1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
|
/*
* mgmt-dfu.c
* ---------
* Management CLI Device Firmware Upgrade code.
*
* Copyright (c) 2016, NORDUnet A/S All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are
* met:
* - Redistributions of source code must retain the above copyright notice,
* this list of conditions and the following disclaimer.
*
* - Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* - Neither the name of the NORDUnet nor the names of its contributors may
* be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
* IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
* TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
* PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
* TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
* PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
* LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
* NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
#include "stm-init.h"
#include "mgmt-cli.h"
#include "stm-uart.h"
#include "cmsis_nvic.h"
#include <string.h>
extern uint32_t update_crc(uint32_t crc, uint8_t *buf, int len);
/* symbols defined in the linker script (STM32F429BI.ld) */
extern uint32_t CRYPTECH_FIRMWARE_START;
extern uint32_t CRYPTECH_FIRMWARE_END;
extern uint32_t CRYPTECH_DFU_CONTROL;
#define DFU_FIRMWARE_ADDR ((uint32_t ) &CRYPTECH_FIRMWARE_START)
#define DFU_FIRMWARE_PTR ((__IO uint32_t *) (CRYPTECH_FIRMWARE_START))
#define DFU_FIRMWARE_END_ADDR CRYPTECH_FIRMWARE_END
#define HARDWARE_EARLY_DFU_JUMP 0xBADABADA
#define DFU_UPLOAD_CHUNK_SIZE 256
__IO uint32_t *dfu_control = &CRYPTECH_DFU_CONTROL;
__IO uint32_t *dfu_new_msp = &CRYPTECH_FIRMWARE_START;
__IO uint32_t *dfu_firmware = &CRYPTECH_FIRMWARE_START + 1;
/* Flash sector offsets from RM0090, Table 6. Flash module - 2 Mbyte dual bank organization */
#define FLASH_NUM_SECTORS 24 + 1
uint32_t flash_sector_offsets[FLASH_NUM_SECTORS] = {
/* Bank 1 */
0x08000000, /* #0, 16 KBytes */
0x08004000, /* #1, 16 Kbytes */
0x08008000, /* #2, 16 Kbytes */
0x0800C000, /* #3, 16 Kbytes */
0x08010000, /* #4, 64 Kbytes */
0x08020000, /* #5, 128 Kbytes */
0x08040000, /* #6, 128 Kbytes */
0x08060000, /* #7, 128 Kbytes */
0x08080000, /* #8, 128 Kbytes */
0x080A0000, /* #9, 128 Kbytes */
0x080C0000, /* #10, 128 Kbytes */
0x080E0000, /* #11, 128 Kbytes */
/* Bank 2 */
0x08100000, /* #12, 16 Kbytes */
0x08104000, /* #13, 16 Kbytes */
0x08108000, /* #14, 16 Kbytes */
0x0810C000, /* #15, 16 Kbytes */
0x08110000, /* #16, 64 Kbytes */
0x08120000, /* #17, 128 Kbytes */
0x08140000, /* #18, 128 Kbytes */
0x08160000, /* #19, 128 Kbytes */
0x08180000, /* #20, 128 Kbytes */
0x081A0000, /* #21, 128 Kbytes */
0x081C0000, /* #22, 128 Kbytes */
0x081E0000, /* #23, 128 Kbytes */
0x08200000 /* first address *after* flash */
};
typedef void (*pFunction)(void);
/* This is it's own function to make it more convenient to set a breakpoint at it in gdb */
void do_early_dfu_jump(void)
{
//pFunction loaded_app = (pFunction) *(DFU_FIRMWARE_PTR + 1);
pFunction loaded_app = (pFunction) *dfu_firmware;
*dfu_control = 0;
__set_MSP(*dfu_new_msp);
/* Set the Vector Table Offset Register */
SCB->VTOR = DFU_FIRMWARE_ADDR;
loaded_app();
while (1);
}
/* This function is called from main() before any peripherals are initialized */
void check_early_dfu_jump(void)
{
if (*dfu_control == HARDWARE_EARLY_DFU_JUMP) {
do_early_dfu_jump();
}
}
inline int _flash_sector_num(uint32_t offset)
{
int i = FLASH_NUM_SECTORS - 1;
while (i-- >= 0) {
if (offset >= flash_sector_offsets[i] &&
offset < flash_sector_offsets[i + 1]) {
return i;
}
}
return -1;
}
int _write_to_flash(uint32_t offset, const uint32_t *buf, uint32_t elements)
{
uint32_t sector = _flash_sector_num(offset);
uint32_t SectorError = 0, i, j;
if (offset == flash_sector_offsets[sector]) {
/* Request to write to beginning of a flash sector, erase it first. */
FLASH_EraseInitTypeDef FLASH_EraseInitStruct;
FLASH_EraseInitStruct.TypeErase = TYPEERASE_SECTORS;
FLASH_EraseInitStruct.Sector = sector;
FLASH_EraseInitStruct.NbSectors = 1;
FLASH_EraseInitStruct.VoltageRange = VOLTAGE_RANGE_3;
if (HAL_FLASHEx_Erase(&FLASH_EraseInitStruct, &SectorError) != HAL_OK) {
return -1;
}
}
for (i = 0; i < elements; i++) {
if ((j = HAL_FLASH_Program(FLASH_TYPEPROGRAM_WORD, offset, buf[i])) != HAL_OK) {
return -2;
}
offset += 4;
}
return 1;
}
int cmd_dfu_upload(struct cli_def *cli, const char *command, char *argv[], int argc)
{
uint32_t filesize = 0, crc = 0, my_crc = 0, counter = 0;
uint32_t offset = DFU_FIRMWARE_ADDR, n = DFU_UPLOAD_CHUNK_SIZE;
uint32_t buf[DFU_UPLOAD_CHUNK_SIZE / 4];
cli_print(cli, "OK, write DFU application file size (4 bytes), data in %i byte chunks, CRC-32 (4 bytes)",
DFU_UPLOAD_CHUNK_SIZE);
/* Read file size (4 bytes) */
uart_receive_bytes(STM_UART_MGMT, (void *) &filesize, 4, 1000);
cli_print(cli, "File size %li, will write it to 0x%lx", filesize, offset);
HAL_FLASH_Unlock();
while (filesize) {
/* By initializing buf to the same value that erased flash has (0xff), we don't
* have to try and be smart when writing the last page of data to the memory.
