From 92ce4da1158aabd1a45d3a5044a5e5fd7bac3c41 Mon Sep 17 00:00:00 2001 From: Fredrik Thulin Date: Fri, 27 May 2016 15:56:16 +0200 Subject: DFU working - but no signature validation for now. --- projects/bootloader/Makefile | 4 +- projects/bootloader/bootloader.c | 88 +++++++++++---- projects/bootloader/crc32.c | 62 ++++++++++ projects/bootloader/dfu.c | 106 +++++++++++++++++ projects/bootloader/dfu.h | 62 ++++++++++ projects/cli-test/cli-test.c | 23 +++- projects/cli-test/mgmt-dfu.c | 237 +++++---------------------------------- projects/cli-test/mgmt-dfu.h | 17 ++- 8 files changed, 369 insertions(+), 230 deletions(-) create mode 100644 projects/bootloader/crc32.c create mode 100644 projects/bootloader/dfu.c create mode 100644 projects/bootloader/dfu.h (limited to 'projects') diff --git a/projects/bootloader/Makefile b/projects/bootloader/Makefile index 7cef633..4eef758 100644 --- a/projects/bootloader/Makefile +++ b/projects/bootloader/Makefile @@ -1,8 +1,10 @@ PROG = bootloader +OBJS = crc32.o dfu.o + all: $(PROG:=.elf) -%.elf: %.o $(BOARD_OBJS) $(LIBS) +%.elf: %.o $(BOARD_OBJS) $(OBJS) $(LIBS) $(CC) $(CFLAGS) $^ -o $@ -T$(BOOTLOADER_LDSCRIPT) -g -Wl,-Map=$*.map $(OBJCOPY) -O ihex $*.elf $*.hex $(OBJCOPY) -O binary $*.elf $*.bin diff --git a/projects/bootloader/bootloader.c b/projects/bootloader/bootloader.c index 1450c1a..ab3c1d9 100644 --- a/projects/bootloader/bootloader.c +++ b/projects/bootloader/bootloader.c @@ -1,22 +1,41 @@ /* + * bootloader.c + * ------------ * Bootloader to either install new firmware received from the MGMT UART, * or jump to previously installed firmware. * + * Copyright (c) 2016, NORDUnet A/S All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are + * met: + * - Redistributions of source code must retain the above copyright notice, + * this list of conditions and the following disclaimer. + * + * - Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * - Neither the name of the NORDUnet nor the names of its contributors may + * be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS + * IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED + * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A + * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED + * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR + * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF + * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING + * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ -#include "stm32f4xx_hal.h" #include "stm-init.h" #include "stm-led.h" #include "stm-uart.h" - -/* Magic bytes to signal the bootloader it should jump to the firmware - * instead of trying to receive a new firmware using the MGMT UART. - */ -#define HARDWARE_EARLY_DFU_JUMP 0xBADABADA - -/* symbols defined in the linker script (STM32F429BI.ld) */ -extern uint32_t CRYPTECH_FIRMWARE_START; -extern uint32_t CRYPTECH_FIRMWARE_END; -extern uint32_t CRYPTECH_DFU_CONTROL; +#include "dfu.h" /* Linker symbols are strange in C. Make regular pointers for sanity. */ __IO uint32_t *dfu_control = &CRYPTECH_DFU_CONTROL; @@ -42,10 +61,30 @@ void do_early_dfu_jump(void) while (1); } +int should_dfu() +{ + int i; + uint8_t rx = 0; + + /* While blinking the blue LED for one second, see if we receive a CR on the MGMT UART. + * We've discussed also requiring one or both of the FPGA config jumpers installed + * before allowing DFU of the STM32 - that check could be done here. + */ + led_on(LED_BLUE); + for (i = 0; i < 10; i++) { + HAL_Delay(100); + led_toggle(LED_BLUE); + if (uart_recv_char2(STM_UART_MGMT, &rx, 0) == HAL_OK) { + if (rx == 13) return 1; + } + } + return 0; +} + int main() { - int i; + int status; /* Check if we've just rebooted in order to jump to the firmware. */ if (*dfu_control == HARDWARE_EARLY_DFU_JUMP) { @@ -55,14 +94,23 @@ main() stm_init(); - uart_send_string2(STM_UART_MGMT, (char *) "This is the bootloader speaking..."); - - /* This is where uploading of new firmware over UART could happen */ + uart_send_string2(STM_UART_MGMT, (char *) "\r\n\r\nThis is the bootloader speaking..."); - led_on(LED_BLUE); - for (i = 0; i < 10; i++) { - HAL_Delay(100); - led_toggle(LED_BLUE); + if (should_dfu()) { + led_off(LED_BLUE); + if ((status = dfu_receive_firmware()) != 0) { + /* Upload of new firmware failed, reboot after lighting the red LED + * for three seconds. + */ + led_off(LED_BLUE); + led_on(LED_RED); + uart_send_string2(STM_UART_MGMT, (char *) "dfu_receive_firmware failed: "); + uart_send_number2(STM_UART_MGMT, status, 3, 16); + uart_send_string2(STM_UART_MGMT, (char *) "\r\n\r\nRebooting in three seconds\r\n"); + HAL_Delay(3000); + HAL_NVIC_SystemReset(); + while (1) {}; + } } /* Set dfu_control to the magic value that will cause the us to call do_early_dfu_jump @@ -70,7 +118,7 @@ main() */ *dfu_control = HARDWARE_EARLY_DFU_JUMP; - uart_send_string2(STM_UART_MGMT, (char *) "loading firmware\r\n"); + uart_send_string2(STM_UART_MGMT, (char *) "loading firmware\r\n\r\n"); /* De-initialize hardware by rebooting */ HAL_NVIC_SystemReset(); diff --git a/projects/bootloader/crc32.c b/projects/bootloader/crc32.c new file mode 100644 index 0000000..4d1a0bc --- /dev/null +++ b/projects/bootloader/crc32.c @@ -0,0 +1,62 @@ +/* Reference code from RFC1952. Not meant to be used outside test code. */ + +#include "stm32f4xx_hal.h" + + +/* Table of CRCs of all 8-bit messages. */ +unsigned long crc_table[256]; + +/* Flag: has the table been computed? Initially false. */ +int crc_table_computed = 0; + +/* Make the table for a fast CRC. */ +void make_crc_table(void) +{ + unsigned long c; + + int n, k; + for (n = 0; n < 256; n++) { + c = (unsigned long) n; + for (k = 0; k < 8; k++) { + if (c & 1) { + c = 0xedb88320L ^ (c >> 1); + } else { + c = c >> 1; + } + } + crc_table[n] = c; + } + crc_table_computed = 1; +} + +/* + Update a running crc with the bytes buf[0..len-1] and return + the updated crc. The crc should be initialized to zero. Pre- and + post-conditioning (one's complement) is performed within this + function so it shouldn't be done by the caller. Usage example: + + unsigned long crc = 0L; + + while (read_buffer(buffer, length) != EOF) { + crc = update_crc(crc, buffer, length); + } + if (crc != original_crc) error(); +*/ +uint32_t update_crc(uint32_t crc, uint8_t *buf, int len) +{ + unsigned long c = crc ^ 0xffffffffL; + int n; + + if (!crc_table_computed) + make_crc_table(); + for (n = 0; n < len; n++) { + c = crc_table[(c ^ buf[n]) & 0xff] ^ (c >> 8); + } + return c ^ 0xffffffffL; +} + +/* Return the CRC of the bytes buf[0..len-1]. */ +unsigned long crc(unsigned char *buf, int len) +{ + return update_crc(0L, buf, len); +} diff --git a/projects/bootloader/dfu.c b/projects/bootloader/dfu.c new file mode 100644 index 0000000..231e388 --- /dev/null +++ b/projects/bootloader/dfu.c @@ -0,0 +1,106 @@ +/* + * dfu.c + * ------------ + * Receive