3181
NXPTM M522XX, KINETIS and i.MX RT / Re: SW uploads to SPI FLASH
« on: August 22, 2007, 04:41:32 PM »
Hi Kremer
The uTasker (Bare-minimum) Boot loader works exactly as yours does. The boot loader itself is entirely useless - it needs to be loaded together with the first application and the application is then responsible for loading the new code to the correct SPI FLASH location in the correct format.
This means that the boot loader is as small as absolutely possible (that is where the "Bare-minimum" comes from since it really only does that what is absolutely necessary to ensure that the function works reliably). However it ensures that it is not possible for a card to be left in an unusable condition - it checks that the new code is really correct (checks a signature and CRC-16) and then deletes the old code. It then copies the new code to its operating position before again checking its contents to ensure that there was no error during the copy. Only then will it delete the backup of the code so that it doesn't try to load it again at the next reset.
This means that it can always recover should there be a crash or power down at any part of the update process.
The uTasker demo project supports upload of the new code via FTP and HTTP Post method. Before the code is posted it is converted using a supplied utility so add a signature and the CRC-16 (this ensures that no malicious code can be uploaded since only the owner of the Boot SW knows the matching signature - configured on a project basis). It can optionally encrypt the code content so that it can be distributed in a form where the machine code can not be read and reverse engineered).
The only thing that can go wrong is if the developer distributes a new application code which then doesn't allow a subsequent update - for example the code is faulty and doesn't run or crashes when uploads are attempted - or in which the upload support has been removed or forgotten... But since this should only happen in a development environment (before a new release is really made) it is easily corrected by loading the correction using BDM.
The second major advantage of being able to upload complete project code is in the fact that all code can be upgraded, including the operating system and the TCP/IP stack. I remember when first starting out with the technique I found a bug which would cause uploads of files from a certain size to fail - I was testing uploads via the Internet and the test device was in another town. By compiling a stripped down project but still with the upload support via HTTP Post I could get the upload size small enough that it avoided the error. The new code had the correction in it so subsequently I could upload the complete project correctly. It did take a bit of time to realsie what was going on and checking the correction in the uTasker simulator before risking it but it was a good feeling to have been able to do a remote correction like that - it always makes me think of the Mars missions where hardware and software errors in the devices on the planet must somehow be overcome (although on a rather more modest scale...).
The next M5223X service pack includes the SPI FLASH based uploader support plus various other stuff is planned for the end of this week.
I couldn't get hold of any m25P40 so have only the AT45DB support at the moment. I didn't look at the difference but if I can get hold of a couple I hope to be able to add them to it for the next time. I wonder whether Freescale has an offering (seeing as it is used to update the code to a Freescale processor...)?
Regards
Mark
The uTasker (Bare-minimum) Boot loader works exactly as yours does. The boot loader itself is entirely useless - it needs to be loaded together with the first application and the application is then responsible for loading the new code to the correct SPI FLASH location in the correct format.
This means that the boot loader is as small as absolutely possible (that is where the "Bare-minimum" comes from since it really only does that what is absolutely necessary to ensure that the function works reliably). However it ensures that it is not possible for a card to be left in an unusable condition - it checks that the new code is really correct (checks a signature and CRC-16) and then deletes the old code. It then copies the new code to its operating position before again checking its contents to ensure that there was no error during the copy. Only then will it delete the backup of the code so that it doesn't try to load it again at the next reset.
This means that it can always recover should there be a crash or power down at any part of the update process.
The uTasker demo project supports upload of the new code via FTP and HTTP Post method. Before the code is posted it is converted using a supplied utility so add a signature and the CRC-16 (this ensures that no malicious code can be uploaded since only the owner of the Boot SW knows the matching signature - configured on a project basis). It can optionally encrypt the code content so that it can be distributed in a form where the machine code can not be read and reverse engineered).
The only thing that can go wrong is if the developer distributes a new application code which then doesn't allow a subsequent update - for example the code is faulty and doesn't run or crashes when uploads are attempted - or in which the upload support has been removed or forgotten... But since this should only happen in a development environment (before a new release is really made) it is easily corrected by loading the correction using BDM.
The second major advantage of being able to upload complete project code is in the fact that all code can be upgraded, including the operating system and the TCP/IP stack. I remember when first starting out with the technique I found a bug which would cause uploads of files from a certain size to fail - I was testing uploads via the Internet and the test device was in another town. By compiling a stripped down project but still with the upload support via HTTP Post I could get the upload size small enough that it avoided the error. The new code had the correction in it so subsequently I could upload the complete project correctly. It did take a bit of time to realsie what was going on and checking the correction in the uTasker simulator before risking it but it was a good feeling to have been able to do a remote correction like that - it always makes me think of the Mars missions where hardware and software errors in the devices on the planet must somehow be overcome (although on a rather more modest scale...).
The next M5223X service pack includes the SPI FLASH based uploader support plus various other stuff is planned for the end of this week.
I couldn't get hold of any m25P40 so have only the AT45DB support at the moment. I didn't look at the difference but if I can get hold of a couple I hope to be able to add them to it for the next time. I wonder whether Freescale has an offering (seeing as it is used to update the code to a Freescale processor...)?
Regards
Mark