Bootloader

  • Pick an address (for now)
    • In the future, I should probably store this somewhere that can be re-flashed

Memory map

AddressPage IDXNotes
Application range
0x0800_00000NOTE: Reset vector MUST point to 0x0800_C000, MSP must be... ? No Flip Link?
0x0800_08001
0x0800_10002
0x0800_18003
0x0800_20004
0x0800_28005
0x0800_30006
0x0800_38007
0x0800_40008
0x0800_48009
0x0800_500010
0x0800_580011
0x0800_600012
0x0800_680013
0x0800_700014
0x0800_780015
0x0800_800016
0x0800_880017
0x0800_900018
0x0800_980019
0x0800_A00020
0x0800_A80021
0x0800_B00022
0x0800_B80023Last App Page
Bootloader range
0x0800_C00024
0x0800_C80025
0x0800_D00026
0x0800_D80027
0x0800_E00028TODO: Move Bootloader Here?
0x0800_E80029
0x0800_F00030
0x0800_F80031Settings Page

Settings Page

  • I2C address?
    • App
    • Bootloader
  • Listen to pin(s) for bootload?
  • Listen to pin(s) for I2C addr?
  • Checksum

Do I want a separate command for changing settings? Or just allow it like any other subpage write?

Do sanity checks on settings?

Procedure

  1. Bootloader boots
    • Disable all interrupts
  2. Is button held?
    • Y: GOTO 5
    • N: Continue
  3. Is bootload RAM flag set + magic word valid?
    • Y: GOTO 5
    • N: Continue
  4. Boot app at 0x0000_0000
  5. Bootload.
    • LED blink?
  6. Listen to I2C
    • Write transactions:
      • 0x40 - Start bootload
        • 4 bytes - total checksum (later crc32)
        • 1 byte - total subpages to write
          • NOTE: must be less than 23 * 8 for now
      • 0x41 - write page command
        • Must have set 0x40 already
        • Always 1 + 1 + 256 + 4 bytes
          • 1: 0x41
          • 1: Page/Subpage
            • 0bPPPPP_SSS (32 pages, 8 sub-pages)
            • 0bPPPPP must be <= 23
          • 256: subpage contents
          • 4 byte: For now: 32-bit checksum. Later, CRC32 or Poly1305?
        • On writes to subpage zero: erase page
        • Stretch write ack until checksum + erase + write?
          • I can't use the flash while erasing (or writing?) anyway
        • On writes to 0:0: make sure the reset vector is 0x0800_C000
          • Make sure MSP is maxval?
          • 0:0 must be the last thing written
      • 0x42 - reboot to new image
      • 0x43 - abort bootload
        • No data
      • 0x44 - Offer image downstream
        • Only after finishing 0x40 transaction
    • Read transactions
      • wr-then-rd 0x10 + 16 bytes => b'sprocket boot!!!'
      • wr-then-rd 0x11 + 4 bytes => maj.min.triv.reserved
      • wr-then-rd [0x21, P:S] + 260 bytes => Read subpage
      • wr-then-rd 0x22 + 1 byte => status
      • wr-then-rd 0x23 + 4 bytes => children flashed

Status

Represent:

  • Is bootload (of me): idle, active, complete, error (2-bit)
  • Does my app look reasonable? yes/no (1-bit)
  • Is bootload (of chain): invalid, idle, active (next), active (downstream), complete

TODO: On (critical?) error?

  • Finish current transaction
  • Disable I2C (auto-naks)
  • reboot
  • Probably not for checksum errors, unless a lot

Compile time to-do for bootloader

  • Change memory range
  • Disable interrupts
  • Ensure Reset is at base of flash (add linker assert?)