cancel
Showing results for 
Search instead for 
Did you mean: 

Dual Bootloader with FDCAN Firmware Update and CRC Validation on STM32G0B1CCT6

AKG123
Associate II

I am working on a custom dual-boot bootloader for the STM32G0B1CCT6 with the following features:

  • Bootloader located at 0x08000000 (about 20 KB flash).

  • Two application firmware slots:

    • App1 at 0x08005000 (22 KB)

    • App2 at 0x0800A800 (22 KB)

  • On reset, the bootloader checks the CRC of App1 and App2 firmware:

    • If App1 is valid, it jumps to App1.

    • Else if App2 is valid, it jumps to App2.

    • Else it stays in bootloader mode.

  • Firmware updates are sent via FDCAN as .bin files (no special commands, just the binary data).

  • The bootloader receives the firmware, writes it to the free app slot, verifies CRC:

    • If CRC passes, it overwrites the old firmware and jumps to the new app.

    • If CRC fails, it keeps the old firmware and stays in bootloader mode.

  • I want to support multiple firmware updates this way reliably.

I have basic HAL code generated from CubeMX for FDCAN and CRC peripherals.

My questions:

  1. Is my memory layout and CRC validation approach suitable for STM32G0B1CCT6 with 64KB flash?

  2. How can I best implement the FDCAN reception to reliably receive large .bin files chunked over CAN FD?

  3. Are there any reference projects or examples from ST that implement similar dual-bootloader with CRC check and FDCAN update?

  4. Any tips on safely erasing and writing flash while receiving firmware over FDCAN?

  5. How do I store and update CRC metadata securely in flash?

  6. How to properly jump from bootloader to application and manage vector tables?

10 REPLIES 10
Abdul-khalil
Associate II

Problem Statement:

I am developing a custom bootloader for the STM32G0B1CCT6 microcontroller that supports the following functionality:

  1. Dual Boot Mode:

    • The bootloader is programmed via ST-LINK V2.

    • The application firmware is uploaded later via FDCAN in .bin format.

  2. CRC Validation:

    • On every power-up or reset, the bootloader checks the CRC of the existing application firmware.

    • If the firmware is valid (CRC matches), the bootloader jumps to the application.

    • If the firmware is invalid (CRC mismatch or corrupted), the bootloader remains active and does not jump.

  3. Firmware Update via FDCAN:

    • The bootloader receives the new .bin file via FDCAN (without waiting for any specific command/message).

    • After receiving the complete firmware, it calculates the CRC and verifies it.

    • If the new firmware is valid, the bootloader erases the previous one and flashes the new firmware.

    • If the new firmware is invalid, the old firmware remains untouched and continues to run.

  4. Repeatable Process:

    • I should be able to update the firmware multiple times via FDCAN.

    • Each time, CRC is verified before replacing the existing firmware.

Goal:
To ensure reliable firmware updates via FDCAN, with automatic CRC verification and fallback to the previous valid firmware if the update fails or is corrupted.

Saket_Om
ST Employee

Hello @AKG123 

Please refer to the open bootloader example below.

STM32CubeG4/Projects/NUCLEO-G491RE/Applications/OpenBootloader at master · STMicroelectronics/STM32CubeG4 · GitHub

 

To give better visibility on the answered topics, please click on "Accept as Solution" on the reply which solved your issue or answered your question.
Saket_Om

Thank you for the reference.

I did check the example at:
STM32CubeG4/Projects/NUCLEO-G491RE/Applications/OpenBootloader,
but I was not able to fully understand it.

If there is any specific example for FDCAN or CAN-based bootloader (especially for STM32G0 series) available on GitHub or any official ST repo, could you please share the link? That would be very helpful.

Hello @AKG123 

There is a CAN bootloader driver, it can be useful for your application.

stm32-mw-openbl/Modules/CAN/openbl_can_cmd.c at main · STMicroelectronics/stm32-mw-openbl · GitHub

To give better visibility on the answered topics, please click on "Accept as Solution" on the reply which solved your issue or answered your question.
Saket_Om

Thank you for sharing the FD-CAN bootloader driver.

Could you please guide me on how to identify which files from the repository are essential for implementing the FD-CAN bootloader in my project?

I want to make sure I only include the necessary files and avoid any extra code that I might not need.

Also, is there a recommended way to integrate these files step-by-step for someone new to this FD-CAN bootloader implementation?

Thanks in advance for your help!

Hello @Abdul-khalil 

Below you find an example using open bootloader with FDCAN interface driver. 

STM32CubeH7RS/Projects/STM32H7S78-DK/Applications/OpenBootloader at main · STMicroelectronics/STM32CubeH7RS · GitHub

To give better visibility on the answered topics, please click on "Accept as Solution" on the reply which solved your issue or answered your question.
Saket_Om

Hello @Saket_Om 

Thanks for sharing the OpenBootloader example for FDCAN from the STM32CubeH7RS repository.

I have the following questions regarding integrating this into my own project using only the FDCAN interface:

My Requirements:

  1. I only want to use the FDCAN bootloader part (no USB, UART, SPI, etc.).

  2. I’m working on a different MCU (e.g., STM32G0B1CCT6) and I will configure my project using STM32CubeMX.                                                                                                                                                        Questions:

  1. Which exact files from the example project should I copy into my CubeMX-generated project if I only want FDCAN support?

    • For example, from:
      STM32CubeH7RS/Projects/STM32H7S78-DK/Applications/OpenBootloader

  2. Can I remove all other interface files like openbl_uart.c, openbl_usb.c, etc., and only keep FDCAN-related files?

  3. Should I:

    • (A) Start with a clean CubeMX project for my MCU and then copy only required FDCAN bootloader source files,

    • OR

    • (B) Modify the full OpenBootloader example and strip out the unused parts?

  4. Which files are the bootloader core files, and which are the user application files?

Goal

I want to make a minimal, clean bootloader that works only with FDCAN and ValueCAN4 (Vehicle Spy 3) for firmware update.

Please guide me with a recommended file structure or integration steps for my use case.

Thanks! 

Hello @Abdul-khalil 

You can start by CubeMX project and then add file related to Bootloader. You can start by cleaning the bootloader project to determine which files should be copied. 

To give better visibility on the answered topics, please click on "Accept as Solution" on the reply which solved your issue or answered your question.
Saket_Om

Hello @Saket_Om 

Thank you for your response.

I visited the GitHub repository, but I noticed that there are many files spread across different folders, and the FDCAN command files, handler files, and interface files are located in separate directories.

I’m finding it a bit difficult to understand which specific files are required to implement the FD-CAN bootloader in my project.

Could you please just list the exact files I need to copy and use for a basic FD-CAN bootloader setup?

It would be a big help in getting started without confusion.

Thank you