From be280fa4a8c851d774cf4581972bc99329c43e6b Mon Sep 17 00:00:00 2001 From: Fredrik Thulin Date: Tue, 24 May 2016 17:14:28 +0200 Subject: non-working code to upload an application and jump to it Committing my work in progress in case someone else wants to help. --- projects/cli-test/Makefile | 2 +- projects/cli-test/cli-test.c | 2 + projects/cli-test/filetransfer | 9 ++ projects/cli-test/mgmt-cli.c | 1 - projects/cli-test/mgmt-cli.h | 2 +- projects/cli-test/mgmt-dfu.c | 187 +++++++++++++++++++++++++++++++++++++++++ projects/cli-test/mgmt-dfu.h | 44 ++++++++++ projects/cli-test/test_sdram.h | 5 ++ 8 files changed, 249 insertions(+), 3 deletions(-) create mode 100644 projects/cli-test/mgmt-dfu.c create mode 100644 projects/cli-test/mgmt-dfu.h (limited to 'projects') diff --git a/projects/cli-test/Makefile b/projects/cli-test/Makefile index 7737e13..39619fc 100644 --- a/projects/cli-test/Makefile +++ b/projects/cli-test/Makefile @@ -1,6 +1,6 @@ TEST = cli-test -OBJS = crc32.o mgmt-cli.o test_sdram.o +OBJS = crc32.o mgmt-cli.o test_sdram.o mgmt-dfu.o CFLAGS += -I$(LIBCLI_DIR) LIBS += $(LIBCLI_DIR)/libcli.a diff --git a/projects/cli-test/cli-test.c b/projects/cli-test/cli-test.c index 41d7365..30623a4 100644 --- a/projects/cli-test/cli-test.c +++ b/projects/cli-test/cli-test.c @@ -39,6 +39,7 @@ #include "stm-keystore.h" #include "stm-sdram.h" #include "mgmt-cli.h" +#include "mgmt-dfu.h" #include "test_sdram.h" #include @@ -420,6 +421,7 @@ main() configure_cli_fpga(&cli); configure_cli_test(&cli); configure_cli_misc(&cli); + configure_cli_dfu(&cli); led_off(LED_RED); led_on(LED_GREEN); diff --git a/projects/cli-test/filetransfer b/projects/cli-test/filetransfer index 2b74570..025a6ac 100755 --- a/projects/cli-test/filetransfer +++ b/projects/cli-test/filetransfer @@ -40,6 +40,7 @@ import argparse from binascii import crc32 CHUNK_SIZE = 256 +DFU_CHUNK_SIZE = 256 FPGA_CHUNK_SIZE = 4096 @@ -57,6 +58,11 @@ def parse_args(): action='store_true', default=False, help='Perform FPGA bitstream upload', ) + parser.add_argument('--dfu', + dest='dfu', + action='store_true', default=False, + help='Perform DFU application upload', + ) parser.add_argument('--device', dest='device', @@ -117,6 +123,9 @@ def send_file(filename, args, dst): src.read(0x64) chunk_size = FPGA_CHUNK_SIZE response = _execute(dst, 'fpga bitstream upload') + elif args.dfu: + chunk_size = DFU_CHUNK_SIZE + response = _execute(dst, 'dfu upload') else: chunk_size = CHUNK_SIZE response = _execute(dst, 'filetransfer') diff --git a/projects/cli-test/mgmt-cli.c b/projects/cli-test/mgmt-cli.c index faaafda..46faae8 100644 --- a/projects/cli-test/mgmt-cli.c +++ b/projects/cli-test/mgmt-cli.c @@ -31,7 +31,6 @@ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ -#include "stm32f4xx_hal.h" #include "stm-init.h" #include "stm-uart.h" #include "mgmt-cli.h" diff --git a/projects/cli-test/mgmt-cli.h b/projects/cli-test/mgmt-cli.h index e6780a3..cf8444f 100644 --- a/projects/cli-test/mgmt-cli.h +++ b/projects/cli-test/mgmt-cli.h @@ -35,7 +35,7 @@ #ifndef __STM32_MGMT_CLI_H #define __STM32_MGMT_CLI_H -#include "stm32f4xx_hal.h" +#include "stm-init.h" #include diff --git a/projects/cli-test/mgmt-dfu.c b/projects/cli-test/mgmt-dfu.c new file mode 100644 index 0000000..1f8aa0a --- /dev/null +++ b/projects/cli-test/mgmt-dfu.c @@ -0,0 +1,187 @@ +/* + * mgmt-dfu.c + * --------- + * Management CLI Device Firmware Upgrade code. + * + * Copyright (c) 2016, NORDUnet A/S All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are + * met: + * - Redistributions of source code must retain the above copyright notice, + * this list of conditions and the following disclaimer. + * + * - Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * - Neither the name of the NORDUnet nor the names of its contributors may + * be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS + * IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED + * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A + * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED + * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR + * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF + * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING + * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +#include "stm-init.h" +#include "mgmt-cli.h" +#include "stm-uart.h" +#include "cmsis_nvic.h" + +#include + + +#define DFU_BASE_ADDRESS 0x08100000 +#define DFU_BASE_PTR (__IO uint32_t *) DFU_BASE_ADDRESS + + +extern uint32_t update_crc(uint32_t crc, uint8_t *buf, int len); + + +/* The chunk size have to be a multiple of the SPI flash page size (256 bytes), + and it has to match the chunk size in the program sending the bitstream over the UART. +*/ +#define DFU_UPLOAD_CHUNK_SIZE 256 + +int cmd_dfu_upload(struct cli_def *cli, const char *command, char *argv[], int argc) +{ + uint32_t filesize = 0, crc = 0, my_crc = 0, counter = 0, i, j; + uint32_t offset = 0, n = DFU_UPLOAD_CHUNK_SIZE; + uint32_t buf[DFU_UPLOAD_CHUNK_SIZE / 4]; + FLASH_EraseInitTypeDef FLASH_EraseInitStruct; + uint32_t SectorError = 0; + + cli_print(cli, "OK, write DFU application file size (4 bytes), data in %i byte chunks, CRC-32 (4 bytes)", + DFU_UPLOAD_CHUNK_SIZE); + + /* Read file size (4 bytes) */ + uart_receive_bytes(STM_UART_MGMT, (void *) &filesize, 4, 1000); + cli_print(cli, "File size %li", filesize); + + HAL_FLASH_Unlock(); + + FLASH_EraseInitStruct.TypeErase = TYPEERASE_SECTORS; + FLASH_EraseInitStruct.Sector = 12; /* the sector for DFU_BASE_ADDRESS (0x08100000) */ + FLASH_EraseInitStruct.NbSectors = 1; + FLASH_EraseInitStruct.VoltageRange = VOLTAGE_RANGE_3; + + if (HAL_FLASHEx_Erase(&FLASH_EraseInitStruct, &SectorError) != HAL_OK) { + cli_print(cli, "Failed erasing flash sector"); + return CLI_ERROR; + } + + while (filesize) { + /* By initializing buf to the same value that erased flash has (0xff), we don't + * have to try and be smart when writing the last page of data to the memory. + */ + memset(buf, 0xffffffff, sizeof(buf)); + + if (filesize < n) { + n = filesize; + } + + if (uart_receive_bytes(STM_UART_MGMT, (void *) &buf, n, 1000) != HAL_OK) { + cli_print(cli, "Receive timed out"); + return CLI_ERROR; + } + filesize -= n; + + /* After reception of a chunk but before ACKing we have "all" the time in the world to + * calculate CRC and write it to flash. + */ + my_crc = update_crc(my_crc, (uint8_t *) buf, n); + + for (i = 0; i < DFU_UPLOAD_CHUNK_SIZE / 4; i++) { + if ((j = HAL_FLASH_Program(FLASH_TYPEPROGRAM_WORD, DFU_BASE_ADDRESS + offset, buf[i])) != HAL_OK) { + cli_print(cli, "Failed writing data at offset %li: %li", offset, j); + return CLI_ERROR; + } + offset += 4; + } + + /* ACK this chunk by sending the current chunk counter (4 bytes) */ + counter++; + uart_send_bytes(STM_UART_MGMT, (void *) &counter, 4); + } + + HAL_FLASH_Lock(); + + /* The sending side will now send it's calculated CRC-32 */ + cli_print(cli, "Send CRC-32"); + uart_receive_bytes(STM_UART_MGMT, (void *) &crc, 4, 1000); + cli_print(cli, "CRC-32 %li", crc); + if (crc == my_crc) { + cli_print(cli, "CRC checksum MATCHED"); + } else { + cli_print(cli, "CRC checksum did NOT match"); + } + + return CLI_OK; +} + +int cmd_dfu_dump(struct cli_def *cli, const char *command, char *argv[], int argc) +{ + cli_print(cli, "First 256 bytes from DFU application address %p:\r\n", DFU_BASE_PTR); + + uart_send_hexdump(STM_UART_MGMT, (uint8_t *) DFU_BASE_PTR, 0, 0xff); + uart_send_string2(STM_UART_MGMT, (char *) "\r\n\r\n"); + + return CLI_OK; +} + +typedef int (*pFunction)(void); + +int cmd_dfu_jump(struct cli_def *cli, const char *command, char *argv[], int argc) +{ + uint32_t new_msp, i; + /* Load first byte from the DFU_BASE_PTR to verify it contains an IVT before + * jumping there. + */ + new_msp = *DFU_BASE_PTR; + i = new_msp & 0xFF000000; + /* 'i' is supposed to be a pointer to the new applications stack, it should + * point either at RAM (0x20000000) or at the CCM memory (0x10000000). + */ + if (i == 0x20000000 || i == 0x10000000) { + uint32_t jmp_to = *(DFU_BASE_PTR + 1); + pFunction loaded_app = (pFunction) jmp_to; + + __disable_irq(); + HAL_NVIC_DisableIRQ(SysTick_IRQn); + + HAL_DeInit(); + + /* Relocate interrupt vector table */ + //NVIC_SetVectorTable(DFU_BASE_ADDRESS); + SCB->VTOR == DFU_BASE_ADDRESS; + NVIC_SetVector(WWDG_IRQn, *DFU_BASE_PTR + 1); + + /* Re-initialize stack pointer */ + __set_MSP(new_msp); + /* Jump to the DFU loaded application */ + loaded_app(); + Error_Handler(); + } else { + cli_print(cli, "No loaded application found at %p", DFU_BASE_PTR); + } + + return CLI_OK; +} + +void configure_cli_dfu(struct cli_def *cli) +{ + cli_command_root(dfu); + + cli_command_node(dfu, dump, "Show the first 256 bytes of the loaded application"); + cli_command_node(dfu, jump, "Jump to the loaded application"); + cli_command_node(dfu, upload, "Load a new application"); +} diff --git a/projects/cli-test/mgmt-dfu.h b/projects/cli-test/mgmt-dfu.h new file mode 100644 index 0000000..c38a63e --- /dev/null +++ b/projects/cli-test/mgmt-dfu.h @@ -0,0 +1,44 @@ +/* + * mgmt-dfu.h + * --------- + * Management CLI Device Firmware Upgrade code. + * + * Copyright (c) 2016, NORDUnet A/S All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are + * met: + * - Redistributions of source code must retain the above copyright notice, + * this list of conditions and the following disclaimer. + * + * - Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * - Neither the name of the NORDUnet nor the names of its contributors may + * be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS + * IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED + * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A + * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED + * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR + * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF + * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING + * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +#ifndef __STM32_CLI_MGMT_DFU_H +#define __STM32_CLI_MGMT_DFU_H + +#include "stm-init.h" +#include + + +extern void configure_cli_dfu(struct cli_def *cli); + +#endif /* __STM32_CLI_MGMT_DFU_H */ diff --git a/projects/cli-test/test_sdram.h b/projects/cli-test/test_sdram.h index b848d18..3076aa1 100644 --- a/projects/cli-test/test_sdram.h +++ b/projects/cli-test/test_sdram.h @@ -31,6 +31,9 @@ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ +#ifndef __STM32_CLI_TEST_SDRAM_H +#define __STM32_CLI_TEST_SDRAM_H + extern uint32_t lfsr1; extern uint32_t lfsr2; @@ -40,3 +43,5 @@ extern int test_sdrams_interleaved(uint32_t *base_addr1, uint32_t *base_addr2); extern uint32_t lfsr_next_32(uint32_t lfsr); extern uint32_t lfsr_next_24(uint32_t lfsr); + +#endif /* __STM32_CLI_TEST_SDRAM_H */ -- cgit v1.2.3 From 2529fb514c10513b52b283472ed6edd26f5d0fc4 Mon Sep 17 00:00:00 2001 From: Fredrik Thulin Date: Wed, 25 May 2016 22:46:40 +0200 Subject: More DFU code. This might actually work. The applications to be uploaded using 'dfu upload' have to have another FLASH defined in their linker script. Have to recompile some firmware tomorrow and test if this actually works. --- projects/cli-test/cli-test.c | 3 + projects/cli-test/mgmt-dfu.c | 222 ++++++++++++++++++++++++++++++++----------- projects/cli-test/mgmt-dfu.h | 2 + 3 files changed, 170 insertions(+), 57 deletions(-) (limited to 'projects') diff --git a/projects/cli-test/cli-test.c b/projects/cli-test/cli-test.c index 30623a4..1a8c6b7 100644 --- a/projects/cli-test/cli-test.c +++ b/projects/cli-test/cli-test.c @@ -410,6 +410,9 @@ main() { static struct cli_def cli; + /* This is simulating the bootloader from the cli-test. */ + check_early_dfu_jump(); + stm_init(); led_on(LED_RED); diff --git a/projects/cli-test/mgmt-dfu.c b/projects/cli-test/mgmt-dfu.c index 1f8aa0a..1c7e052 100644 --- a/projects/cli-test/mgmt-dfu.c +++ b/projects/cli-test/mgmt-dfu.c @@ -39,46 +39,136 @@ #include +extern uint32_t update_crc(uint32_t crc, uint8_t *buf, int len); + +/* symbols defined in the linker script (STM32F429BI.ld) */ +extern uint32_t CRYPTECH_FIRMWARE_START; +extern uint32_t CRYPTECH_FIRMWARE_END; +extern uint32_t CRYPTECH_DFU_CONTROL; + +#define DFU_FIRMWARE_ADDR ((uint32_t ) &CRYPTECH_FIRMWARE_START) +#define DFU_FIRMWARE_PTR ((__IO uint32_t *) (CRYPTECH_FIRMWARE_START)) +#define DFU_FIRMWARE_END_ADDR CRYPTECH_FIRMWARE_END +#define HARDWARE_EARLY_DFU_JUMP 0xBADABADA +#define DFU_UPLOAD_CHUNK_SIZE 256 + +__IO uint32_t *dfu_control = &CRYPTECH_DFU_CONTROL; +__IO uint32_t *dfu_new_msp = &CRYPTECH_FIRMWARE_START; +__IO uint32_t *dfu_firmware = &CRYPTECH_FIRMWARE_START + 4; + +/* Flash sector offsets from RM0090, Table 6. Flash module - 2 Mbyte dual bank organization */ +#define FLASH_NUM_SECTORS 24 + 1 +uint32_t flash_sector_offsets[FLASH_NUM_SECTORS] = { + /* Bank 1 */ + 0x08000000, /* #0, 