+----------------------------------------------------------------------------------------------------------------+
| _____ __ __ _ _ ____ ____ ____ _______ _ ____ _____ ______ _____ |
| / ____|| \/ || || | | _ \ / __ \ / __ \ |__ __|| | / __ \ /\ | __ \ | ____|| __ \ |
| | | | \ / || || |_ | |_) || | | || | | | | | | | | | | | / \ | | | || |__ | |__) | |
| | | | |\/| ||__ _| | |_ < | | | || | | | | | | | | | | | / /\ \ | | | || __| | _ / |
| | |____ | | | | | | | |_) || |__| || |__| | | | | |____ | |__| | / __ \ | |__| || |____ | | \ \ |
| \_____||_| |_| |_| |____/ \____/ \____/ |_| |______| \____/ /_/ \_\|_____/ |______||_| \_\ |
| |
+----------------------------------------------------------------------------------------------------------------+
An experimental bootloader implementation on ARM Cortex-M4 processor.
- Device: NUCLEO-F303ZE
cm4-bootloader
dependents on some third-party packages to build code and burn into processor like ARM GNU Toolchain and stlink. Therefore, before using the project, we need to install these packages.
Install ARM GNU Toolchain:
$ sudo apt-get update
$ sudo apt-get -y install gcc-arm-none-eabi
Install stlink:
$ sudo apt-get update
$ sudo apt-get -y install stlink-tools
Install OpenOCD:
$ sudo apt install openocd
Build cm4-bootloader
. It will compile bootloader and application respectively.
$ make
Burn the code into processor:
$ make upload
Execute the host program:
$ make host
The toolchain downloaded using the command sudo apt-get -y install gcc-arm-none-eabi
does not include arm-none-eabi-gdb
. Therefore, it needs to be added separately, which can be downloaded from Arm GNU Toolchain Downloads. Then. adding arm-none-eabi-gdb
into path /usr/bin/
.
In cm4-bootloader
, it uses cortex-debug to trace the source code and find the bugs. Before using cortex-debug, the following libraries that are necessaty for arm-none-eabi-gdb
need to be installed.
$ sudo apt-get install libncursesw5
$ sudo apt install python3.8
In cm4-bootloader
, the memory layout is shown as follows:
+--------------+ 0x08000000
| |
| Bootloader |
| |
+--------------+ 0x08004000
| |
| Application |
| |
+--------------+
The following shows all commands provided by cm4-bootloader
. It refers to USART protocol used in the STM32 bootloader.
command | code | description |
---|---|---|
BL_GET_CMD | 0x00 | Get the version and the allowed commands supported by the current version of the protocol |
BL_GET_VERSION | 0x01 | Get the protocol version |
BL_GET_ID | 0x02 | Get the chip ID |
BL_GET_PROTECT_LEVEL | 0x03 | Get the protection level status |
BL_READ_MEM | 0x11 | Read up to 256 bytes of memory starting from an address specified by the application |
BL_JUMP_TO_APP | 0x21 | Jump to user application code located in the internal flash memory or in the SRAM |
BL_WRITE_MEM | 0x31 | Write a binary file data to flash |
BL_ERASE_MEM | 0x43 | Erase from one to all the flash memory pages |
BL_WRITE_PROTECT | 0x63 | Enable the write protection for some sectors |
BL_WRITE_UNPROTECT | 0x73 | Disable the write protection for all flash memory sectors |
BL_READ_PROTECT | 0x82 | Enable the read protection |
BL_RELOAD_OPT_BYTES | 0xA1 | Reload option bytes |
cm4-bootloader
uses USART to send and receive data. The following picture shows how bootloader to communicate with host.
- Host sends the command package to bootloader.
- Bootloader receives the package and reply ACK or NACK to host based on cyclic redundancy check (CRC). If bootloader sends ACK, then it will send the length of reply data.
- Finally, bootloader sends the reply data if it sends ACK at previous step. That is, the communication will stop if bootloader sends NACK.
host bootloader
| |
| 1. command package |
| --------------------------> |
| |
| 2. ACK/NACK |
| <-------------------------- |
| |
| 3. reply data |
| <-------------------------- |
| |
The following picture shows the command package format.
- Command code defined at bootloader.c uses to check the current command and its size is 1 byte.
- Buffer size means the size of buffer and its size is 1 byte.
- CRC data calculated from the previous data (command code + buffer size + buffer). It used to check the correctness of command and its size is 4 byte.
+--------------+-------------+--------+----------+
| command code | buffer size | buffer | CRC data |
+--------------+-------------+--------+----------+
The following picture shows the command format of memory reading.
- Buffer is composed of a combination of "base address" and "length of data".
- Base addrress means the first address to read. (4 bytes)
- Length of data means the number of data to read. (Up to 256 bytes)
+--------------+-------------+--------------+----------------+----------+
| command code | buffer size | base address | length of data | CRC data |
+--------------+-------------+--------------+----------------+----------+
The following picture shows the command format of memory writing.
- Buffer is composed of a combination of "base address", "payload length" and "payload".
- Base addrress means the first address to write. (4 bytes)
- Payload length means the length of payload. (1 byte)
- Payload means the data to write to flash. (Up to 250 bytes)
+--------------+-------------+--------------+----------------+---------+----------+
| command code | buffer size | base address | payload length | payload | CRC data |
+--------------+-------------+--------------+----------------+---------+----------+
The following picture shows the command format of memory erasing.
- Buffer is composed of a combination of "page number" and "number of page".
- Both of "page number" and "number of page" are 1 byte. That is, buffer size is 2.
+--------------+-------------+-------------+----------------+----------+
| command code | buffer size | page number | number of page | CRC data |
+--------------+-------------+-------------+----------------+----------+
Enable the write protection for some sectors
- One bit of the user option bytes is used to protect 2 pages of 2 Kbytes in the main memory block.
- Page 62 ~ 255 is protected by 1 bit.
+--------------+-------------+----------------+--------------+----------+
| command code | buffer size | number of page | page numbers | CRC data |
+--------------+-------------+----------------+--------------+----------+
Disable the write protection for all flash memory sectors
+--------------+-------------+----------+
| command code | buffer size | CRC data |
+--------------+-------------+----------+
Set the RDP option byte in option bytes.
- The buffer size is 1.
+--------------+-------------+-----------------------+----------+
| command code | buffer size | read protection level | CRC data |
+--------------+-------------+-----------------------+----------+