FAQs
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Hard Fault jumping to System Memory

Omar Suárez
Senior

‎2017-09-22 10:42 AM

Posted on September 22, 2017 at 19:42

Hi,

I am testing some code in a STM32F446 to jump to the system memory from my firmware. I am using this code:

void JumpToBootloader(void){

    void(*SysMemBootJump)(void);

    volatile uint32_t addr = 0x1FFF76DE;

    

    /**

    * Step: disable RCC, set it to default (after reset) settings

    *             Internal clock, no PLL, etc.

    */

    HAL_RCC_DeInit();

 

    /**

    * Step: disable systick timer and reset it to default values

    */

    SysTick->CTRL = 0;

    SysTick->LOAD = 0;

    SysTick->VAL = 0;

   

    __disable_irq();   

    /**

    * Step: Remap system memory address 0x0000 0000 in addres space

    */

    __HAL_SYSCFG_REMAPMEMORY_SYSTEMFLASH();

    

    /**

    * Step: Set jump memory location for system memory

    *                Use address with 4 bytes offset which specifies jump location

    *             where program starts.

    */

    SysMemBootJump = (void(*)(void)) (*((uint32_t *)(addr + 4)));

    

    /** Step: Set main stack pointer  **/

    __set_MSP(*(uint32_t*)addr);   

    /**

    * Step: actually call our function to jump to set location

    *             This will start system memory execution

    */

    SysMemBootJump();

}

The fact is that when the MCU boots it goes to a Hard Fault from SysMemBootJump() instruction.

I am wondering whether I should configure the memory using the MPU to jump there.

The address used by the bootloader is from the AN.

Anyone could give me a clue about what is wrong with my code?

Thanks in advanced,

Omar

#hard-fault #system-memory #bootloader
Labels:
0 Kudos
8 REPLIES 8
Tesla DeLorean
Guru

‎2017-09-22 11:08 AM

Posted on September 22, 2017 at 20:08

>>Anyone could give me a clue about what is wrong with my code?

You are using a non-sense address.

What is at 0x1FFF76DE? The address of the function you want to call? A vector table?

Tips, buy me a coffee, or three.. PayPal Venmo Up vote any posts that you find helpful, it shows what's working..
0 Kudos
Omar Suárez
Senior
In response to Tesla DeLorean

‎2017-09-22 01:39 PM

Posted on September 22, 2017 at 20:39

Hi Clive,

you were totally right, the address I was using was the one containing the bootloader ID. The system memory begins in the 0x1FFF0000 address.

Now it doesn't throw the Hard Fault error.

But I am not sure I am entering the systme memory because the Flahs Loader application can't connect using the USART3.

How can I sure I am accessing the system memory correctly?

Thanks for your help!

Omar

0 Kudos
Tesla DeLorean
Guru
In response to Omar Suárez

‎2017-09-22 01:43 PM

Posted on September 22, 2017 at 20:43

>>How can I sure I am accessing the system memory correctly?

With a half descent debugger you can step into it.

I've generally advised that you jump into it with near reset conditions, and that you map the ROM into the zero address space, as it would be if BOOT0 = High.

Does USART3 work if you strap BOOT0=High and reset?

Tips, buy me a coffee, or three.. PayPal Venmo Up vote any posts that you find helpful, it shows what's working..
0 Kudos
Omar Suárez
Senior
In response to Tesla DeLorean

‎2017-09-22 02:57 PM

Posted on September 22, 2017 at 21:57

I put the BOOT0 to high level, but I am still not able to connect to the bootloader using the Flash Loader.

The message is 'No response from the target'.

The parametes I am using are 115200 bauds, 8 bits, even parity, no flow control. I have tried also using 9600 bauds with the same result.

SO I guess that the USART3 is then not working even with BOOT0=high.

0 Kudos
Tesla DeLorean
Guru
In response to Omar Suárez

‎2017-09-22 03:51 PM

Posted on September 22, 2017 at 22:51

PB10/11 or PC10/11?

The System loader is going to be very sensitive to signals on any of the input pins it is monitoring.

Have you tried sending the 0x7F pattern from a terminal, and checked out the loader manually?

Tips, buy me a coffee, or three.. PayPal Venmo Up vote any posts that you find helpful, it shows what's working..
0 Kudos
Omar Suárez
Senior
In response to Tesla DeLorean

‎2017-09-24 11:55 AM

Posted on September 24, 2017 at 18:55

I am using PC10/11.

I was making some tests sending the 0x7F pattern, but I am experimenting now some Bus Faults:

   + IBUSERR

   + STKERR

The code is the the same as above with the right address (0x1FFF0000). At first I was able to initialize the code without no error but now I don't understand why Keil is throwing me this error.

Anyway, how could I check the loader manually once I send the pattern?

Thanks a lot Clive,

Omar

0 Kudos
Tesla DeLorean
Guru
In response to Omar Suárez

‎2017-09-24 01:45 PM

Posted on September 24, 2017 at 20:45

The protocol manual describes the command bytes sent to the loader, like getting the version number, or supported commands.

Seem to recall pairs of bytes like 0x00,0xFF and 0x01,0xFE, don't have my notes in front of me right now.

Tips, buy me a coffee, or three.. PayPal Venmo Up vote any posts that you find helpful, it shows what's working..
0 Kudos
Omar Suárez
Senior
In response to Tesla DeLorean

‎2017-09-24 04:26 PM

Posted on September 24, 2017 at 23:26

I found the AN3155 with the USART bootloader code sequence. So there I can find the bytes that I need to send to test the bootloader manually. Perfect!

The problem I have now is the code for jump itself, because is throwing the Bus Fault error even when the same code seemed to work at first.

What could be the problem? Maybe the configuration of the MPU?

0 Kudos
Top