16 KBytes */ + 0x08004000, /* #1, 16 Kbytes */ + 0x08008000, /* #2, 16 Kbytes */ + 0x0800C000, /* #3, 16 Kbytes */ + 0x08010000, /* #4, 64 Kbytes */ + 0x08020000, /* #5, 128 Kbytes */ + 0x08040000, /* #6, 128 Kbytes */ + 0x08060000, /* #7, 128 Kbytes */ + 0x08080000, /* #8, 128 Kbytes */ + 0x080A0000, /* #9, 128 Kbytes */ + 0x080C0000, /* #10, 128 Kbytes */ + 0x080E0000, /* #11, 128 Kbytes */ + /* Bank 2 */ + 0x08100000, /* #12, 16 Kbytes */ + 0x08104000, /* #13, 16 Kbytes */ + 0x08108000, /* #14, 16 Kbytes */ + 0x0810C000, /* #15, 16 Kbytes */ + 0x08110000, /* #16, 64 Kbytes */ + 0x08120000, /* #17, 128 Kbytes */ + 0x08140000, /* #18, 128 Kbytes */ + 0x08160000, /* #19, 128 Kbytes */ + 0x08180000, /* #20, 128 Kbytes */ + 0x081A0000, /* #21, 128 Kbytes */ + 0x081C0000, /* #22, 128 Kbytes */ + 0x081E0000, /* #23, 128 Kbytes */ + 0x08200000 /* first address *after* flash */ +}; + + +typedef void (*pFunction)(void); + + +/* This is it's own function to make it more convenient to set a breakpoint at it in gdb */ +void do_early_dfu_jump(void) +{ + //pFunction loaded_app = (pFunction) *(DFU_FIRMWARE_PTR + 1); + pFunction loaded_app = (pFunction) *dfu_firmware; + *dfu_control = 0; + __set_MSP(*dfu_new_msp); + /* Set the Vector Table Offset Register */ + SCB->VTOR = DFU_FIRMWARE_ADDR; + loaded_app(); + while (1); +} -#define DFU_BASE_ADDRESS 0x08100000 -#define DFU_BASE_PTR (__IO uint32_t *) DFU_BASE_ADDRESS +/* This function is called from main() before any peripherals are initialized */ +void check_early_dfu_jump(void) +{ + if (*dfu_control == HARDWARE_EARLY_DFU_JUMP) { + do_early_dfu_jump(); + } +} +inline int _flash_sector_num(uint32_t offset) +{ + int i = FLASH_NUM_SECTORS - 1; + while (i-- >= 0) { + if (offset >= flash_sector_offsets[i] && + offset < flash_sector_offsets[i + 1]) { + return i; + } + } + return -1; +} -extern uint32_t update_crc(uint32_t crc, uint8_t *buf, int len); +int _write_to_flash(uint32_t offset, const uint32_t *buf, uint32_t elements) +{ + uint32_t sector = _flash_sector_num(offset); + uint32_t SectorError = 0, i, j; + + if (offset == flash_sector_offsets[sector]) { + /* Request to write to beginning of a flash sector, erase it first. */ + FLASH_EraseInitTypeDef FLASH_EraseInitStruct; + + FLASH_EraseInitStruct.TypeErase = TYPEERASE_SECTORS; + FLASH_EraseInitStruct.Sector = sector; + FLASH_EraseInitStruct.NbSectors = 1; + FLASH_EraseInitStruct.VoltageRange = VOLTAGE_RANGE_3; + + if (HAL_FLASHEx_Erase(&FLASH_EraseInitStruct, &SectorError) != HAL_OK) { + return -1; + } + } + for (i = 0; i < elements; i++) { + if ((j = HAL_FLASH_Program(FLASH_TYPEPROGRAM_WORD, offset, buf[i])) != HAL_OK) { + return -2; + } + offset += 4; + } -/* The chunk size have to be a multiple of the SPI flash page size (256 bytes), - and it has to match the chunk size in the program sending the bitstream over the UART. -*/ -#define DFU_UPLOAD_CHUNK_SIZE 256 + return 1; +} int cmd_dfu_upload(struct cli_def *cli, const char *command, char *argv[], int argc) { - uint32_t filesize = 0, crc = 0, my_crc = 0, counter = 0, i, j; - uint32_t offset = 0, n = DFU_UPLOAD_CHUNK_SIZE; + uint32_t filesize = 0, crc = 0, my_crc = 0, counter = 0; + uint32_t offset = DFU_FIRMWARE_ADDR, n = DFU_UPLOAD_CHUNK_SIZE; uint32_t buf[DFU_UPLOAD_CHUNK_SIZE / 4]; - FLASH_EraseInitTypeDef FLASH_EraseInitStruct; - uint32_t SectorError = 0; cli_print(cli, "OK, write DFU application file size (4 bytes), data in %i byte chunks, CRC-32 (4 bytes)", DFU_UPLOAD_CHUNK_SIZE); /* Read file size (4 bytes) */ uart_receive_bytes(STM_UART_MGMT, (void *) &filesize, 4, 1000); - cli_print(cli, "File size %li", filesize); + cli_print(cli, "File size %li, will write it to 0x%lx", filesize, offset); HAL_FLASH_Unlock(); - FLASH_EraseInitStruct.TypeErase = TYPEERASE_SECTORS; - FLASH_EraseInitStruct.Sector = 12; /* the sector for DFU_BASE_ADDRESS (0x08100000) */ - FLASH_EraseInitStruct.NbSectors = 1; - FLASH_EraseInitStruct.VoltageRange = VOLTAGE_RANGE_3; - - if (HAL_FLASHEx_Erase(&FLASH_EraseInitStruct, &SectorError) != HAL_OK) { - cli_print(cli, "Failed erasing flash sector"); - return CLI_ERROR; - } - while (filesize) { /* By initializing buf to the same value that erased flash has (0xff), we don't * have to try and be smart when writing the last page of data to the memory. @@ -99,14 +189,8 @@ int cmd_dfu_upload(struct cli_def *cli, const char *command, char *argv[], int a * calculate CRC and write it to flash. */ my_crc = update_crc(my_crc, (uint8_t *) buf, n); - - for (i = 0; i < DFU_UPLOAD_CHUNK_SIZE / 4; i++) { - if ((j = HAL_FLASH_Program(FLASH_TYPEPROGRAM_WORD, DFU_BASE_ADDRESS + offset, buf[i])) != HAL_OK) { - cli_print(cli, "Failed writing data at offset %li: %li", offset, j); - return CLI_ERROR; - } - offset += 4; - } + _write_to_flash(offset, buf, sizeof(buf) / 4); + offset += DFU_UPLOAD_CHUNK_SIZE; /* ACK this chunk by sending the current chunk counter (4 bytes) */ counter++; @@ -130,48 +214,71 @@ int cmd_dfu_upload(struct cli_def *cli, const char *command, char *argv[], int a int cmd_dfu_dump(struct cli_def *cli, const char *command, char *argv[], int argc) { - cli_print(cli, "First 256 bytes from DFU application address %p:\r\n", DFU_BASE_PTR); + cli_print(cli, "First 256 bytes from DFU application address %p:\r\n", DFU_FIRMWARE_PTR); - uart_send_hexdump(STM_UART_MGMT, (uint8_t *) DFU_BASE_PTR, 0, 0xff); + uart_send_hexdump(STM_UART_MGMT, (uint8_t *) DFU_FIRMWARE_ADDR, 0, 0xff); uart_send_string2(STM_UART_MGMT, (char *) "\r\n\r\n"); return CLI_OK; } -typedef int (*pFunction)(void); +int cmd_dfu_erase(struct cli_def *cli, const char *command, char *argv[], int argc) +{ + uint32_t start_sector = _flash_sector_num(DFU_FIRMWARE_ADDR); + uint32_t end_sector = _flash_sector_num(DFU_FIRMWARE_END_ADDR); + uint32_t sector; + + cli_print(cli, "Erasing flash sectors %li to %li (address %p to %p)", + start_sector, end_sector, + (uint32_t *) DFU_FIRMWARE_ADDR, + (uint32_t *) DFU_FIRMWARE_END_ADDR); + + if (start_sector > end_sector) { + cli_print(cli, "ERROR: Bad sectors"); + return CLI_ERROR; + } + + HAL_FLASH_Unlock(); + + for (sector = start_sector; sector <= end_sector; sector++) { + uint32_t SectorError = 0; + FLASH_EraseInitTypeDef FLASH_EraseInitStruct; + + FLASH_EraseInitStruct.TypeErase = TYPEERASE_SECTORS; + FLASH_EraseInitStruct.Sector = sector; + FLASH_EraseInitStruct.NbSectors = 1; + FLASH_EraseInitStruct.VoltageRange = VOLTAGE_RANGE_3; + + if (HAL_FLASHEx_Erase(&FLASH_EraseInitStruct, &SectorError) != HAL_OK) { + cli_print(cli, "ERROR: Failed erasing sector %li", sector); + } + } + HAL_FLASH_Lock(); + + return CLI_OK; +} int cmd_dfu_jump(struct cli_def *cli, const char *command, char *argv[], int argc) { - uint32_t new_msp, i; - /* Load first byte from the DFU_BASE_PTR to verify it contains an IVT before + uint32_t i; + /* Load first byte from the DFU_FIRMWARE_PTR to verify it contains an IVT before * jumping there. */ - new_msp = *DFU_BASE_PTR; - i = new_msp & 0xFF000000; - /* 'i' is supposed to be a pointer to the new applications stack, it should + cli_print(cli, "Checking for application at %p", DFU_FIRMWARE_PTR); + + //new_msp = (uint32_t) DFU_FIRMWARE_PTR; + i = *dfu_new_msp & 0xFF000000; + /* 'new_msp' is supposed to be a pointer to the new applications stack, it should * point either at RAM (0x20000000) or at the CCM memory (0x10000000). */ if (i == 0x20000000 || i == 0x10000000) { - uint32_t jmp_to = *(DFU_BASE_PTR + 1); - pFunction loaded_app = (pFunction) jmp_to; - - __disable_irq(); - HAL_NVIC_DisableIRQ(SysTick_IRQn); - - HAL_DeInit(); - - /* Relocate interrupt vector table */ - //NVIC_SetVectorTable(DFU_BASE_ADDRESS); - SCB->VTOR == DFU_BASE_ADDRESS; - NVIC_SetVector(WWDG_IRQn, *DFU_BASE_PTR + 1); - - /* Re-initialize stack pointer */ - __set_MSP(new_msp); - /* Jump to the DFU loaded application */ - loaded_app(); - Error_Handler(); + *dfu_control = HARDWARE_EARLY_DFU_JUMP; + cli_print(cli, "Making the leap"); + HAL_NVIC_SystemReset(); + while (1) { ; } } else { - cli_print(cli, "No loaded application found at %p", DFU_BASE_PTR); + cli_print(cli, "No loaded application found at %p (read 0x%x)", + DFU_FIRMWARE_PTR, (unsigned int) *dfu_new_msp); } return CLI_OK; @@ -184,4 +291,5 @@ void configure_cli_dfu(struct cli_def *cli) cli_command_node(dfu, dump, "Show the first 256 bytes of the loaded application"); cli_command_node(dfu, jump, "Jump to the loaded application"); cli_command_node(dfu, upload, "Load a new application"); + cli_command_node(dfu, erase, "Erase the application memory"); } diff --git a/projects/cli-test/mgmt-dfu.h b/projects/cli-test/mgmt-dfu.h index c38a63e..e1e3932 100644 --- a/projects/cli-test/mgmt-dfu.h +++ b/projects/cli-test/mgmt-dfu.h @@ -38,7 +38,9 @@ #include "stm-init.h" #include +#define DFU_UPLOAD_CHUNK_SIZE 256 extern void configure_cli_dfu(struct cli_def *cli); +extern void check_early_dfu_jump(void); #endif /* __STM32_CLI_MGMT_DFU_H */ -- cgit v1.2.3 From 684b0c04b0eb81a8b587fe89d093a4499d960c28 Mon Sep 17 00:00:00 2001 From: Fredrik Thulin Date: Thu, 26 May 2016 13:26:18 +0200 Subject: Implement a bootloader. This bootloader is now the application at 0x08000000 (FLASH start), which the STM32 will execute upon reset. The other applications are now loaded at 0x08030000 (128 KB into the flash) and will never get started unless the bootloader has been programmed into flash too. --- projects/bootloader/Makefile | 18 ++++++++++ projects/bootloader/bootloader.c | 78 ++++++++++++++++++++++++++++++++++++++++ projects/cli-test/cli-test.c | 3 -- projects/cli-test/mgmt-dfu.c | 2 +- 4 files changed, 97 insertions(+), 4 deletions(-) create mode 100644 projects/bootloader/Makefile create mode 100644 projects/bootloader/bootloader.c (limited to 'projects') diff --git a/projects/bootloader/Makefile b/projects/bootloader/Makefile new file mode 100644 index 0000000..7cef633 --- /dev/null +++ b/projects/bootloader/Makefile @@ -0,0 +1,18 @@ +PROG = bootloader + +all: $(PROG:=.elf) + +%.elf: %.o $(BOARD_OBJS) $(LIBS) + $(CC) $(CFLAGS) $^ -o $@ -T$(BOOTLOADER_LDSCRIPT) -g -Wl,-Map=$*.map + $(OBJCOPY) -O ihex $*.elf $*.hex + $(OBJCOPY) -O binary $*.elf $*.bin + $(OBJDUMP) -St $*.elf >$*.lst + $(SIZE) $*.elf + +clean: + rm -f *.o + rm -f *.elf + rm -f *.hex + rm -f *.bin + rm -f *.map + rm -f *.lst diff --git a/projects/bootloader/bootloader.c b/projects/bootloader/bootloader.c new file mode 100644 index 0000000..1450c1a --- /dev/null +++ b/projects/bootloader/bootloader.c @@ -0,0 +1,78 @@ +/* + * Bootloader to either install new firmware received from the MGMT UART, + * or jump to previously installed firmware. + * + */ +#include "stm32f4xx_hal.h" +#include "stm-init.h" +#include "stm-led.h" +#include "stm-uart.h" + +/* Magic bytes to signal the bootloader it should jump to the firmware + * instead of trying to receive a new firmware using the MGMT UART. + */ +#define HARDWARE_EARLY_DFU_JUMP 0xBADABADA + +/* symbols defined in the linker script (STM32F429BI.ld) */ +extern uint32_t CRYPTECH_FIRMWARE_START; +extern uint32_t CRYPTECH_FIRMWARE_END; +extern uint32_t CRYPTECH_DFU_CONTROL; + +/* Linker symbols are strange in C. Make regular pointers for sanity. */ +__IO uint32_t *dfu_control = &CRYPTECH_DFU_CONTROL; +__IO uint32_t *dfu_firmware = &CRYPTECH_FIRMWARE_START; +/* The first word in the firmware is an address to the stack (msp) */ +__IO uint32_t *dfu_msp_ptr = &CRYPTECH_FIRMWARE_START; +/* The second word in the firmware is a pointer to the code + * (points at the Reset_Handler from the linker script). + */ +__IO uint32_t *dfu_code_ptr = &CRYPTECH_FIRMWARE_START + 1; + +typedef void (*pFunction)(void); + +/* This is it's own function to make it more convenient to set a breakpoint at it in gdb */ +void do_early_dfu_jump(void) +{ + pFunction loaded_app = (pFunction) *dfu_code_ptr; + /* Set the stack pointer to the correct one for the firmware */ + __set_MSP(*dfu_msp_ptr); + /* Set the Vector Table Offset Register */ + SCB->VTOR = (uint32_t) dfu_firmware; + loaded_app(); + while (1); +} + +int +main() +{ + int i; + + /* Check if we've just rebooted in order to jump to the firmware. */ + if (*dfu_control == HARDWARE_EARLY_DFU_JUMP) { + *dfu_control = 0; + do_early_dfu_jump(); + } + + stm_init(); + + uart_send_string2(STM_UART_MGMT, (char *) "This is the bootloader speaking..."); + + /* This is where uploading of new firmware over UART could happen */ + + led_on(LED_BLUE); + for (i = 0; i < 10; i++) { + HAL_Delay(100); + led_toggle(LED_BLUE); + } + + /* Set dfu_control to the magic value that will cause the us to call do_early_dfu_jump + * after rebooting back into this main() function. + */ + *dfu_control = HARDWARE_EARLY_DFU_JUMP; + + uart_send_string2(STM_UART_MGMT, (char *) "loading firmware\r\n"); + + /* De-initialize hardware by rebooting */ + HAL_NVIC_SystemReset(); + while (1) {}; +} diff --git a/projects/cli-test/cli-test.c