April 20th, 2021
This is a critical bugfix release for Castor & Pollux's firmware, Gemini ♊️.
NOTE: We have released a newer version with additional safeguards, download here
YOU SHOULD INSTALL THIS VERSION OR NEWER AS SOON AS POSSIBLE. It fixes a bug that can brick your module (more details below).
👉 Most users should download gemini-firmware-2021.04.20-release.uf2 👈
Please follow the firmware upgrade instructions in the user's guide to upgrade your device's firmware.
About the files
- The
uf2
files can be installed using the firmware upgrade instructions in the user's guide. - The
elf
files and are for testing & debugging and can be programmed using an appropriate debug probe. - The
release
builds are built without debugging information. - The
debug
builds are built with debugging information.
Build identifier
Each release of the firmware has a unique build ID. This ID can be seen when using the online settings editor and allows finding the exact firmware version on your device. The build IDs for this version are:
- Release:
2021.04.20 (release) on 04/21/2021 03:36 UTC with gcc 10.2.1 by stargirl@stargirls-mbp.lan
- Debug:
2021.04.20 (debug) on 04/21/2021 03:36 UTC with gcc 10.2.1 by stargirl@stargirls-mbp.lan
Changes from 2021.03.9
User_guide:
- Add burn-in testing information
- Use winterjs for the settings editor.
Firmware:
- Check bootloader write protection fuses during initialization
- Remove tests for libwinter's midi core and bezier, as they're now in the libwinter repository
User guide:
- Fix typo
- Add warranty information
- Fix broken anchor link (#12)
Factory:
- Small tweaks to the monitor and calibration scripts.
Other:
- Create funding.yml
Detailed explanation of critical bug
Castor & Pollux actually has two separate programs on it: a small bootloader and the firmware (this repository). The bootloader is the Adafruit uf2-samdx1. The bootloader has two roles: make it easy to upgrade the firmware over USB and provide a failsafe in the event of a bad firmware upgrade.
In order to be a proper failsafe, the bootloader's code needs to be protected in case there's a bug in the firmware that could lead to corruption. Castor & Pollux's microcontroller has a feature for this called bootloader protection. It's a persistent setting that prevents any writes to the bootloader's code unless a very specific sequence is used.
We had been working under the assumption that the bootloader would enable this setting automatically and that we wouldn't need to enable it manually. However, we were mistaken; the bootloader only enables this setting in two very specific circumstances that wouldn't usually occur during normal operation. This means that bootloader protection is disabled and it's possible to corrupt the bootloader.
We have observed bootloader corruption on at least three modules. While this corruption won't harm the module's hardware, it will soft brick the module and the only way to repair it is to restore the bootloader using a hardware programmer/debugger.