FAQs
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Jump to bootloader and Read out protection conflict

yury
Associate II

‎2017-06-22 07:01 PM

Posted on June 23, 2017 at 04:01

Hi everyone!

I'm using STM32F105 MCU , and I'd like to explore built-in DFU feature

When I set BOOT0/BOOT1 pins per datasheet and reboot the MCU, the feature always works ok no matter how read out protection is set in option bits

However, jump from application works only if read out protection is off

The jump code disables all IRQ sources used in my application, clears pending interrupts, sets stack top and jumps to system memory per AN2606

&sharpdefine _DFU_START (0x1FFFB000)

static void (*_p_ldr)(void);

NVIC_DisableIRQ(TIM2_IRQn);

NVIC_DisableIRQ(TIM3_IRQn);

NVIC_DisableIRQ(TIM4_IRQn);

NVIC_DisableIRQ(DMA1_Channel1_IRQn);

NVIC_ClearPendingIRQ(TIM2_IRQn);

NVIC_ClearPendingIRQ(TIM3_IRQn);

NVIC_ClearPendingIRQ(TIM4_IRQn);

NVIC_ClearPendingIRQ(DMA1_Channel1_IRQn);

HAL_RCC_DeInit();

HAL_DeInit();

_p_ldr = ( void(*)(void)) (*((uint32_t *)(_DFU_START+4)));

__set_MSP(*(__IO uint32_t*) _DFU_START);

_p_ldr();

What may cause the problem?

#dfu #bootloader #stm32 #read-out-protection
Labels:
0 Kudos
5 REPLIES 5
Tesla DeLorean
Guru

‎2017-06-22 07:11 PM

Posted on June 23, 2017 at 04:11

I've generally advocated the use of NVIC_SystemReset() and a ma gic number in RAM so ResetHandler can quickly vector to the ROM in near reset conditions.

Check things like SysTick

Try setting SCB->VTOR to _DFU_START

Double check ROM address, not aware of ROP on FLASH precluding the reading or execution of ROM code. Should be able to read things like options bytes and unique serial, etc. The ROM is aware of ROP, and limits subset of feature available, I suppose that could be an issue.

Tips, Buy me a coffee, or three.. PayPal Venmo
Up vote any posts that you find helpful, it shows what's working..
0 Kudos
Uwe Bonnes
Principal II

‎2017-06-23 03:41 AM

Posted on June 23, 2017 at 12:41

It is a pity that only F04 and F07 have a 'Jump to Bootloader from application code' entry point!

0 Kudos
yury
Associate II
In response to Tesla DeLorean

‎2017-06-23 05:30 AM

Posted on June 23, 2017 at 12:30

Thank you for your quick reply

Correct me if I'm wrong but the RAM location would contain random value upon normal startup, so there's very small yet finite probability of unintended branching to DFU, isn't ?

ROM address is just start of system memory like described in device datasheet and AN2606

What exactly should I do about SysTick and how can it be related to ROP? (keeping in mind that DFU works ok when activated by boot pins. Even if ROP is on).

0 Kudos
yury
Associate II
In response to Uwe Bonnes

‎2017-06-23 05:50 AM

Posted on June 23, 2017 at 12:50

Despite of that, jumping to start of system memory worked ok for me with STM32F042 devices, without the problem described in the starting post

0 Kudos
Uwe Bonnes
Principal II
In response to yury

‎2017-06-23 06:40 AM

Posted on June 23, 2017 at 13:40

Either you care to reset many settings, or a bare jump to bootloader will not work reliable in some situations. So caring for the right setup is best done in the bootloader!

0 Kudos
Top