b/projects/cli-test/cli-test.c index 1a8c6b7..30623a4 100644 --- a/projects/cli-test/cli-test.c +++ b/projects/cli-test/cli-test.c @@ -410,9 +410,6 @@ main() { static struct cli_def cli; - /* This is simulating the bootloader from the cli-test. */ - check_early_dfu_jump(); - stm_init(); led_on(LED_RED); diff --git a/projects/cli-test/mgmt-dfu.c b/projects/cli-test/mgmt-dfu.c index 1c7e052..33c6e2e 100644 --- a/projects/cli-test/mgmt-dfu.c +++ b/projects/cli-test/mgmt-dfu.c @@ -54,7 +54,7 @@ extern uint32_t CRYPTECH_DFU_CONTROL; __IO uint32_t *dfu_control = &CRYPTECH_DFU_CONTROL; __IO uint32_t *dfu_new_msp = &CRYPTECH_FIRMWARE_START; -__IO uint32_t *dfu_firmware = &CRYPTECH_FIRMWARE_START + 4; +__IO uint32_t *dfu_firmware = &CRYPTECH_FIRMWARE_START + 1; /* Flash sector offsets from RM0090, Table 6. Flash module - 2 Mbyte dual bank organization */ #define FLASH_NUM_SECTORS 24 + 1 -- cgit v1.2.3 From 24ce7281fcf08cd471f2948af7658dd57a53ee63 Mon Sep 17 00:00:00 2001 From: Fredrik Thulin Date: Fri, 27 May 2016 14:31:53 +0200 Subject: cli_command_root_node: bugfix missing command callback --- projects/cli-test/mgmt-cli.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'projects') diff --git a/projects/cli-test/mgmt-cli.h b/projects/cli-test/mgmt-cli.h index cf8444f..dd6a58b 100644 --- a/projects/cli-test/mgmt-cli.h +++ b/projects/cli-test/mgmt-cli.h @@ -64,7 +64,7 @@ /* ROOT NODE is a label without a parent, but with a command associated with it */ #define cli_command_root_node(name, help) \ - _cli_cmd_struct(name, name, NULL, (char *) help); \ + _cli_cmd_struct(name, name, cmd_##name, (char *) help); \ cli_register_command2(cli, &cmd_##name##_s, NULL) -- cgit v1.2.3 From 92ce4da1158aabd1a45d3a5044a5e5fd7bac3c41 Mon Sep 17 00:00:00 2001 From: Fredrik Thulin Date: Fri, 27 May 2016 15:56:16 +0200 Subject: DFU working - but no signature validation for now. --- projects/bootloader/Makefile | 4 +- projects/bootloader/bootloader.c | 88 +++++++++++---- projects/bootloader/crc32.c | 62 ++++++++++ projects/bootloader/dfu.c | 106 +++++++++++++++++ projects/bootloader/dfu.h | 62 ++++++++++ projects/cli-test/cli-test.c | 23 +++- projects/cli-test/mgmt-dfu.c | 237 +++++---------------------------------- projects/cli-test/mgmt-dfu.h | 17 ++- 8 files changed, 369 insertions(+), 230 deletions(-) create mode 100644 projects/bootloader/crc32.c create mode 100644 projects/bootloader/dfu.c create mode 100644 projects/bootloader/dfu.h (limited to 'projects') diff --git a/projects/bootloader/Makefile b/projects/bootloader/Makefile index 7cef633..4eef758 100644 --- a/projects/bootloader/Makefile +++ b/projects/bootloader/Makefile @@ -1,8 +1,10 @@ PROG = bootloader +OBJS = crc32.o dfu.o + all: $(PROG:=.elf) -%.elf: %.o $(BOARD_OBJS) $(LIBS) +%.elf: %.o $(BOARD_OBJS) $(OBJS) $(LIBS) $(CC) $(CFLAGS) $^ -o $@ -T$(BOOTLOADER_LDSCRIPT) -g -Wl,-Map=$*.map $(OBJCOPY) -O ihex $*.elf $*.hex $(OBJCOPY) -O binary $*.elf $*.bin diff --git a/projects/bootloader/bootloader.c b/projects/bootloader/bootloader.c index 1450c1a..ab3c1d9 100644 --- a/projects/bootloader/bootloader.c +++ b/projects/bootloader/bootloader.c @@ -1,22 +1,41 @@ /* + * bootloader.c + * ------------ * Bootloader to either install new firmware received from the MGMT UART, * or jump to previously installed firmware. * + * Copyright (c) 2016, NORDUnet A/S All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are + * met: + * - Redistributions of source code must retain the above copyright notice, + * this list of conditions and the following disclaimer. + * + * - Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * - Neither the name of the NORDUnet nor the names of its contributors may + * be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS + * IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED + * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A + * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED + * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR + * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF + * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING + * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ -#include "stm32f4xx_hal.h" #include "stm-init.h" #include "stm-led.h" #include "stm-uart.h" - -/* Magic bytes to signal the bootloader it should jump to the firmware - * instead of trying to receive a new firmware using the MGMT UART. - */ -#define HARDWARE_EARLY_DFU_JUMP 0xBADABADA - -/* symbols defined in the linker script (STM32F429BI.ld) */ -extern uint32_t CRYPTECH_FIRMWARE_START; -extern uint32_t CRYPTECH_FIRMWARE_END; -extern uint32_t CRYPTECH_DFU_CONTROL; +#include "dfu.h" /* Linker symbols are strange in C. Make regular pointers for sanity. */ __IO uint32_t *dfu_control = &CRYPTECH_DFU_CONTROL; @@ -42,10 +61,30 @@ void do_early_dfu_jump(void) while (1); } +int should_dfu() +{ + int i; + uint8_t rx = 0; + + /* While blinking the blue LED for one second, see if we receive a CR on the MGMT UART. + * We've discussed also requiring one or both of the FPGA config jumpers installed + * before allowing DFU of the STM32 - that check could be done here. + */ + led_on(LED_BLUE); + for (i = 0; i < 10; i++) { + HAL_Delay(100); + led_toggle(LED_BLUE); + if (uart_recv_char2(STM_UART_MGMT, &rx, 0) == HAL_OK) { + if (rx == 13) return 1; + } + } + return 0; +} + int main() { - int i; + int status; /* Check if we've just rebooted in order to jump to the firmware. */ if (*dfu_control == HARDWARE_EARLY_DFU_JUMP) { @@ -55,14 +94,23 @@ main() stm_init(); - uart_send_string2(STM_UART_MGMT, (char *) "This is the bootloader speaking..."); - - /* This is where uploading of new firmware over UART could happen */ + uart_send_string2(STM_UART_MGMT, (char *) "\r\n\r\nThis is the bootloader speaking..."); - led_on(LED_BLUE); - for (i = 0; i < 10; i++) { - HAL_Delay(100); - led_toggle(LED_BLUE); + if (should_dfu()) { + led_off(LED_BLUE); + if ((status = dfu_receive_firmware()) != 0) { + /* Upload of new firmware failed, reboot after lighting the red LED + * for three seconds. + */ + led_off(LED_BLUE); + led_on(LED_RED); + uart_send_string2(STM_UART_MGMT, (char *) "dfu_receive_firmware failed: "); + uart_send_number2(STM_UART_MGMT, status, 3, 16); + uart_send_string2(STM_UART_MGMT, (char *) "\r\n\r\nRebooting in three seconds\r\n"); + HAL_Delay(3000); + HAL_NVIC_SystemReset(); + while (1) {}; + } } /* Set dfu_control to the magic value that will cause the us to