new firmware from MGMT UART and write it to STM32 internal flash. + * + * Copyright (c) 2016, NORDUnet A/S All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are + * met: + * - Redistributions of source code must retain the above copyright notice, + * this list of conditions and the following disclaimer. + * + * - Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * - Neither the name of the NORDUnet nor the names of its contributors may + * be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS + * IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED + * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A + * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED + * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR + * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF + * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING + * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +#include "dfu.h" +#include "stm-led.h" +#include "stm-uart.h" +#include "stm-flash.h" + +#include + +extern uint32_t update_crc(uint32_t crc, uint8_t *buf, int len); + + +int dfu_receive_firmware(void) +{ + uint32_t filesize = 0, crc = 0, my_crc = 0, counter = 0; + uint32_t offset = DFU_FIRMWARE_ADDR, n = DFU_UPLOAD_CHUNK_SIZE; + uint32_t buf[DFU_UPLOAD_CHUNK_SIZE / 4]; + + uart_send_string2(STM_UART_MGMT, (char *) "\r\nOK, bootloader waiting for new firmware\r\n"); + + /* Read file size (4 bytes) */ + uart_receive_bytes(STM_UART_MGMT, (void *) &filesize, 4, 1000); + if (filesize < 512 || filesize > DFU_FIRMWARE_END_ADDR - DFU_FIRMWARE_ADDR) { + return -1; + } + + HAL_FLASH_Unlock(); + + while (filesize) { + /* By initializing buf to the same value that erased flash has (0xff), we don't + * have to try and be smart when writing the last page of data to the memory. + */ + memset(buf, 0xffffffff, sizeof(buf)); + + if (filesize < n) { + n = filesize; + } + + if (uart_receive_bytes(STM_UART_MGMT, (void *) &buf, n, 1000) != HAL_OK) { + return -2; + } + filesize -= n; + + /* After reception of a chunk but before ACKing we have "all" the time in the world to + * calculate CRC and write it to flash. + */ + my_crc = update_crc(my_crc, (uint8_t *) buf, n); + stm_flash_write32(offset, buf, sizeof(buf) / 4); + offset += DFU_UPLOAD_CHUNK_SIZE; + + /* ACK this chunk by sending the current chunk counter (4 bytes) */ + counter++; + uart_send_bytes(STM_UART_MGMT, (void *) &counter, 4); + led_toggle(LED_BLUE); + } + + HAL_FLASH_Lock(); + + /* The sending side will now send it's calculated CRC-32 */ + uart_receive_bytes(STM_UART_MGMT, (void *) &crc, 4, 1000); + if (crc == my_crc) { + uart_send_string2(STM_UART_MGMT, (char *) "\r\nSuccess\r\n"); + return 0; + } + + led_on(LED_RED); + led_on(LED_YELLOW); + + /* Better to erase the known bad firmware */ + stm_flash_erase_sectors(DFU_FIRMWARE_ADDR, DFU_FIRMWARE_END_ADDR); + + led_off(LED_YELLOW); + + return 0; +} diff --git a/projects/bootloader/dfu.h b/projects/bootloader/dfu.h new file mode 100644 index 0000000..8dfed9d --- /dev/null +++ b/projects/bootloader/dfu.h @@ -0,0 +1,62 @@ +/* + * dfu.h + * --------- + * Device Firmware Upgrade defines and prototypes. + * + * Copyright (c) 2016, NORDUnet A/S All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are + * met: + * - Redistributions of source code must retain the above copyright notice, + * this list of conditions and the following disclaimer. + * + * - Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * - Neither