freescale powerpoint template · devices, and then loading and starting an operating system....
TRANSCRIPT
TM
October 2013
2 TM
• Boot Loader
− A program that is executed upon initial power-up that typically
involves a power-on self-test, locating and initializing peripheral
devices, and then loading and starting an operating system.
• Bootloader
− A program that is used to facilitate updating a target device’s
application program without the use of any special or additional
hardware connection.
− Typical functions include:
Serial communications with a host via UART, USB, Ethernet, CAN, SPI,
I2C, etc.
Erasing, programming and verifying non-volatile memory (i.e., Flash).
3 TM
• Upgrading a device’s application software after it has been
shipped – i.e., field upgrade
− Bug fixes
− Feature enhancement
• The Internet of Things
− As more devices be come more connected, there is a growing need
to be able to perform application software repair and/or
enhancement.
4 TM
• There are many different types and styles of Bootloaders. In
addition to the variety of serial communication resources, there
are diverse expectations regarding the Bootloader functional
capabilities.
Erase and Reprogram
Multiple Image Management
Image Verification
Checksum/CRC
UART or USB or Ethernet or CAN or SPI or I2C
5 TM
Primarily via application notes, such as:
− AN2295 : Developer's Serial Bootloader for M68HC08, HCS08,
ColdFire, and Kinetis MCUs
− AN4367 : Ethernet Bootloader for MCU
− AN4368 : USB Mass Storage Device Host Bootloader
− AN4370 : USB Device Firmware Update Bootloader for MCUs
− AN4379 : Freescale USB Mass Storage Device Bootloader
− AN4605 : Secure Bootloader Implementation
6 TM
• A truly “Universal” Bootloader isn’t very practical.
− There are simply too many options to consider.
− Supporting all permutations would result in a Bootloader footprint
that would very likely be too large to be usable.
• But a “Unified” Bootloader is considerably more viable.
− Target a specific MCU family and support the on-chip serial
communication resources.
− Provide a “reasonable” list of commands and capabilities.
• The designer of a Bootloader must have intimate knowledge of the
target MCU’s architecture, including Flash programming algorithms.
7 TM
0x0000_0000
0x0000_0400
0x0000_0800
0x0000_0C00
0x0000_1000
0x0000_1400
0x0000_1800
0x0000_1C00
8k to 256k
bytes
Flash
0x0000_0000 VTOR Vector Table Offset Register
• Upon Power-On Reset, VTOR = 0x0000_0000 (i.e., TBLOFF = 0) • Using VTOR, the Vector Table can be relocated to any 128-byte boundary address
TBLOFF
31 0 7 6
0 0 0 0 0 0 0
• The Flash memory Erase Sector size is 1k bytes:
0x0000_0400
0x0000_0401
0x0000_0402
0x0000_0403
0x0000_0404
0x0000_0405
0x0000_0406
0x0000_0407
0x0000_0408
0x0000_0409
0x0000_040A
0x0000_040B
0x0000_040C
0x0000_040D
0x0000_040E
0x0000_040F
Backdoor Comparison Key
Program Flash Protection Bytes
Flash Security Byte (FSEC)
Flash Nonvolatile Option Byte (FOPT)
reserved
reserved
Vector Table
••• •••
0x0000_0000
0x0000_0004
Initial Stack Pointer
Initial Program Counter
•••
VTOR + 0x00
VTOR + 0x04
Flash Configuration Field Vector Table
Power-On Reset
8 TM
8k to 256k
bytes
Flash
Vector Table 0x0000_0000
Bootloader
Application
Code
VTOR
Bootloader Config
Program Flash Protection Registers 31 0
1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1
0x0000_040B FPROT0 0x0000_040A FPROT1 0x0000_0409 FPROT2 0x0000_0408 FPROT3
0 Program Flash region is protected 1 Program Flash region is not protected (default erased value)
0x0000_0000 Program Flash Size ÷ 32
Program Flash Size ÷ 32
Program Flash Size ÷ 32
Program Flash Size ÷ 32
Program Flash Size ÷ 32
Program Flash Size ÷ 32
Program Flash Size ÷ 32
Program Flash Size ÷ 32
•••
FPROT3[0]
FPROT3[1]
FPROT3[2]
FPROT3[3]
FPROT0[4]
FPROT0[5]
FPROT0[6]
FPROT0[7]
•••
Last Program Flash Address
• Smallest Protection Region Size is equal to the Erase Sector Size (i.e., 1k bytes)
0x0000_0400 1k bytes
0
• 8k Flash : 1k per region (FPROT3 only) • 16k Flash : 1k per region (FPROT3 & FPROT2 only) • 32k Flash : 1k per region • 64k Flash : 2k per region • 128k Flash : 4k per region • 256k Flash : 8k per region
Flash Configuration Field
The Reset Vector must be Protected from accidental erasure The Flash Configuration Field must be Protected from accidental erasure
The Bootloader must be Protected from accidental erasure
9 TM
8k to 256k
bytes
Flash
0x0000_0000
Bootloader
Application
Code
Power-On Reset
Vector Table
Vector Table Initialize Bootloader
Valid Application Program ?