call do_early_dfu_jump @@ -70,7 +118,7 @@ main() */ *dfu_control = HARDWARE_EARLY_DFU_JUMP; - uart_send_string2(STM_UART_MGMT, (char *) "loading firmware\r\n"); + uart_send_string2(STM_UART_MGMT, (char *) "loading firmware\r\n\r\n"); /* De-initialize hardware by rebooting */ HAL_NVIC_SystemReset(); diff --git a/projects/bootloader/crc32.c b/projects/bootloader/crc32.c new file mode 100644 index 0000000..4d1a0bc --- /dev/null +++ b/projects/bootloader/crc32.c @@ -0,0 +1,62 @@ +/* Reference code from RFC1952. Not meant to be used outside test code. */ + +#include "stm32f4xx_hal.h" + + +/* Table of CRCs of all 8-bit messages. */ +unsigned long crc_table[256]; + +/* Flag: has the table been computed? Initially false. */ +int crc_table_computed = 0; + +/* Make the table for a fast CRC. */ +void make_crc_table(void) +{ + unsigned long c; + + int n, k; + for (n = 0; n < 256; n++) { + c = (unsigned long) n; + for (k = 0; k < 8; k++) { + if (c & 1) { + c = 0xedb88320L ^ (c >> 1); + } else { + c = c >> 1; + } + } + crc_table[n] = c; + } + crc_table_computed = 1; +} + +/* + Update a running crc with the bytes buf[0..len-1] and return + the updated crc. The crc should be initialized to zero. Pre- and + post-conditioning (one's complement) is performed within this + function so it shouldn't be done by the caller. Usage example: + + unsigned long crc = 0L; + + while (read_buffer(buffer, length) != EOF) { + crc = update_crc(crc, buffer, length); + } + if (crc != original_crc) error(); +*/ +uint32_t update_crc(uint32_t crc, uint8_t *buf, int len) +{ + unsigned long c = crc ^ 0xffffffffL; + int n; + + if (!crc_table_computed) + make_crc_table(); + for (n = 0; n < len; n++) { + c = crc_table[(c ^ buf[n]) & 0xff] ^ (c >> 8); + } + return c ^ 0xffffffffL; +} + +/* Return the CRC of the bytes buf[0..len-1]. */ +unsigned long crc(unsigned char *buf, int len) +{ + return update_crc(0L, buf, len); +} diff --git a/projects/bootloader/dfu.c b/projects/bootloader/dfu.c new file mode 100644 index 0000000..231e388 --- /dev/null +++ b/projects/bootloader/dfu.c @@ -0,0 +1,106 @@ +/* + * dfu.c + * ------------ + * Receive new firmware from MGMT UART and write it to STM32 internal flash. + * + * Copyright (c) 2016, NORDUnet A/S All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are + * met: + * - Redistributions of source code must retain the above copyright notice, + * this list of conditions and the following disclaimer. + * + * - Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * - Neither the name of the NORDUnet nor the names of its contributors may + * be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS + * IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED + * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A + * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED + * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR + * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF + * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING + * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +#include "dfu.h" +#include "stm-led.h" +#include "stm-uart.h" +#include "stm-flash.h" + +#include + +extern uint32_t update_crc(uint32_t crc, uint8_t *buf, int len); + + +int dfu_receive_firmware(void) +{ + uint32_t filesize = 0, crc = 0, my_crc = 0, counter = 0; + uint32_t offset = DFU_FIRMWARE_ADDR, n = DFU_UPLOAD_CHUNK_SIZE; + uint32_t buf[DFU_UPLOAD_CHUNK_SIZE / 4]; + + uart_send_string2(STM_UART_MGMT, (char *) "\r\nOK, bootloader waiting for new firmware\r\n"); + + /* Read file size (4 bytes) */ + uart_receive_bytes(STM_UART_MGMT, (void *) &filesize, 4, 1000); + if (filesize < 512 || filesize > DFU_FIRMWARE_END_ADDR - DFU_FIRMWARE_ADDR) { + return -1; + } + + HAL_FLASH_Unlock(); + + while (filesize) { + /* By initializing buf to the same value that erased flash has (0xff), we don't + * have to try and be smart when writing the last page of data to the memory. + */ + memset(buf, 0xffffffff, sizeof(buf)); + + if (filesize < n) { + n = filesize; + } + + if (uart_receive_bytes(STM_UART_MGMT, (void *) &buf, n, 1000) != HAL_OK) { + return -2; + } + filesize -= n; + + /* After reception of a chunk but before ACKing we have "all" the time in the world to + * calculate CRC and write it to flash. + */ + my_crc = update_crc(my_crc, (uint8_t *) buf, n); + stm_flash_write32(offset, buf, sizeof(buf) / 4); + offset += DFU_UPLOAD_CHUNK_SIZE; + + /* ACK this chunk by sending the current chunk counter (4 bytes) */ + counter++; + uart_send_bytes(STM_UART_MGMT, (void *) &counter, 4); + led_toggle(LED_BLUE); + } + + HAL_FLASH_Lock(); + + /* The sending side will now send it's calculated CRC-32 */ + uart_receive_bytes(STM_UART_MGMT, (void *) &crc, 4, 1000); + if (crc == my_crc) { + uart_send_string2(STM_UART_MGMT, (char *) "\r\nSuccess\r\n"); + return 0; + } + + led_on(LED_RED); + led_on(LED_YELLOW); + + /* Better to erase the known bad firmware */ + stm_flash_erase_sectors(DFU_FIRMWARE_ADDR, DFU_FIRMWARE_END_ADDR); + + led_off(LED_YELLOW); + + return 0; +} diff --git a/projects/bootloader/dfu.h b/projects/bootloader/dfu.h new file mode 100644 index 0000000..8dfed9d --- /dev/null +++ b/projects/bootloader/dfu.h @@ -0,0 +1,62 @@ +/* + * dfu.h + * --------- + * Device Firmware Upgrade defines and prototypes. + * + * Copyright (c) 2016, NORDUnet A/S All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are + * met: + * - Redistributions of source code must retain the above copyright notice, + * this list of conditions and the following disclaimer. + * + * - Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * - Neither the name of the NORDUnet nor the names of its contributors may + * be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS + * IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED + * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A + * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED + * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR + * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF + * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING + * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +#ifndef __STM32_BOOTLOADER_DFU_H +#define __STM32_BOOTLOADER_DFU_H + +#include "stm-init.h" + +/* symbols defined in the linker script (STM32F429BI_bootloader.ld) */ +extern uint32_t CRYPTECH_FIRMWARE_START; +extern uint32_t CRYPTECH_FIRMWARE_END; +extern uint32_t CRYPTECH_DFU_CONTROL; + +#define