclr $0259, $01, GoBoot ; if PP0 == 0 then start the boot-loader


; if PP0 == 1 then start the application
ldd AppResetVect ; Load the Application Reset Vector
cpd #$ffff ; Compare it to 0xFFFF
beq _GoBoot ; if the application reset vector is not
; available then start the bootloader
ldx AppResetVect
jmp 0,x ; jump to the application

_GoBoot:
lds #StackTop
jmp main ; Continue Boot-loader startup

25 #ESCconf
#ESCconf
Startup Branching
Example Advanced Check
ldd AppResetVect ; Load the Application Reset Vector
cpd #$ffff ; Compare it to 0xFFFF
beq _GoBoot ; if the application reset vector is not
; available then start the bootloader
ldd EepromProgStatus ; Read the programmed status byte from eeprom
cpd #B ; Compare it to B for boot-load
beq _GoBoot ; if Status == B for Boot-loader then jump to
; boot-loader, otherwise continue to the application
ldx AppResetVect
jmp 0,x ; jump to the application

_GoBoot:
lds #StackTop
jmp main ; Continue Boot-loader startup

26 #ESCconf
#ESCconf
Startup Branching
Integrating the branch code and the bootloader

27 #ESCconf
#ESCconf
Startup Checks

28 #ESCconf
#ESCconf
Startup Checks
Branch Code in C
if((Checksum_Complete == TRUE) && (StartUpTmr == EXPIRED))
{
if((*ResetVector != 0xFFFF) && /* Does app reset vector exist? */
(Status != 'B') && /* EEPROM status set? */
(Boot_ToolPresent != TRUE) && /* Tool present? */
(Checksum_Valid != FALSE)) /* Checksum valid? */
{
App_LoadImage();
}
else
{
Boot_LoadImage();
}
}

29 #ESCconf
#ESCconf
Questions?

30 #ESCconf
#ESCconf
The Bootloader System

31 #ESCconf
#ESCconf
Bootloader Components

32 #ESCconf
#ESCconf
Application Components

33 #ESCconf
#ESCconf
Project Organization

34 #ESCconf
#ESCconf
APIs
Purpose simplify application programming by abstracting the
application into black boxes.

Critical to creating reusable software

Defines a common interface that can be used from one project


to the next

35 #ESCconf
#ESCconf
Creating a HAL
Steps to develop a HAL for the peripheral
Review the microcontroller peripheral
Identify peripheral features
Identify common MCU elements
Identify non-standard MCU elements
Design and Create the API Interface
Create stubs and documentation templates
Implement for Target processor(s)
Test
Repeat for next peripheral

36 #ESCconf
#ESCconf
Example HAL Interface

37 #ESCconf
#ESCconf
Accessing Flash
What mode? What should the API
Bit look like?
Page
sector

38 #ESCconf
#ESCconf
Accessing Flash

39 #ESCconf
#ESCconf
Accessing Flash

40 #ESCconf
#ESCconf
Command Parsing
General Message Format
Start Message OPCODE Data Length Data Checksum
(8 bits) (8 bits) (8 bits) (x bytes) (16 bits)

Checksum
Fletcher16 (Approaches error detection of CRC)
https://en.wikipedia.org/wiki/Fletcher%27s_checksum

41 #ESCconf
#ESCconf
Command Parsing
OPCODE Command Description
0x30 Bootloader Enter This command is used to put the system into boot-
loader mode.
0x31 Bootloader Exit Used to exit the bootloader with the intention of
entering the application code.
0x32 Device Erase Erases the application buffer space and prepares
for receipt of new application code.
0x33 Device Program S-Record to program to the application buffer
space.
0x34 Device Secure Secures the flash space from being read and
written
0x35 Device Unsecure Unsecure the flash space for writing and reading.

0x36 Query Device Used to determine if the system is in bootloader or


application mode.

42 #ESCconf
#ESCconf
Command Parsing

43 #ESCconf
#ESCconf
Command Parsing

44 #ESCconf
#ESCconf
Command Parsing

45 #ESCconf
#ESCconf
Command Parsing

46 #ESCconf
#ESCconf
Command Parsing - Message Packet Format
Best Practices
Use a packet format
Use a checksum or CRC
Track record packet numbers
Use ACK and NAK for each packet
Create specific error codes
Dont assume that errors rarely happen
Use 32 bit addressing as a default
Include response timeout

47 #ESCconf
#ESCconf
Assembling the Image
Requirements
Command driven vs image driven
Commands
Lock/Unlock Flash
Read/Write Configuration
Image/Record Data
Switch to Application
Image Driven
Continuously loops through image
Completely Autonomous

48 #ESCconf
#ESCconf
Assembling the Image
A block of image data is usually larger than can be directly
communicated
Memory region broken up into separate packets
Packets need to be reassembled and validity checked
Steps
Receive image packets
Reassemble into image block
Verify Checksum
Write
Acknowledge
Repeat until completed

49 #ESCconf
#ESCconf
Assembling the Image

50 #ESCconf
#ESCconf
The Bootloader System

51 #ESCconf
#ESCconf
Resetting the System
How to reset the system
Watchdog timer
Infinite loop
Illegal write to register
Soft reset command
Manual software reset
Notify user to power cycle
void Wdt_Reset(void)
{
/* Enter an invalid key to force reset */
SWT.SR.R = 0x0000FFFF;
}

52 #ESCconf
#ESCconf
Bootloader Development
What is needed for a test application?

