From 684b0c04b0eb81a8b587fe89d093a4499d960c28 Mon Sep 17 00:00:00 2001 From: Fredrik Thulin Date: Thu, 26 May 2016 13:26:18 +0200 Subject: Implement a bootloader. This bootloader is now the application at 0x08000000 (FLASH start), which the STM32 will execute upon reset. The other applications are now loaded at 0x08030000 (128 KB into the flash) and will never get started unless the bootloader has been programmed into flash too. --- projects/bootloader/bootloader.c | 78 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 78 insertions(+) create mode 100644 projects/bootloader/bootloader.c (limited to 'projects/bootloader/bootloader.c') diff --git a/projects/bootloader/bootloader.c b/projects/bootloader/bootloader.c new file mode 100644 index 0000000..1450c1a --- /dev/null +++ b/projects/bootloader/bootloader.c @@ -0,0 +1,78 @@ +/* + * Bootloader to either install new firmware received from the MGMT UART, + * or jump to previously installed firmware. + * + */ +#include "stm32f4xx_hal.h" +#include "stm-init.h" +#include "stm-led.h" +#include "stm-uart.h" + +/* Magic bytes to signal the bootloader it should jump to the firmware + * instead of trying to receive a new firmware using the MGMT UART. + */ +#define HARDWARE_EARLY_DFU_JUMP 0xBADABADA + +/* symbols defined in the linker script (STM32F429BI.ld) */ +extern uint32_t CRYPTECH_FIRMWARE_START; +extern uint32_t CRYPTECH_FIRMWARE_END; +extern uint32_t CRYPTECH_DFU_CONTROL; + +/* Linker symbols are strange in C. Make regular pointers for sanity. */ +__IO uint32_t *dfu_control = &CRYPTECH_DFU_CONTROL; +__IO uint32_t *dfu_firmware = &CRYPTECH_FIRMWARE_START; +/* The first word in the firmware is an address to the stack (msp) */ +__IO uint32_t *dfu_msp_ptr = &CRYPTECH_FIRMWARE_START; +/* The second word in the firmware is a pointer to the code + * (points at the Reset_Handler from the linker script). + */ +__IO uint32_t *dfu_code_ptr = &CRYPTECH_FIRMWARE_START + 1; + +typedef void (*pFunction)(void); + +/* This is it's own function to make it more convenient to set a breakpoint at it in gdb */ +void do_early_dfu_jump(void) +{ + pFunction loaded_app = (pFunction) *dfu_code_ptr; + /* Set the stack pointer to the correct one for the firmware */ + __set_MSP(*dfu_msp_ptr); + /* Set the Vector Table Offset Register */ + SCB->VTOR = (uint32_t) dfu_firmware; + loaded_app(); + while (1); +} + +int +main() +{ + int i; + + /* Check if we've just rebooted in order to jump to the firmware. */ + if (*dfu_control == HARDWARE_EARLY_DFU_JUMP) { + *dfu_control = 0; + do_early_dfu_jump(); + } + + stm_init(); + + uart_send_string2(STM_UART_MGMT, (char *) "This is the bootloader speaking..."); + + /* This is where uploading of new firmware over UART could happen */ + + led_on(LED_BLUE); + for (i = 0; i < 10; i++) { + HAL_Delay(100); + led_toggle(LED_BLUE); + } + + /* Set dfu_control to the magic value that will cause the us to call do_early_dfu_jump + * after rebooting back into this main() function. + */ + *dfu_control = HARDWARE_EARLY_DFU_JUMP; + + uart_send_string2(STM_UART_MGMT, (char *) "loading firmware\r\n"); + + /* De-initialize hardware by rebooting */ + HAL_NVIC_SystemReset(); + while (1) {}; +} -- cgit v1.2.3 From 92ce4da1158aabd1a45d3a5044a5e5fd7bac3c41 Mon Sep 17 00:00:00 2001 From: Fredrik Thulin Date: Fri, 27 May 2016 15:56:16 +0200 Subject: DFU working - but no signature validation for now. --- projects/bootloader/bootloader.c | 88 +++++++++++++++++++++++++++++++--------- 1 file changed, 68 insertions(+), 20 deletions(-) (limited to 'projects/bootloader/bootloader.c') diff --git a/projects/bootloader/bootloader.c b/projects/bootloader/bootloader.c index 1450c1a..ab3c1d9 100644 --- a/projects/bootloader/bootloader.c +++ b/projects/bootloader/bootloader.c @@ -1,22 +1,41 @@ /* + * bootloader.c + * ------------ * Bootloader to either install new firmware received from the MGMT UART, * or jump to previously installed firmware. * + * Copyright (c) 2016, NORDUnet A/S All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are + * met: + * - Redistributions of source code must retain the above copyright notice, + * this list of conditions and the following disclaimer. + * + * - Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * - Neither the name of the NORDUnet nor the names of its contributors may + * be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS + * IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED + * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A + * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED + * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR + * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF + * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING + * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ -#include "stm32f4xx_hal.h" #include "stm-init.h" #include "stm-led.h" #include "stm-uart.h" - -/* Magic bytes to signal the bootloader it should jump to the firmware - * instead of trying to receive a new firmware using the MGMT UART. - */ -#define HARDWARE_EARLY_DFU_JUMP 0xBADABADA - -/* symbols defined in the linker script (STM32F429BI.ld) */ -extern uint32_t CRYPTECH_FIRMWARE_START; -extern uint32_t CRYPTECH_FIRMWARE_END; -extern uint32_t CRYPTECH_DFU_CONTROL; +#include "dfu.h" /* Linker symbols are strange in C. Make regular pointers for sanity. */ __IO uint32_t *dfu_control = &CRYPTECH_DFU_CONTROL; @@ -42,10 +61,30 @@ void do_early_dfu_jump(void) while (1); } +int should_dfu() +{ + int i; + uint8_t rx = 0; + + /* While blinking the blue LED for one second, see if we receive a CR on the MGMT UART. + * We've discussed also requiring one or both of the FPGA config jumpers installed + * before allowing DFU of the STM32 - that check could be done here. + */ + led_on(LED_BLUE); + for (i = 0; i < 10; i++) { + HAL_Delay(100); + led_toggle(LED_BLUE); + if (uart_recv_char2(STM_UART_MGMT, &rx, 0) == HAL_OK) { + if (rx == 13) return 1; + } + } + return 0; +} + int main() { - int i; + int status; /* Check if we've just rebooted in order to jump to the firmware. */ if (*dfu_control == HARDWARE_EARLY_DFU_JUMP) { @@ -55,14 +94,23 @@ main() stm_init(); - uart_send_string2(STM_UART_MGMT, (char *) "This is the bootloader speaking..."); - - /* This is where uploading of new firmware over UART could happen */ + uart_send_string2(STM_UART_MGMT, (char *) "\r\n\r\nThis is the bootloader speaking..."); - led_on(LED_BLUE); - for (i = 0; i < 10; i++) { - HAL_Delay(100); - led_toggle(LED_BLUE); + if (should_dfu()) { + led_off(LED_BLUE); + if ((status = dfu_receive_firmware()) != 0) { + /* Upload of new firmware failed, reboot after lighting the red LED + * for three seconds. + */ + led_off(LED_BLUE); + led_on(LED_RED); + uart_send_string2(STM_UART_MGMT, (char *) "dfu_receive_firmware failed: "); + uart_send_number2(STM_UART_MGMT, status, 3, 16); + uart_send_string2(STM_UART_MGMT, (char *) "\r\n\r\nRebooting in three seconds\r\n"); + HAL_Delay(3000); + HAL_NVIC_SystemReset(); + while (1) {}; + } } /* Set dfu_control to the magic value that will cause the us to call do_early_dfu_jump @@ -70,7 +118,7 @@ main() */ *dfu_control = HARDWARE_EARLY_DFU_JUMP; - uart_send_string2(STM_UART_MGMT, (char *) "loading firmware\r\n"); + uart_send_string2(STM_UART_MGMT, (char *) "loading firmware\r\n\r\n"); /* De-initialize hardware by rebooting */ HAL_NVIC_SystemReset(); -- cgit v1.2.3