DFU_FIRMWARE_ADDR ((uint32_t) &CRYPTECH_FIRMWARE_START) +#define DFU_FIRMWARE_END_ADDR ((uint32_t) &CRYPTECH_FIRMWARE_END) +#define DFU_UPLOAD_CHUNK_SIZE 4096 + +/* Magic bytes to signal the bootloader it should jump to the firmware + * instead of trying to receive a new firmware using the MGMT UART. + */ +#define HARDWARE_EARLY_DFU_JUMP 0xBADABADA + +extern __IO uint32_t *dfu_control; +extern __IO uint32_t *dfu_firmware; +extern __IO uint32_t *dfu_msp_ptr; +extern __IO uint32_t *dfu_code_ptr; + +extern int dfu_receive_firmware(void); + + +#endif /* __STM32_BOOTLOADER_DFU_H */ diff --git a/projects/cli-test/cli-test.c b/projects/cli-test/cli-test.c index 30623a4..84c268b 100644 --- a/projects/cli-test/cli-test.c +++ b/projects/cli-test/cli-test.c @@ -397,7 +397,7 @@ void configure_cli_test(struct cli_def *cli) cli_command_node(test, sdram, "Run SDRAM tests"); } -void configure_cli_misc(struct cli_def *cli) +static void configure_cli_misc(struct cli_def *cli) { /* filetransfer */ cli_command_root_node(filetransfer, "Test file transfering"); @@ -405,11 +405,32 @@ void configure_cli_misc(struct cli_def *cli) cli_command_root_node(reboot, "Reboot the STM32"); } +typedef void (*pFunction)(void); + +/* This is it's own function to make it more convenient to set a breakpoint at it in gdb */ +void do_early_dfu_jump(void) +{ + pFunction loaded_app = (pFunction) *dfu_code_ptr; + /* Set the stack pointer to the correct one for the firmware */ + __set_MSP(*dfu_msp_ptr); + /* Set the Vector Table Offset Register */ + SCB->VTOR = (uint32_t) dfu_firmware; + loaded_app(); + while (1); +} + + int main() { static struct cli_def cli; + /* Check if we've just rebooted in order to jump to the firmware. */ + if (*dfu_control == HARDWARE_EARLY_DFU_JUMP) { + *dfu_control = 0; + do_early_dfu_jump(); + } + stm_init(); led_on(LED_RED); diff --git a/projects/cli-test/mgmt-dfu.c b/projects/cli-test/mgmt-dfu.c index 33c6e2e..27fd722 100644 --- a/projects/cli-test/mgmt-dfu.c +++ b/projects/cli-test/mgmt-dfu.c @@ -1,7 +1,7 @@ /* * mgmt-dfu.c * --------- - * Management CLI Device Firmware Upgrade code. + * CLI code for looking at, jumping to or erasing the loaded firmware. * * Copyright (c) 2016, NORDUnet A/S All rights reserved. * @@ -35,188 +35,31 @@ #include "stm-init.h" #include "mgmt-cli.h" #include "stm-uart.h" -#include "cmsis_nvic.h" +#include "stm-flash.h" +#include "mgmt-dfu.h" #include extern uint32_t update_crc(uint32_t crc, uint8_t *buf, int len); -/* symbols defined in the linker script (STM32F429BI.ld) */ -extern uint32_t CRYPTECH_FIRMWARE_START; -extern uint32_t CRYPTECH_FIRMWARE_END; -extern uint32_t CRYPTECH_DFU_CONTROL; - -#define DFU_FIRMWARE_ADDR ((uint32_t ) &CRYPTECH_FIRMWARE_START) -#define DFU_FIRMWARE_PTR ((__IO uint32_t *) (CRYPTECH_FIRMWARE_START)) -#define DFU_FIRMWARE_END_ADDR CRYPTECH_FIRMWARE_END -#define HARDWARE_EARLY_DFU_JUMP 0xBADABADA -#define DFU_UPLOAD_CHUNK_SIZE 256 - +/* Linker symbols are strange in C. Make regular pointers for sanity. */ __IO uint32_t *dfu_control = &CRYPTECH_DFU_CONTROL; -__IO uint32_t *dfu_new_msp = &CRYPTECH_FIRMWARE_START; -__IO uint32_t *dfu_firmware = &CRYPTECH_FIRMWARE_START + 1; - -/* Flash sector offsets from RM0090, Table 6. Flash module - 2 Mbyte dual bank organization */ -#define FLASH_NUM_SECTORS 24 + 1 -uint32_t flash_sector_offsets[FLASH_NUM_SECTORS] = { - /* Bank 1 */ - 0x08000000, /* #0, 16 KBytes */ - 0x08004000, /* #1, 16 Kbytes */ - 0x08008000, /* #2, 16 Kbytes */ - 0x0800C000, /* #3, 16 Kbytes */ - 0x08010000, /* #4, 64 Kbytes */ - 0x08020000, /* #5, 128 Kbytes */ - 0x08040000, /* #6, 128 Kbytes */ - 0x08060000, /* #7, 128 Kbytes */ - 0x08080000, /* #8, 128 Kbytes */ - 0x080A0000, /* #9, 128 Kbytes */ - 0x080C0000, /* #10, 128 Kbytes */ - 0x080E0000, /* #11, 128 Kbytes */ - /* Bank 2 */ - 0x08100000, /* #12, 16 Kbytes */ - 0x08104000, /* #13, 16 Kbytes */ - 0x08108000, /* #14, 16 Kbytes */ - 0x0810C000, /* #15, 16 Kbytes */ - 0x08110000, /* #16, 64 Kbytes */ - 0x08120000, /* #17, 128 Kbytes */ - 0x08140000, /* #18, 128 Kbytes */ - 0x08160000, /* #19, 128 Kbytes */ - 0x08180000, /* #20, 128 Kbytes */ - 0x081A0000, /* #21, 128 Kbytes */ - 0x081C0000, /* #22, 128 Kbytes */ - 0x081E0000, /* #23, 128 Kbytes */ - 0x08200000 /* first address *after* flash */ -}; - - -typedef void (*pFunction)(void); - - -/* This is it's own function to make it more convenient to set a breakpoint at it in gdb */ -void do_early_dfu_jump(void) -{ - //pFunction loaded_app = (pFunction) *(DFU_FIRMWARE_PTR + 1); - pFunction loaded_app = (pFunction) *dfu_firmware; - *dfu_control = 0; - __set_MSP(*dfu_new_msp); - /* Set the Vector Table Offset Register */ - SCB->VTOR = DFU_FIRMWARE_ADDR; - loaded_app(); - while (1); -} - -/* This function is called from main() before any peripherals are initialized */ -void check_early_dfu_jump(void) -{ - if (*dfu_control == HARDWARE_EARLY_DFU_JUMP) { - do_early_dfu_jump(); - } -} - -inline int _flash_sector_num(uint32_t offset) -{ - int i = FLASH_NUM_SECTORS - 1; - while (i-- >= 0) { - if (offset >= flash_sector_offsets[i] && - offset < flash_sector_offsets[i + 1]) { - return i; - } - } - return -1; -} - -int _write_to_flash(uint32_t offset, const uint32_t *buf, uint32_t elements) -{ - uint32_t sector = _flash_sector_num(offset); - uint32_t SectorError = 0, i, j; - - if (offset == flash_sector_offsets[sector]) { - /* Request to write to beginning of a flash sector, erase it first. */ - FLASH_EraseInitTypeDef FLASH_EraseInitStruct; - - FLASH_EraseInitStruct.TypeErase = TYPEERASE_SECTORS; - FLASH_EraseInitStruct.Sector = sector; - FLASH_EraseInitStruct.NbSectors = 1; - FLASH_EraseInitStruct.VoltageRange = VOLTAGE_RANGE_3; - - if (HAL_FLASHEx_Erase(&FLASH_EraseInitStruct, &SectorError) != HAL_OK) { - return -1; - } - } - - for (i = 0; i < elements; i++) { - if ((j = HAL_FLASH_Program(FLASH_TYPEPROGRAM_WORD, offset, buf[i])) != HAL_OK) { - return -2; - } - offset += 4; - } - - return 1; -} - -int cmd_dfu_upload(struct cli_def *cli, const char *command, char *argv[], int argc) -{ - uint32_t filesize = 0, crc = 0, my_crc = 0, counter = 0; - uint32_t offset = DFU_FIRMWARE_ADDR, n = DFU_UPLOAD_CHUNK_SIZE; - uint32_t buf[DFU_UPLOAD_CHUNK_SIZE / 4]; - - cli_print(cli, "OK, write DFU application file size (4 bytes), data in %i byte chunks, CRC-32 (4 bytes)", - DFU_UPLOAD_CHUNK_SIZE); - - /* Read file size (4 bytes) */ - uart_receive_bytes(STM_UART_MGMT, (void *) &filesize, 