Perferred way to jump from a bootloader in flash to another application image in flash

anonymous.8 · ‎2019-10-08

Processor: stm32h753vi

toolchain: IAR Embedded Workbench 8.4

The project is to port an existing bare-metal boot-loader and application to the stm32h753vi

The current design consists of a boot-loader(64K - 1 sector) and application in flash (128k - 2 sectors). After the boot-loader is finished it executes the application by disabling all the interrupts and simply jumping to the address of the application image's 1st flash sector.

On stm32h753vi:

The boot-loader resides in the boot sector (1) 0x08000000 .. 0x0801ffff

The application resides in sectors 2,3,4 0x08020000 - 0x0807ffff

Both the boot-loader and application are using the ST HAL [STM32Cube_FW_H7_V1.3.0] for clock setup / peripheral management.

For the boot-loader the IAR Embedded Workbench creates a complete executable image with the interrupt vector table starting at 0x08000000, all the IAR relocation / startup before main() code, etc. Then the boot-loader uses ST HAL to setup the hardware the way it needs to, and then does it's job.

For the application the IAR Embedded Workbench creates a complete executable image with the interrupt vector table at 0x080200000, all the IAR relocation /startup before main() code, etc. Then the application code uses the ST HAL to setup(again) the hardware the way it needs to and then does it's job.

My question is what's the preferred / best way to jump from the boot-loader to the application?

It seems like what would be ideal is a software generated reset inside the boot-loader that boots (one time - not permanently) from 0x08020000. That reset would put the hardware back to a known reset state, with all the interrupts disabled, so the application image would start from scratch and use ST HAL to set the hardware up the way it needs to.

I don't want to be changing the option bytes boot address back and forth between the boot-loader / application before performing a reset, if something goes wrong the boot-loader might not boot on next power up.

I see in the data sheet the SYSCFG_UR2 register which looks like a way to set a boot address, but it's not clear to me how this register could be used.

Searching through the entire ST HAL, the only place this register is used is:

HAL_SYSCFG_CM7BootAddConfig() in stm32h7xx_hal.c

However, this routine HAL_SYSCFG_CM7BootAddConfig() is not used anywhere in the ST HAL / ST Cube / Examples, and the function's documentation doesn't explain (to me) how this might be used, just that it sets the register.

This is such a common task - I imagine someone already knows the preferred way of safely transitioning from a boot-loader image executable in flash to an application image executable somewhere else in flash

Thanks in advance for the answer

Tesla DeLorean · ‎2019-10-08

>>After the boot-loader is finished it executes the application by disabling all the interrupts and simply jumping to the address of the application image's 1st flash sector.

You mean you turn off all your interrupting sources, or just disable_irq() ? If the latter, make sure someone owns the other side of that.

>>My question is what's the preferred / best way to jump from the boot-loader to the application?

Have a contract between the two about the hand-off, so for example that the loader is responsible for clocks, external memory interfaces, and the app does not do that all over again? Perhaps you pass peripheral context between the two? Lacking a plan, don't leave everything in a mess, or assume you're being handed a clean system, and code defensively.

Watch for issues with RTOS contexts. Don't transfer control from interrupt context (callbacks).

Tips, Buy me a coffee, or three.. PayPal Venmo
Up vote any posts that you find helpful, it shows what's working..