*/
memset(buf, 0xffffffff, sizeof(buf));
if (filesize < n) {
n = filesize;
}
if (uart_receive_bytes(STM_UART_MGMT, (void *) &buf, n, 1000) != HAL_OK) {
cli_print(cli, "Receive timed out");
return CLI_ERROR;
}
filesize -= n;
/* After reception of a chunk but before ACKing we have "all" the time in the world to
* calculate CRC and write it to flash.
*/
my_crc = update_crc(my_crc, (uint8_t *) buf, n);
_write_to_flash(offset, buf, sizeof(buf) / 4);
offset += DFU_UPLOAD_CHUNK_SIZE;
/* ACK this chunk by sending the current chunk counter (4 bytes) */
counter++;
uart_send_bytes(STM_UART_MGMT, (void *) &counter, 4);
}
HAL_FLASH_Lock();
/* The sending side will now send it's calculated CRC-32 */
cli_print(cli, "Send CRC-32");
uart_receive_bytes(STM_UART_MGMT, (void *) &crc, 4, 1000);
cli_print(cli, "CRC-32 %li", crc);
if (crc == my_crc) {
cli_print(cli, "CRC checksum MATCHED");
} else {
cli_print(cli, "CRC checksum did NOT match");
}
return CLI_OK;
}
int cmd_dfu_dump(struct cli_def *cli, const char *command, char *argv[], int argc)
{
cli_print(cli, "First 256 bytes from DFU application address %p:\r\n", DFU_FIRMWARE_PTR);
uart_send_hexdump(STM_UART_MGMT, (uint8_t *) DFU_FIRMWARE_ADDR, 0, 0xff);
uart_send_string2(STM_UART_MGMT, (char *) "\r\n\r\n");
return CLI_OK;
}
int cmd_dfu_erase(struct cli_def *cli, const char *command, char *argv[], int argc)
{
uint32_t start_sector = _flash_sector_num(DFU_FIRMWARE_ADDR);
uint32_t end_sector = _flash_sector_num(DFU_FIRMWARE_END_ADDR);
uint32_t sector;
cli_print(cli, "Erasing flash sectors %li to %li (address %p to %p)",
start_sector, end_sector,
(uint32_t *) DFU_FIRMWARE_ADDR,
(uint32_t *) DFU_FIRMWARE_END_ADDR);
if (start_sector > end_sector) {
cli_print(cli, "ERROR: Bad sectors");
return CLI_ERROR;
}
HAL_FLASH_Unlock();
for (sector = start_sector; sector <= end_sector; sector++) {
uint32_t SectorError = 0;
FLASH_EraseInitTypeDef FLASH_EraseInitStruct;
FLASH_EraseInitStruct.TypeErase = TYPEERASE_SECTORS;
FLASH_EraseInitStruct.Sector = sector;
FLASH_EraseInitStruct.NbSectors = 1;
FLASH_EraseInitStruct.VoltageRange = VOLTAGE_RANGE_3;
if (HAL_FLASHEx_Erase(&FLASH_EraseInitStruct, &SectorError) != HAL_OK) {
cli_print(cli, "ERROR: Failed erasing sector %li", sector);
}
}
HAL_FLASH_Lock();
return CLI_OK;
}
int cmd_dfu_jump(struct cli_def *cli, const char *command, char *argv[], int argc)
{
uint32_t i;
/* Load first byte from the DFU_FIRMWARE_PTR to verify it contains an IVT before
* jumping there.
*/
cli_print(cli, "Checking for application at %p", DFU_FIRMWARE_PTR);
//new_msp = (uint32_t) DFU_FIRMWARE_PTR;
i = *dfu_new_msp & 0xFF000000;
/* 'new_msp' is supposed to be a pointer to the new applications stack, it should
* point either at RAM (0x20000000) or at the CCM memory (0x10000000).
*/
if (i == 0x20000000 || i == 0x10000000) {
*dfu_control = HARDWARE_EARLY_DFU_JUMP;
cli_print(cli, "Making the leap");
HAL_NVIC_SystemReset();
while (1) { ; }
} else {
cli_print(cli, "No loaded application found at %p (read 0x%x)",
DFU_FIRMWARE_PTR, (unsigned int) *dfu_new_msp);
}
return CLI_OK;
}
void configure_cli_dfu(struct cli_def *cli)
{
cli_command_root(dfu);
cli_command_node(dfu, dump, "Show the first 256 bytes of the loaded application");
cli_command_node(dfu, jump, "Jump to the loaded application");
cli_command_node(dfu, upload, "Load a new application");
cli_command_node(dfu, erase, "Erase the application memory");
}
|