4, 1000); - cli_print(cli, "File size %li, will write it to 0x%lx", filesize, offset); - - HAL_FLASH_Unlock(); - - while (filesize) { - /* By initializing buf to the same value that erased flash has (0xff), we don't - * have to try and be smart when writing the last page of data to the memory. - */ - memset(buf, 0xffffffff, sizeof(buf)); - - if (filesize < n) { - n = filesize; - } - - if (uart_receive_bytes(STM_UART_MGMT, (void *) &buf, n, 1000) != HAL_OK) { - cli_print(cli, "Receive timed out"); - return CLI_ERROR; - } - filesize -= n; - - /* After reception of a chunk but before ACKing we have "all" the time in the world to - * calculate CRC and write it to flash. - */ - my_crc = update_crc(my_crc, (uint8_t *) buf, n); - _write_to_flash(offset, buf, sizeof(buf) / 4); - offset += DFU_UPLOAD_CHUNK_SIZE; - - /* ACK this chunk by sending the current chunk counter (4 bytes) */ - counter++; - uart_send_bytes(STM_UART_MGMT, (void *) &counter, 4); - } +__IO uint32_t *dfu_firmware = &CRYPTECH_FIRMWARE_START; +__IO uint32_t *dfu_firmware_end = &CRYPTECH_FIRMWARE_END; +/* The first word in the firmware is an address to the stack (msp) */ +__IO uint32_t *dfu_msp_ptr = &CRYPTECH_FIRMWARE_START; +/* The second word in the firmware is a pointer to the code + * (points at the Reset_Handler from the linker script). + */ +__IO uint32_t *dfu_code_ptr = &CRYPTECH_FIRMWARE_START + 1; - HAL_FLASH_Lock(); - /* The sending side will now send it's calculated CRC-32 */ - cli_print(cli, "Send CRC-32"); - uart_receive_bytes(STM_UART_MGMT, (void *) &crc, 4, 1000); - cli_print(cli, "CRC-32 %li", crc); - if (crc == my_crc) { - cli_print(cli, "CRC checksum MATCHED"); - } else { - cli_print(cli, "CRC checksum did NOT match"); - } - - return CLI_OK; -} int cmd_dfu_dump(struct cli_def *cli, const char *command, char *argv[], int argc) { - cli_print(cli, "First 256 bytes from DFU application address %p:\r\n", DFU_FIRMWARE_PTR); + cli_print(cli, "First 256 bytes from DFU application address %p:\r\n", dfu_firmware); - uart_send_hexdump(STM_UART_MGMT, (uint8_t *) DFU_FIRMWARE_ADDR, 0, 0xff); + uart_send_hexdump(STM_UART_MGMT, (uint8_t *) dfu_firmware, 0, 0xff); uart_send_string2(STM_UART_MGMT, (char *) "\r\n\r\n"); return CLI_OK; @@ -224,37 +67,18 @@ int cmd_dfu_dump(struct cli_def *cli, const char *command, char *argv[], int arg int cmd_dfu_erase(struct cli_def *cli, const char *command, char *argv[], int argc) { - uint32_t start_sector = _flash_sector_num(DFU_FIRMWARE_ADDR); - uint32_t end_sector = _flash_sector_num(DFU_FIRMWARE_END_ADDR); - uint32_t sector; + int status; - cli_print(cli, "Erasing flash sectors %li to %li (address %p to %p)", - start_sector, end_sector, - (uint32_t *) DFU_FIRMWARE_ADDR, - (uint32_t *) DFU_FIRMWARE_END_ADDR); + cli_print(cli, "Erasing flash sectors %i to %i (address %p to %p) - expect the CLI to crash now", + stm_flash_sector_num((uint32_t) dfu_firmware), + stm_flash_sector_num((uint32_t) dfu_firmware_end), + dfu_firmware, + dfu_firmware_end); - if (start_sector > end_sector) { - cli_print(cli, "ERROR: Bad sectors"); - return CLI_ERROR; + if ((status = stm_flash_erase_sectors((uint32_t) dfu_firmware, (uint32_t) dfu_firmware_end)) != 0) { + cli_print(cli, "Failed erasing flash sectors (%i)", status); } - HAL_FLASH_Unlock(); - - for (sector = start_sector; sector <= end_sector; sector++) { - uint32_t SectorError = 0; - FLASH_EraseInitTypeDef FLASH_EraseInitStruct; - - FLASH_EraseInitStruct.TypeErase = TYPEERASE_SECTORS; - FLASH_EraseInitStruct.Sector = sector; - FLASH_EraseInitStruct.NbSectors = 1; - FLASH_EraseInitStruct.VoltageRange = VOLTAGE_RANGE_3; - - if (HAL_FLASHEx_Erase(&FLASH_EraseInitStruct, &SectorError) != HAL_OK) { - cli_print(cli, "ERROR: Failed erasing sector %li", sector); - } - } - HAL_FLASH_Lock(); - return CLI_OK; } @@ -264,21 +88,23 @@ int cmd_dfu_jump(struct cli_def *cli, const char *command, char *argv[], int arg /* Load first byte from the DFU_FIRMWARE_PTR to verify it contains an IVT before * jumping there. */ - cli_print(cli, "Checking for application at %p", DFU_FIRMWARE_PTR); + cli_print(cli, "Checking for application at %p", dfu_firmware); - //new_msp = (uint32_t) DFU_FIRMWARE_PTR; - i = *dfu_new_msp & 0xFF000000; + i = *dfu_msp_ptr & 0xFF000000; /* 'new_msp' is supposed to be a pointer to the new applications stack, it should * point either at RAM (0x20000000) or at the CCM memory (0x10000000). */ if (i == 0x20000000 || i == 0x10000000) { + /* Set dfu_control to the magic value that will cause the us to jump to the + * firmware from the CLI main() function after rebooting. + */ *dfu_control = HARDWARE_EARLY_DFU_JUMP; cli_print(cli, "Making the leap"); HAL_NVIC_SystemReset(); while (1) { ; } } else { cli_print(cli, "No loaded application found at %p (read 0x%x)", - DFU_FIRMWARE_PTR, (unsigned int) *dfu_new_msp); + dfu_firmware, (unsigned int) *dfu_msp_ptr); } return CLI_OK; @@ -288,8 +114,7 @@ void configure_cli_dfu(struct cli_def *cli) { cli_command_root(dfu); - cli_command_node(dfu, dump, "Show the first 256 bytes of the loaded application"); - cli_command_node(dfu, jump, "Jump to the loaded application"); - cli_command_node(dfu, upload, "Load a new application"); - cli_command_node(dfu, erase, "Erase the application memory"); + cli_command_node(dfu, dump, "Show the first 256 bytes of the loaded firmware"); + cli_command_node(dfu, jump, "Jump to the loaded firmware"); + cli_command_node(dfu, erase, "Erase the firmware memory (will crash the CLI)"); } diff --git a/projects/cli-test/mgmt-dfu.h b/projects/cli-test/mgmt-dfu.h index e1e3932..ac6589c 100644 --- a/projects/cli-test/mgmt-dfu.h +++ b/projects/cli-test/mgmt-dfu.h @@ -38,9 +38,22 @@ #include "stm-init.h" #include -#define DFU_UPLOAD_CHUNK_SIZE 256 +/* symbols defined in the linker script (STM32F429BI.ld) */ +extern uint32_t CRYPTECH_FIRMWARE_START; +extern uint32_t CRYPTECH_FIRMWARE_END; +extern uint32_t CRYPTECH_DFU_CONTROL; + +#define DFU_FIRMWARE_ADDR ((uint32_t) &CRYPTECH_FIRMWARE_START) +#define DFU_FIRMWARE_END_ADDR ((uint32_t) &CRYPTECH_FIRMWARE_END) +#define DFU_UPLOAD_CHUNK_SIZE 256 +#define HARDWARE_EARLY_DFU_JUMP 0xBADABADA + +extern __IO uint32_t *dfu_control; +extern __IO uint32_t *dfu_firmware; +extern __IO uint32_t *dfu_msp_ptr; +extern __IO uint32_t *dfu_code_ptr; + extern void configure_cli_dfu(struct cli_def *cli); -extern void check_early_dfu_jump(void); #endif /* __STM32_CLI_MGMT_DFU_H */ -- cgit v1.2.3