STM32F407 custom bootloader problem

giovani · ‎2016-06-14

Posted on June 14, 2016 at 14:38

Hello!

I am working in a project that I want to use a custom bootloader for firmware update of stm32f407, I had developed for stm32f107 and all works fine, but for STM32F407 I getting some problems.

Below I posted the source code of the bootloader, debugging this code when execute this line ''if (((*(__IO uint32_t*)ApplicationAddress) & 0x2FFE0000 ) == 0x20000000) '' always return 0, I don't know why this occur because in application firmware I defined ''&sharpdefine VECT_TAB_OFFSET 0x8000'' all looks correct but never enter if condition and execute Jump_To_Application.

On Flash address (0x80E0000) is located the firmware for update the firmware on address (0x8008000).

Bootloader.c

&sharpdefine ApplicationAddress (0x8008000)

&sharpdefine ApplicationAddress_Firmware (0x80E0000)

typedef void (*pFunction)(void);

uint32_t JumpAddress;

pFunction Jump_To_Application;

/*----------------------------------------------------------------------------

Main Thread 'main': Run Network

*---------------------------------------------------------------------------*/

int main (void) {

uint8_t* App_ptr;

SystemClock_Config();//initialize clocks

BKP_Init();

if (HAL_RTCEx_BKUPRead(&hrtc, RTC_BKP_DR6) == 0xA5A5){

if (((*(__IO uint32_t*)ApplicationAddress_Firmware) & 0x2FFE0000 ) == 0x20000000)

{

/* Jump to user application */

JumpAddress = *(__IO uint32_t*) (ApplicationAddress_Firmware + 4);

Jump_To_Application = (pFunction) JumpAddress;

App_ptr = (uint8_t*)Jump_To_Application;

if( (*App_ptr != 0xFF) && (App_ptr) )

{

/* Initialise user application's Stack Pointer */

__set_MSP(*(__IO uint32_t*) ApplicationAddress_Firmware);

Jump_To_Application();

}

}else{

if (((*(__IO uint32_t*)ApplicationAddress) & 0x2FFE0000 ) == 0x20000000)

{

/* Jump to user application */

JumpAddress = *(__IO uint32_t*) (ApplicationAddress + 4);

Jump_To_Application = (pFunction) JumpAddress;

App_ptr = (uint8_t*)Jump_To_Application;

if( (*App_ptr != 0xFF) && (App_ptr) )

{

/* Initialise user application's Stack Pointer */

__set_MSP(*(__IO uint32_t*) ApplicationAddress);

Jump_To_Application();

}

Another think is the Scatter file looks good.

Bootloader Scatter File

; *************************************************************

; *** Scatter-Loading Description File generated by uVision ***

; *************************************************************

LR_IROM1 0x08000000 0x00007FFF { ; load region size_region

ER_IROM1 0x08000000 0x00007FFF { ; load address = execution address

*.o (RESET, +First)

*(InRoot$$Sections)

.ANY (+RO)

}

RW_IRAM1 0x20000000 0x00020000 { ; RW data

.ANY (+RW +ZI)

}

RW_IRAM2 0x10000000 UNINIT 0x00010000 {

.ANY (+RW +ZI)

}

Application Scatter File

; *************************************************************

; *** Scatter-Loading Description File ***

; *************************************************************

LR_IROM1 0x08008000 0x000D7FFF { ; load region size_region

ER_IROM1 0x08008000 0x000D7FFF { ; load address = execution address

*.o (RESET, +First)

*(InRoot$$Sections)

.ANY (+RO)

}

RW_IRAM1 0x20000000 0x00020000 { ; RW data

.ANY (+RW +ZI)

}

RW_IRAM2 0x10000000 UNINIT 0x00010000 {

.ANY (+RW +ZI)

}

Thanks,

Giovani

#stm32-stm32f4-bootloader

Tesla DeLorean · ‎2016-06-14

Posted on June 14, 2016 at 15:43

It is a crude check to confirm the *STACK* is in RAM, it is unrelated to the base of the vector table is in memory.

Review where the stack is located, look at the vector entry, or .MAP file.

The Length should be 8000 not 7FFF, and D8000 not D7FFF, it is not an end address.

ie

0x08000000[0x8000] -> 0x08000000..0x08007FFF

Tips, Buy me a coffee, or three.. PayPal Venmo
Up vote any posts that you find helpful, it shows what's working..

giovani · ‎2016-06-14

Posted on June 14, 2016 at 17:00

Hello Clive!

I corrected the length for both (bootloader and application).

Verified base address for stack, but the problem still occur.