the name of the NORDUnet nor the names of its contributors may + * be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS + * IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED + * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A + * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED + * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR + * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF + * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING + * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +#ifndef __STM32_BOOTLOADER_DFU_H +#define __STM32_BOOTLOADER_DFU_H + +#include "stm-init.h" + +/* symbols defined in the linker script (STM32F429BI_bootloader.ld) */ +extern uint32_t CRYPTECH_FIRMWARE_START; +extern uint32_t CRYPTECH_FIRMWARE_END; +extern uint32_t CRYPTECH_DFU_CONTROL; + +#define DFU_FIRMWARE_ADDR ((uint32_t) &CRYPTECH_FIRMWARE_START) +#define DFU_FIRMWARE_END_ADDR ((uint32_t) &CRYPTECH_FIRMWARE_END) +#define DFU_UPLOAD_CHUNK_SIZE 4096 + +/* Magic bytes to signal the bootloader it should jump to the firmware + * instead of trying to receive a new firmware using the MGMT UART. + */ +#define HARDWARE_EARLY_DFU_JUMP 0xBADABADA + +extern __IO uint32_t *dfu_control; +extern __IO uint32_t *dfu_firmware; +extern __IO uint32_t *dfu_msp_ptr; +extern __IO uint32_t *dfu_code_ptr; + +extern int dfu_receive_firmware(void); + + +#endif /* __STM32_BOOTLOADER_DFU_H */ diff --git a/projects/cli-test/cli-test.c b/projects/cli-test/cli-test.c index 30623a4..84c268b 100644 --- a/projects/cli-test/cli-test.c +++ b/projects/cli-test/cli-test.c @@ -397,7 +397,7 @@ void configure_cli_test(struct cli_def *cli) cli_command_node(test, sdram, "Run SDRAM tests"); } -void configure_cli_misc(struct cli_def *cli) +static void configure_cli_misc(struct cli_def *cli) { /* filetransfer */ cli_command_root_node(filetransfer, "Test file transfering"); @@ -405,11 +405,32 @@ void configure_cli_misc(struct cli_def *cli) cli_command_root_node(reboot, "Reboot the STM32"); } +typedef void (*pFunction)(void); + +/* This is it's own function to make it more convenient to set a breakpoint at it in gdb */ +void do_early_dfu_jump(void) +{ + pFunction loaded_app = (pFunction) *dfu_code_ptr; + /* Set the stack pointer to the correct one for the firmware */ + __set_MSP(*dfu_msp_ptr); + /* Set the Vector Table Offset Register */ + SCB->VTOR = (uint32_t) dfu_firmware; + loaded_app(); + while (1); +} + + int main() { static struct cli_def cli; + /* Check if we've just rebooted in order to jump to the firmware. */ + if (*dfu_control == HARDWARE_EARLY_DFU_JUMP) { + *dfu_control = 0; + do_early_dfu_jump(); + } + stm_init(); led_on(LED_RED); diff --git a/projects/cli-test/mgmt-dfu.c b/projects/cli-test/mgmt-dfu.c index 33c6e2e..27fd722 100644 --- a/projects/cli-test/mgmt-dfu.c +++ b/projects/cli-test/mgmt-dfu.c @@ -1,7 +1,7 @@ /* * mgmt-dfu.c * --------- - * Management CLI Device Firmware Upgrade code. + * CLI code for looking at, jumping to or erasing the loaded firmware. * * Copyright (c) 2016, NORDUnet A/S All rights reserved. * @@ -35,188 +35,31 @@ #include "stm-init.h" #include "mgmt-cli.h" #include "stm-uart.h" -#include "cmsis_nvic.h" +#include "stm-flash.h" +#include "mgmt-dfu.h" #include extern uint32_t update_crc(uint32_t crc, uint8_t *buf, int len); -/* symbols defined in the linker script (STM32F429BI.ld) */ -extern uint32_t