TM October 2013 • Boot Loader −A program that is executed upon initial power-up that typically involves a power-on self-test, locating and initializing peripheral devices, and then loading and starting an operating system. • Bootloader −A program that is used to facilitate updating a target device’s application program without the use of any special or additional hardware connection. − Typical functions include: Serial communications with a host via UART, USB, Ethernet, CAN, SPI, I2C, etc. Erasing, programming and verifying non-volatile memory (i.e., Flash). TM 2 • Upgrading a device’s application software after it has been shipped – i.e., field upgrade − Bug fixes − Feature • enhancement The Internet of Things − As more devices be come more connected, there is a growing need to be able to perform application software repair and/or enhancement. TM 3 • There are many different types and styles of Bootloaders. In addition to the variety of serial communication resources, there are diverse expectations regarding the Bootloader functional capabilities. Multiple Image Management Image Verification Checksum/CRC Erase and Reprogram UART or USB or Ethernet or CAN or SPI or I2C TM 4 Primarily via application notes, such as: − AN2295 : Developer's Serial Bootloader for M68HC08, HCS08, ColdFire, and Kinetis MCUs − AN4367 : Ethernet Bootloader for MCU − AN4368 : USB Mass Storage Device Host Bootloader − AN4370 : USB Device Firmware Update Bootloader for MCUs − AN4379 : Freescale USB Mass Storage Device Bootloader − AN4605 : Secure Bootloader Implementation TM 5 • A truly “Universal” Bootloader isn’t very practical. − There are simply too many options to consider. − Supporting all permutations would result in a Bootloader footprint that would very likely be too large to be usable. • But a “Unified” Bootloader is considerably more viable. − Target a specific MCU family and support the on-chip serial communication resources. − Provide • a “reasonable” list of commands and capabilities. The designer of a Bootloader must have intimate knowledge of the target MCU’s architecture, including Flash programming algorithms. TM 6 0x0000_0000 Vector Table VTOR Vector Table Offset Register 31 7 TBLOFF 6 0 0 0 • Upon Power-On Reset, VTOR = 0x0000_0000 (i.e., TBLOFF = 0) • Using VTOR, the Vector Table can be relocated to any 128-byte boundary address Power-On Reset 8k to 256k bytes Flash VTOR + 0x00 VTOR + 0x04 ••• 0x0000_0000 Initial Stack Pointer 0x0000_0004 Initial Program Counter ••• ••• • The Flash memory Erase Sector size is 1k bytes: 0x0000_0000 Flash Configuration Field Vector Table 0x0000_0400 0x0000_0401 0x0000_0402 0x0000_0403 0x0000_0404 0x0000_0405 0x0000_0406 0x0000_0407 0x0000_0408 0x0000_0409 0x0000_040A 0x0000_040B 0x0000_040C 0x0000_040D 0x0000_040E 0x0000_040F 0x0000_0400 0x0000_0800 0x0000_0C00 0x0000_1000 0x0000_1400 0x0000_1800 0x0000_1C00 TM 7 Backdoor Comparison Key Program Flash Protection Bytes Flash Security Byte (FSEC) Flash Nonvolatile Option Byte (FOPT) reserved reserved 0 0 0 0 0 0x0000_0000 1k bytes 0x0000_0400 Vector Table Bootloader Config VTOR Program Flash Protection Registers 31 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 0 10 Bootloader Flash Configuration Field 0x0000_040B FPROT0 8k to 256k bytes Flash Application Code 0x0000_040A FPROT1 0x0000_0409 FPROT2 0x0000_0408 FPROT3 0 Program Flash region is protected 1 Program Flash region is not protected (default erased value) 0x0000_0000 Program Flash Size ÷ 32 Program Flash Size ÷ 32 Program Flash Size ÷ 32 Program Flash Size ÷ 32 ••• Last Program Flash Address FPROT3[0] FPROT3[1] FPROT3[2] FPROT3[3] ••• Program Flash Size ÷ 32 Program Flash Size ÷ 32 Program Flash Size ÷ 32 Program Flash Size ÷ 32 FPROT0[4] FPROT0[5] FPROT0[6] FPROT0[7] • 8k Flash • 16k Flash • 32k Flash • 64k Flash • 128k Flash • 256k Flash : : : : : : 1k per region (FPROT3 only) 1k per region (FPROT3 & FPROT2 only) 1k per region 2k per region 4k per region 8k per region • Smallest Protection Region Size is equal to the Erase Sector Size (i.e., 1k bytes) The Reset Vector must be Protected from accidental erasure The Flash Configuration Field must be Protected from accidental erasure The Bootloader must be Protected from accidental erasure TM 8 0x0000_0000 Power-On Reset Vector Table Bootloader Config Bootloader VTOR Power-On Reset Protected Vector Table 8k to 256k bytes Flash Application Initialize Bootloader Application Reset Valid Application Program ? Code Y Modify VTOR N Execute Bootloader Execute Application The Reset Vector must be Protected from accidental erasure The Flash Configuration Field must be Protected from accidental erasure The Bootloader must be Protected from accidental erasure TM 9 0x0000_0000 Power-On Reset Vector Table Bootloader Config VTOR Power-On Reset Protected Vector Table 8k to 256k bytes Flash Application Initialize Bootloader Application Reset Valid Application Program ? Code Y Modify VTOR N Execute Bootloader Execute Application Bootloader The Reset Vector must be Protected from accidental erasure The Flash Configuration Field must be Protected from accidental erasure The Bootloader must be Protected from accidental erasure TM 10 • Common Bootloader for all Kinetis devices • Will be placed into ROM on new Kinetis MCUs • Can reside in Flash • Will be available as source code for possible customization − Licensed • with the BSD three clause license Standard set of peripherals − UART − USB with autobaud device HID class − I2C slave − SPI slave TM One Unified Bootloader for all the Kinetis Cortex M0+, M4 Families! 11 ROM • Present in upcoming Kinetis parts • Bootable via external pin or flash options • • Configurable via parameters in flash Callable by customer application TM Flashloader • • • Factory programmed into Kinetis devices without ROM Intended for manufacturing Copies itself to RAM and programs entire flash array 12 Bootloader • Flash resident, alongside customer application • Intended for field updates • Callable by customer application • blhost command line tool − Sends individual bootloader commands − Supports all standard peripherals • Example GUI firmware updater application • Supported operating systems − Windows − Mac (Planned) − Linux (Planned) TM 13 ./BLHOST TM 14 • Uses command-based protocol − Common commands for all MCUs • Common command protocol for all peripherals • UART, I2C, SPI wrapped in framing protocol − Provides • flow control and error detection for all ACK, NAK (retry), CRC16 USB HID custom reports − Hardware provides flow control and error detection TM 15 • Flash erase all • Flash erase region • Read memory** • • Write memory • • Fill memory** • • Flash security disable • − Uses • • Execute Call Reset ReceiveSBFile** GetProperty SetProperty** backdoor key Memory commands work on flash, RAM, and peripheral registers** Memory is not readable if flash security is enabled. Certain SB Commands will support security on the Kinetis K (Cortex M4) **Reserved for larger configurations of the bootloader TM 16 • Encapsulated programming image format (K-Series) will support Encryption AES 128k • Contains all commands required to program a customer application • Downloadable to bootloader with a single command • Generated with open-source elftosb tool − Supports • ELF, S19, binary, etc input files Format supports security features like encryption (for future devices) TM 17 − Application − Enabled − Clock − I2C image CRC start, count, expected value peripherals bit mask high speed flag and dividers slave address − USB VID/PID and pointer to USB strings − Active peripheral detection timeout (jump to application) TM 18 TM