Modify VTOR
Execute Bootloader
Power-On Reset Bootloader Config
Application Reset
Protected
VTOR
The Reset Vector must be Protected from accidental erasure The Flash Configuration Field must be Protected from accidental erasure
The Bootloader must be Protected from accidental erasure
Execute Application
N
Y
10 TM
0x0000_0000
Power-On Reset
Initialize Bootloader
Valid Application Program ?
Modify VTOR
Execute Bootloader
Power-On Reset
Application Reset
VTOR
The Reset Vector must be Protected from accidental erasure The Flash Configuration Field must be Protected from accidental erasure
The Bootloader must be Protected from accidental erasure
Execute Application
N
Y
8k to 256k
bytes
Flash Application
Code
Vector Table
Vector Table
Bootloader Config
Bootloader
Protected
11 TM
• Common Bootloader for all Kinetis devices
• Will be placed into ROM on new Kinetis MCUs
• Can reside in Flash
• Will be available as source code for possible customization
− Licensed with the BSD three clause license
• Standard set of peripherals
− UART with autobaud
− USB device HID class
− I2C slave
− SPI slave
One Unified Bootloader
for all the Kinetis
Cortex M0+, M4 Families!
TM 12
• Present in upcoming
Kinetis parts
• Bootable via
external pin or flash
options
• Configurable via
parameters in flash
• Callable by
customer application
• Factory
programmed into
Kinetis devices
without ROM
• Intended for
manufacturing
• Copies itself to RAM
and programs entire
flash array
ROM Flashloader
• Flash resident,
alongside customer
application
• Intended for field
updates
• Callable by
customer application
Bootloader
13 TM
• blhost command line tool
− Sends individual bootloader commands
− Supports all standard peripherals
• Example GUI firmware updater application
• Supported operating systems
− Windows
− Mac (Planned)
− Linux (Planned)
14 TM
./BLHOST
15 TM
• Uses command-based protocol
− Common commands for all MCUs
• Common command protocol for all peripherals
• UART, I2C, SPI wrapped in framing protocol
− Provides flow control and error detection for all
ACK, NAK (retry), CRC16
• USB HID custom reports
− Hardware provides flow control and error detection
16 TM
• Flash erase all
• Flash erase region
• Read memory**
• Write memory
• Fill memory**
• Flash security disable
− Uses backdoor key
• Execute
• Call
• Reset
• ReceiveSBFile**
• GetProperty
• SetProperty**
Memory commands work on flash, RAM, and peripheral registers**
Memory is not readable if flash security is enabled.
Certain SB Commands will support security on the Kinetis K (Cortex M4)
**Reserved for larger configurations of the bootloader
17 TM
• Encapsulated programming image format (K-Series) will
support Encryption AES 128k
• Contains all commands required to program a customer
application
• Downloadable to bootloader with a single command
• Generated with open-source elftosb tool
− Supports ELF, S19, binary, etc input files
• Format supports security features like encryption (for future
devices)
18 TM
− Application image CRC start, count, expected value
− Enabled peripherals bit mask
− Clock high speed flag and dividers
− I2C slave address
− USB VID/PID and pointer to USB strings
− Active peripheral detection timeout (jump to application)
TM