CRYPTECH_FIRMWARE_START; -extern uint32_t CRYPTECH_FIRMWARE_END; -extern uint32_t CRYPTECH_DFU_CONTROL; - -#define DFU_FIRMWARE_ADDR ((uint32_t ) &CRYPTECH_FIRMWARE_START) -#define DFU_FIRMWARE_PTR ((__IO uint32_t *) (CRYPTECH_FIRMWARE_START)) -#define DFU_FIRMWARE_END_ADDR CRYPTECH_FIRMWARE_END -#define HARDWARE_EARLY_DFU_JUMP 0xBADABADA -#define DFU_UPLOAD_CHUNK_SIZE 256 - +/* Linker symbols are strange in C. Make regular pointers for sanity. */ __IO uint32_t *dfu_control = &CRYPTECH_DFU_CONTROL; -__IO uint32_t *dfu_new_msp = &CRYPTECH_FIRMWARE_START; -__IO uint32_t *dfu_firmware = &CRYPTECH_FIRMWARE_START + 1; - -/* Flash sector offsets from RM0090, Table 6. Flash module - 2 Mbyte dual bank organization */ -#define FLASH_NUM_SECTORS 24 + 1 -uint32_t flash_sector_offsets[FLASH_NUM_SECTORS] = { - /* Bank 1 */ - 0x08000000, /* #0, 16 KBytes */ - 0x08004000, /* #1, 16 Kbytes */ - 0x08008000, /* #2, 16 Kbytes */ - 0x0800C000, /* #3, 16 Kbytes */ - 0x08010000, /* #4, 64 Kbytes */ - 0x08020000, /* #5, 128 Kbytes */ - 0x08040000, /* #6, 128 Kbytes */ - 0x08060000, /* #7, 128 Kbytes */ - 0x08080000, /* #8, 128 Kbytes */ - 0x080A0000, /* #9, 128 Kbytes */ - 0x080C0000, /* #10, 128 Kbytes */ - 0x080E0000, /* #11, 128 Kbytes */ - /* Bank 2 */ - 0x08100000, /* #12, 16 Kbytes */ - 0x08104000, /* #13, 16 Kbytes */ - 0x08108000, /* #14, 16 Kbytes */ - 0x0810C000, /* #15, 16 Kbytes */ - 0x08110000, /* #16, 64 Kbytes */ - 0x08120000, /* #17, 128 Kbytes */ - 0x08140000, /* #18, 128 Kbytes */ - 0x08160000, /* #19, 128 Kbytes */ - 0x08180000, /* #20, 128 Kbytes */ - 0x081A0000, /* #21, 128 Kbytes */ - 0x081C0000, /* #22, 128 Kbytes */ - 0x081E0000, /* #23, 128 Kbytes */ - 0x08200000 /* first address *after* flash */ -}; - - -typedef void (*pFunction)(void); - - -/* This is it's own function to make it more convenient to set a breakpoint at it in gdb */ -void do_early_dfu_jump(void) -{ - //pFunction loaded_app = (pFunction) *(DFU_FIRMWARE_PTR + 1); - pFunction loaded_app = (pFunction) *dfu_firmware; - *dfu_control = 0; - __set_MSP(*dfu_new_msp); - /* Set the Vector Table Offset Register */ - SCB->VTOR = DFU_FIRMWARE_ADDR; - loaded_app(); - while (1); -} - -/* This function is called from main() before any peripherals are initialized */ -void check_early_dfu_jump(void) -{ - if (*dfu_control == HARDWARE_EARLY_DFU_JUMP) { - do_early_dfu_jump(); - } -} - -inline int _flash_sector_num(uint32_t offset) -{ - int i = FLASH_NUM_SECTORS - 1; - while (i-- >= 0) { - if (offset >= flash_sector_offsets[i] && - offset < flash_sector_offsets[i + 1]) { - return i; - } - } - return -1; -} - -int _write_to_flash(uint32_t offset, const uint32_t *buf, uint32_t elements) -{ - uint32_t sector = _flash_sector_num(offset); - uint32_t SectorError = 0, i, j; - - if (offset == flash_sector_offsets[sector]) { - /* Request to write to beginning of a flash sector, erase it first. */ - FLASH_EraseInitTypeDef FLASH_EraseInitStruct; - - FLASH_EraseInitStruct.TypeErase = TYPEERASE_SECTORS; - FLASH_EraseInitStruct.Sector = sector; - FLASH_EraseInitStruct.NbSectors = 1; - FLASH_EraseInitStruct.VoltageRange = VOLTAGE_RANGE_3; - - if (HAL_FLASHEx_Erase(&FLASH_EraseInitStruct, &SectorError) != HAL_OK) { - return -1; - } - } - - for (i = 0; i < elements; i++) { - if ((j = HAL_FLASH_Program(FLASH_TYPEPROGRAM_WORD, offset, buf[i])) != HAL_OK) { - return -2; - } - offset += 4; - } - - return 1; -} - -int cmd_dfu_upload(struct cli_def *cli, const