FAQs
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

STM32F103 family branch from my Application to Bootloader in System Memory

andreas
Associate II

‎2016-06-23 05:28 AM

Posted on June 23, 2016 at 14:28

Hello,

I am trying to branch to the STM bootloader from my application, but it doesn't work. I use the STM32F103VFT6 and USART1. If I pull-up the pin BOOT0 and then switch on the power supply, the Flash Loader Demonstrator gets contact to the STM32F103VFT6 with 11520 Baud, 8 data bits, even parity, 1 stop bit.

I checked the hints in AN2606:

- Disable all peripheral clocks

- Disable used PLL

- Disable interrupts

- Clear pending interrupts

- Start address of bootloader: 0x1FFF.E000

And then I want to branch with this C / assembly code:

  SCB->VTOR = 0x1FFFE000;                  // Vector table relocation in system

  __asm (''movw r0, #0xE000'');

  __asm (''movt r0, #0x1FFF'');

  __asm (''ldr  sp, [r0, #0]'');                        // Set main stack pointer of bootloader

  __asm (''movw r0, #0xE004'');

  __asm (''movt r0, #0x1FFF'');

  __asm (''bx   r0'');                                      // Branch to bootloader

That results in hard fault and the debugger finds me in that interrupt handler.

Can you help me to find my mistake? Thanks in advance!
0 Kudos
9 REPLIES 9
Tesla DeLorean
Guru

‎2016-06-23 06:01 AM

Posted on June 23, 2016 at 15:01

It is a *Vector Table* it is a list of Addresses, it does not contain executable code so jumping into it, and at an even address, will cause it to fault. 

...
__asm (''movw r0, #0xE004'');
__asm (''movt r0, #0x1FFF'');
__asm (''ldr r0, [r0, #0]''); // LOAD THE ADDRESS OF RESET HANDLER
__asm (''bx r0''); // Branch to bootloader

Confirm that the ROM is situated there, and what the first two values are, and then confirm those as you step through the transition code. Disabling interrupts might be problematic if the loader doesn't know to turn them back on.
Tips, buy me a coffee, or three.. PayPal Venmo Up vote any posts that you find helpful, it shows what's working..
0 Kudos
andreas
Associate II

‎2016-06-23 07:19 AM

Posted on June 23, 2016 at 16:19

Thanks for your quick reply.

In my application exists a startup file generated from Atollic TrueStudio and there starts the execution after reset with the reset handler at address 0x0800.0000 and remaped also at address 0x0000.0000. The reset handler is filled with program code, e.g. data init or call of system init. Has the bootloader a different startup behaviour?

ROM confirmation is difficult, because I don't never branch to the bootloader. Tomorrow I will go with the disassembler to the start address of the bootloader and take a look at.

I checked the STM32F103VFT6 bootloader ID 0x21 at address 0x1FFF.F7D6 and it is correct, so I think I have the right bootloader start address.

AN2606 page 30 figure 8 shows in the middle ''Disable all interrupt sources'' and then ''System Init'', so I think the bootloader reinitializes all interrupts. Is the ''Global Interrupt Enable'' enabled on startup after reset?

0 Kudos
Tesla DeLorean
Guru

‎2016-06-23 08:33 AM

Posted on June 23, 2016 at 17:33

I don't use Atollic, but I'd bet there is a ''Memory View'' in the debugger which you can set to whatever address you want to see the underlying data at.

The Reset Handler function will NOT be at 0x08000000

Tips, buy me a coffee, or three.. PayPal Venmo Up vote any posts that you find helpful, it shows what's working..
0 Kudos
Tesla DeLorean
Guru

‎2016-06-23 08:40 AM

Posted on June 23, 2016 at 17:40

''Disable all interrupt sources'' != ''Disable interrupts'', the former suggests you teardown everything you have initialized to generate interrupts, the latter suggests you mask interrupts at a CPU/NVIC level. ie __disable_irq() or ''cpsid i''

The System Loader expects to be handed a system in close to reset conditions, and the more it is not like that, the more likely it is to function incorrectly/unexpectedly.