53 #ESCconf
#ESCconf
Bootloader Development

54 #ESCconf
#ESCconf
Questions?

55 #ESCconf
#ESCconf
The Graphical User Interface

56 #ESCconf
#ESCconf
Application Storage Format

https://en.wikipedia.org/wiki/SREC_(file_format)#/media/File:Motorola_SREC_Chart.png
CC BY-SA 3.0
Split in half to fit on slides in a legible fashion

57 #ESCconf
#ESCconf
Application Storage Format

https://en.wikipedia.org/wiki/SREC_(file_format)#/media/File:Motorola_SREC_Chart.png
CC BY-SA 3.0
Split in half to fit on slides in a legible fashion

58 #ESCconf
#ESCconf
Application Storage Format

https://en.wikipedia.org/wiki/SREC_(file_format)#/media/File:Motorola_SREC_Chart.png
CC BY-SA 3.0
Split in half to fit on slides in a legible fashion

59 #ESCconf
#ESCconf
Application Storage Format

1)

2)

Record Count Address Data Checksum

60 #ESCconf
#ESCconf
Converting Application Formats
Some IDEs only put out one record format!

Useful format converter


Hex2bin (http://hex2bin.sourceforge.net/)
Bin2Srec (http://www.s-record.com/)
Many other tools

61 #ESCconf
#ESCconf
Converting Application Formats

62 #ESCconf
#ESCconf
Converting Application Formats
Hex2bin
hex2bin filename

63 #ESCconf
#ESCconf
Converting Application Formats
Bin2Srec
Bin2srec a 4 o 0x420000 input_filename > output_filename

64 #ESCconf
#ESCconf
Debugging Bootloaders

What could possibly go wrong?

65 #ESCconf
#ESCconf
Debugging Two Applications
Steps to debug the application:
Run the boot-loader in debug
Flash the application image onto the system
Reset the processor
Add symbols from the IDE and select the application symbols

66 #ESCconf
#ESCconf
Issues with Flash
Flash controller NOT initialized properly
Clock rate
Clock gating
Write method
Byte or Page?
Checksum
Wrong place
Written backwards
Not written!

67 #ESCconf
#ESCconf
Resolutions for Flash
Write a test harness to verify flash settings and write to various
locations in flash
Flash driver should
Write record to flash
Verify write by reading back and comparing
Failure to write should generate an error!
Use example code for flash as a jumping off point for your own
driver

68 #ESCconf
#ESCconf
Image Verification

Export the flash image from the IDE while in debug mode
running only the application
Export the flash image from the IDE while in debug mode
running the boot-loader with the application
Use WinMerge to compare the images to determine if there is a
difference between the image when loaded through the boot-
loader

69 #ESCconf
#ESCconf
Valid Reset Vector?
One of the major causes of staying in the bootloader

70 #ESCconf
#ESCconf
C Copy Down
Is the C copy down being performed?

71 #ESCconf
#ESCconf
Write Once Registers
Are any write-once registers trying to be written by both the
boot-loader and the application?
Watchdog Timers
Processor Mode registers
Memory registers

72 #ESCconf
#ESCconf
Example Test Cases

73 #ESCconf
#ESCconf
Example Test Cases

74 #ESCconf
#ESCconf
Example Test Cases

75 #ESCconf
#ESCconf
Best Practices
Test the corner cases
Use a test harness
Dont be shy when it comes to error codes
Use assertions
Start with a simple test application
Leverage example code but build in robustness

76 #ESCconf
#ESCconf
Bootloader Fall Backs

77 #ESCconf
#ESCconf
Where to go from here?
Encryption
Authentication
Relocatable applications
GUI Investigations
Write your own

78 #ESCconf
#ESCconf
Additional Resources
Download Course Material for
Updated C Doxygen Templates (Sept 2015)
Example source code
Bootloader White Paper
Templates
Microcontroller API Standard
EDN Embedded Basics Articles
Embedded Bytes Newsletter

From www.beningo.com under


- Blog and Articles > Software Techniques > CEC Bootloader Design for MCUs

#ESCconf
#ESCconf
Thank You!
Questions?

@ESC_Con
f #ESCconf
#ESCconf

You might also like