char *command, char *argv[], int argc) -{ - uint32_t filesize = 0, crc = 0, my_crc = 0, counter = 0; - uint32_t offset = DFU_FIRMWARE_ADDR, n = DFU_UPLOAD_CHUNK_SIZE; - uint32_t buf[DFU_UPLOAD_CHUNK_SIZE / 4]; - - cli_print(cli, "OK, write DFU application file size (4 bytes), data in %i byte chunks, CRC-32 (4 bytes)", - DFU_UPLOAD_CHUNK_SIZE); - - /* Read file size (4 bytes) */ - uart_receive_bytes(STM_UART_MGMT, (void *) &filesize, 4, 1000); - cli_print(cli, "File size %li, will write it to 0x%lx", filesize, offset); - - HAL_FLASH_Unlock(); - - while (filesize) { - /* By initializing buf to the same value that erased flash has (0xff), we don't - * have to try and be smart when writing the last page of data to the memory. - */ - memset(buf, 0xffffffff, sizeof(buf)); - - if (filesize < n) { - n = filesize; - } - - if (uart_receive_bytes(STM_UART_MGMT, (void *) &buf, n, 1000) != HAL_OK) { - cli_print(cli, "Receive timed out"); - return CLI_ERROR; - } - filesize -= n; - - /* After reception of a chunk but before ACKing we have "all" the time in the world to - * calculate CRC and write it to flash. - */ - my_crc = update_crc(my_crc, (uint8_t *) buf, n); - _write_to_flash(offset, buf, sizeof(buf) / 4); - offset += DFU_UPLOAD_CHUNK_SIZE; - - /* ACK this chunk by sending the current chunk counter (4 bytes) */ - counter++; - uart_send_bytes(STM_UART_MGMT, (void *) &counter, 4); - } +__IO uint32_t *dfu_firmware = &CRYPTECH_FIRMWARE_START; +__IO uint32_t *dfu_firmware_end = &CRYPTECH_FIRMWARE_END; +/* The first word in the firmware is an address to the stack (msp) */ +__IO uint32_t *dfu_msp_ptr = &CRYPTECH_FIRMWARE_START; +/* The second word in the firmware is a pointer to the code + * (points at the Reset_Handler from the linker script). + */ +__IO uint32_t *dfu_code_ptr = &CRYPTECH_FIRMWARE_START + 1; - HAL_FLASH_Lock(); - /* The sending side will now send it's calculated CRC-32 */ - cli_print(cli, "Send CRC-32"); - uart_receive_bytes(STM_UART_MGMT, (void *) &crc, 4, 1000); - cli_print(cli, "CRC-32 %li", crc); - if (crc == my_crc) { - cli_print(cli, "CRC checksum MATCHED"); - } else { - cli_print(cli, "CRC checksum did NOT match"); - } - - return CLI_OK; -} int cmd_dfu_dump(struct cli_def *cli, const char *command, char *argv[], int argc) { - cli_print(cli, "First 256 bytes from DFU application address %p:\r\n", DFU_FIRMWARE_PTR); + cli_print(cli, "First 256 bytes from DFU application address %p:\r\n", dfu_firmware); - uart_send_hexdump(STM_UART_MGMT, (uint8_t *) DFU_FIRMWARE_ADDR, 0, 0xff); + uart_send_hexdump(STM_UART_MGMT, (uint8_t *) dfu_firmware, 0, 0xff); uart_send_string2(STM_UART_MGMT, (char *) "\r\n\r\n"); return CLI_OK; @@ -224,37 +67,18 @@ int cmd_dfu_dump(struct cli_def *cli, const char *command, char *argv[], int arg int cmd_dfu_erase(struct cli_def *cli, const char *command, char *argv[], int argc) { - uint32_t start_sector = _flash_sector_num(DFU_FIRMWARE_ADDR); - uint32_t end_sector = _flash_sector_num(DFU_FIRMWARE_END_ADDR); - uint32_t sector; + int status; - cli_print(cli, "Erasing flash sectors %li to %li (address %p to %p)", - start_sector, end_sector, - (uint32_t *) DFU_FIRMWARE_ADDR, - (uint32_t *) DFU_FIRMWARE_END_ADDR); + cli_print(cli, "Erasing flash sectors %i to %i (address %p to %p) - expect the CLI to crash now", + stm_flash_sector_num((uint32_t) dfu_firmware), + stm_flash_sector_num((uint32_t) dfu_firmware_end), + dfu_firmware, + dfu_firmware_end); - if (start_sector > end_sector) { - cli_print(cli, "ERROR: Bad sectors"); - return CLI_ERROR; + if ((status = stm_flash_erase_sectors((uint32_t) dfu_firmware, (uint32_t) dfu_firmware_end)) != 0) { + cli_print(cli, "Failed erasing flash sectors (%i)", status); } - HAL_FLASH_Unlock(); - - for (sector = start_sector; sector <= end_sector; sector++) { - uint32_t SectorError = 0; - FLASH_EraseInitTypeDef FLASH_EraseInitStruct; - - FLASH_EraseInitStruct.TypeErase = TYPEERASE_SECTORS; - FLASH_EraseInitStruct.Sector = sector; - FLASH_EraseInitStruct.NbSectors = 1; - FLASH_EraseInitStruct.VoltageRange = VOLTAGE_RANGE_3; - - if (HAL_FLASHEx_Erase(&FLASH_EraseInitStruct, &SectorError) != HAL_OK) { - cli_print(cli, "ERROR: Failed erasing sector %li", sector); - } - } - HAL_FLASH_Lock(); - return CLI_OK; } @@ -264,21 +88,23 @@ int cmd_dfu_jump(struct cli_def *cli, const char *command, char *argv[], int arg /* Load first byte from the DFU_FIRMWARE_PTR to verify it contains an IVT before * jumping there. */ - cli_print(cli, "Checking for application at %p", DFU_FIRMWARE_PTR); + cli_print(cli, "Checking for application at %p", dfu_firmware); - //new_msp = (uint32_t) DFU_FIRMWARE_PTR; - i = *dfu_new_msp & 0xFF000000; + i = *dfu_msp_ptr & 0xFF000000; /* 'new_msp' is supposed to be a pointer to the new applications stack, it should * point either at RAM (0x20000000) or at the CCM memory (0x10000000). */ if (i == 0x20000000 || i == 0x10000000) { + /* Set dfu_control to the magic value that will cause the us to jump to the + * firmware from the CLI main() function after rebooting. + */ *dfu_control = HARDWARE_EARLY_DFU_JUMP; cli_print(cli, "Making the leap"); HAL_NVIC_SystemReset(); while (1) { ; } } else { cli_print(cli, "No loaded application found at %p (read 0x%x)", - DFU_FIRMWARE_PTR, (unsigned int) *dfu_new_msp); + dfu_firmware, (unsigned int) *dfu_msp_ptr); } return CLI_OK; @@ -288,8 +114,7 @@ void configure_cli_dfu(struct cli_def *cli) { cli_command_root(dfu); - cli_command_node(dfu, dump, "Show the first 256 bytes of the loaded application"); - cli_command_node(dfu, jump, "Jump to the loaded application"); - cli_command_node(dfu, upload, "Load a new application"); - cli_command_node(dfu, erase, "Erase the application memory"); + cli_command_node(dfu, dump, "Show the first 256 bytes of the loaded firmware"); + cli_command_node(dfu, jump, "Jump to the loaded firmware"); + cli_command_node(dfu, erase, "Erase the firmware memory (will crash the CLI)"); } diff --git a/projects/cli-test/mgmt-dfu.h b/projects/cli-test/mgmt-dfu.h index e1e3932..ac6589c 100644 --- a/projects/cli-test/mgmt-dfu.h +++ b/projects/cli-test/mgmt-dfu.h @@ -38,9 +38,22 @@ #include "stm-init.h" #include -#define DFU_UPLOAD_CHUNK_SIZE 256 +/* symbols defined in the linker script (STM32F429BI.ld) */ +extern uint32_t CRYPTECH_FIRMWARE_START; +extern uint32_t CRYPTECH_FIRMWARE_END; +extern uint32_t CRYPTECH_DFU_CONTROL; + +#define DFU_FIRMWARE_ADDR ((uint32_t) &CRYPTECH_FIRMWARE_START) +#define DFU_FIRMWARE_END_ADDR ((uint32_t) &CRYPTECH_FIRMWARE_END) +#define DFU_UPLOAD_CHUNK_SIZE 256 +#define HARDWARE_EARLY_DFU_JUMP 0xBADABADA + +extern __IO uint32_t *dfu_control; +extern __IO uint32_t *dfu_firmware; +extern __IO uint32_t *dfu_msp_ptr; +extern __IO uint32_t *dfu_code_ptr; + extern void configure_cli_dfu(struct cli_def *cli); -extern void check_early_dfu_jump(void); #endif /* __STM32_CLI_MGMT_DFU_H */ -- cgit v1.2.3