I've covered ways to boot into the System Loader here dozens of times.

Tips, buy me a coffee, or three.. PayPal Venmo Up vote any posts that you find helpful, it shows what's working..
0 Kudos
andreas
Associate II

‎2016-06-24 05:34 AM

Posted on June 24, 2016 at 14:34

You are right. My Reset Handler is also on flash address 0x0800.0 Pictures flash_0x0800.0000 and flash_0x0000.0000 show disassembler windows and appropriate source code. I append you also the used startup file and the linker scipt made by Atollic Truestudio.

Do you agree with me?

________________

Attachments :

flash_0x0000.0000.jpg : https://st--c.eu10.content.force.com/sfc/dist/version/download/?oid=00Db0000000YtG6&ids=0680X000006HzGQ&d=%2Fa%2F0X0000000bLb%2FOdkZYgCT94Eg_VG3HUnjTwwkrrXIT1Ncpg_8ZsqUy94&asPdf=false

flash_0x0800.0000.jpg : https://st--c.eu10.content.force.com/sfc/dist/version/download/?oid=00Db0000000YtG6&ids=0680X000006HzPb&d=%2Fa%2F0X0000000bLZ%2Few3KSPs6TeQstjaL1KZUOujvclLcMrFxAZcHUNH.4Ao&asPdf=false

startup_stm32f10x_xl_ORG.s : https://st--c.eu10.content.force.com/sfc/dist/version/download/?oid=00Db0000000YtG6&ids=0680X000006HzPW&d=%2Fa%2F0X0000000bLa%2FC.VzujxUVWalxsOoJInHNRrCUTXtbbsUxsHcUlIjgXg&asPdf=false

STM32F103VF_FLASH.ld : https://st--c.eu10.content.force.com/sfc/dist/version/download/?oid=00Db0000000YtG6&ids=0680X000006HzDN&d=%2Fa%2F0X0000000bLY%2FvtJljMLMjtt9HR0ZN5.L3BC0KMu4wtf.zncpdj8mktg&asPdf=false
0 Kudos
Tesla DeLorean
Guru

‎2016-06-24 08:05 AM

Posted on June 24, 2016 at 17:05

We are going in circles here, the Vector Table is NOT CODE, you need to dump it as data (32-bit words) not a disassembly.

Please get some Technical Reference Manuals for the Cortex-M3, or books by the likes of Joseph Yiu, and review them. The concept of a Vector Table can be seen in other architectures like the 80x86 and M68K, they are fixed format tables that point at other things.

Tips, buy me a coffee, or three.. PayPal Venmo Up vote any posts that you find helpful, it shows what's working..
0 Kudos
Tesla DeLorean
Guru

‎2016-06-24 08:51 AM

Posted on June 24, 2016 at 17:51

Memory View, here in Keil, but most any tool should be able to do this..

0690X00000604rsQAA.png

Tips, buy me a coffee, or three.. PayPal Venmo Up vote any posts that you find helpful, it shows what's working..
0 Kudos
Jeroen3
Senior

‎2016-12-06 10:45 PM

Posted on December 07, 2016 at 07:45

When I wanted to jump to my bootloader included in my image I had to jump to an UNEVEN address.

((void (*)(void))0x20000131)();

0 Kudos
Tesla DeLorean
Guru
In response to Jeroen3

‎2016-12-07 12:27 AM

Posted on December 07, 2016 at 08:27

The Cortex-Mx series can only execute 16-bit Thumb code, not 32-bit ARM code. The low order bit of the PC indicates the execution of Thumb code, if you jump to an EVEN address the processor will Hard Fault.

Tips, buy me a coffee, or three.. PayPal Venmo Up vote any posts that you find helpful, it shows what's working..
0 Kudos
Top