Stack base address on bootloader is 0x20005418;

Stack base address on application is 0x1000f540;

Now when debugging enter in the if condition but doesn't jump to the application, I had put a break point on Jump_To_Application and registers as image attached, but I don't know why this error still occur.

if (((*(__IO uint32_t*)ApplicationAddress) & 0x1FFE0000 ) == 0x10000000)

{

/* Jump to user application */

JumpAddress = *(__IO uint32_t*) (ApplicationAddress + 4);

Jump_To_Application = (pFunction) JumpAddress;

App_ptr = (uint8_t*)Jump_To_Application;

if( (*App_ptr != 0xFF) && (App_ptr) )

{

/* Initialise user application's Stack Pointer */

__set_MSP(*(__IO uint32_t*) ApplicationAddress);

Jump_To_Application();

}

Thanks,

Giovani

________________

Attachments :

registers.png : https://st--c.eu10.content.force.com/sfc/dist/version/download/?oid=00Db0000000YtG6&ids=0680X000006I0ct&d=%2Fa%2F0X0000000bdK%2FUNfzFuHt6ljpO9IbGu78N6GDs4VPf_O.i9BMF46ezB4&asPdf=false

Tesla DeLorean · ‎2016-06-14

Posted on June 14, 2016 at 17:38

The registers without the assembler code it is executing really isn't going to tell me much.

What is the ''error'', you need to step through the code, probably in disassembly mode, and understand what it is doing, and what checks are being made. You'll want to step from the loader, into the application, confirming it goes and does what you've coded.

This test is backward if you want to check if the pointer is NULL, it does the test left-to-right, you should check for it being NULL before checking the values it is pointing too.

if( (*App_ptr != 0xFF) && (App_ptr) )

Tips, Buy me a coffee, or three.. PayPal Venmo
Up vote any posts that you find helpful, it shows what's working..

giovani · ‎2016-06-14

Posted on June 14, 2016 at 20:59

Hello Clive!

I don't know what is the error that occur because all seems to be correct.

I tried to paste disassembly code in attachment.

Thanks for your help again.

Giovani

________________

Attachments :

image_2.png : https://st--c.eu10.content.force.com/sfc/dist/version/download/?oid=00Db0000000YtG6&ids=0680X000006I0l9&d=%2Fa%2F0X0000000bdL%2FCC1YtjePWCF5qYGosc.y8thnXtUH0u1iCHkOD3LSB94&asPdf=false

image.png : https://st--c.eu10.content.force.com/sfc/dist/version/download/?oid=00Db0000000YtG6&ids=0680X000006I0Tr&d=%2Fa%2F0X0000000bdJ%2FGKBJs6Dj5tWDbp1FjBtdrR5f1IZ.H1FygZCALpG6j.E&asPdf=false

Tesla DeLorean · ‎2016-06-14

Posted on June 14, 2016 at 22:27

Ok, so it appears to have transferred control to the ResetHandler in the application, to some code that looks rather familiar

[DEAD LINK /public/STe2ecommunities/mcu/Lists/cortex_mx_stm32/Flat.aspx?RootFolder=/public/STe2ecommunities/mcu/Lists/cortex_mx_stm32/Jump%20to%20internal%20bootloader&FolderCTID=0x01200200770978C69A1141439FE559EB459D7580009C4E14902C3CDE46A77F0FFD06506F5B&currentviews=8626]https://my.st.com/public/STe2ecommunities/mcu/Lists/cortex_mx_stm32/Flat.aspx?RootFolder=%2Fpublic%2FSTe2ecommunities%2Fmcu%2FLists%2Fcortex_mx_stm32%2FJump%20to%20internal%20bootloader&FolderCTID=0x01200200770978C69A1141439FE559EB459D7580009C4E14902C3CDE46A77F0FFD06506F5B?tviews=8626

Tips, Buy me a coffee, or three.. PayPal Venmo
Up vote any posts that you find helpful, it shows what's working..

giovani · ‎2016-06-14

Posted on June 14, 2016 at 23:10

Yeah, I tried that code, but now I modify and using this in reset handler:

Reset_Handler PROC

EXPORT Reset_Handler [WEAK]

IMPORT SystemInit

IMPORT __main;

LDR R0, =SystemInit

BLX R0

LDR R0, =__main

BX R0

ENDP

Now bootloader can jump to application with call JUMP_TO_Application();

but in application firmware when execute line BX R0 occurred a HardFaultException. Tomorrow I will search for this error.

Thanks for your help and attention Clive.

Tesla DeLorean · ‎2016-06-14

Posted on June 14, 2016 at 23:19

Check the value in R0, and confirm it is ODD (Thumb Code), and that it points to your SystemInit() function, typically in system_stm32f4xx.c

If you are using interrupts (SysTick, etc) in the Boot Loader, consider how they will be handled in the Application. An RTOS may also cause issues.

Tips, Buy me a coffee, or three.. PayPal Venmo
Up vote any posts that you find helpful, it shows what's working..

giovani · ‎2016-06-15

Posted on June 15, 2016 at 14:59

Hello Clive!

I don't have interrupts neither RTOS on bootloader firmware. I just start clocks and bkp registers to verify if I need to download new firmware for the flash.

On application firmware:

Reset_Handler PROC

EXPORT Reset_Handler [WEAK]

IMPORT SystemInit

IMPORT __main;

LDR R0, =SystemInit

BLX R0 // at this moment R0 is pointing to SystemInit (0x0801BD31)

LDR R0, =__main

BX R0 // at this moment R0 is pointing to main(0x08008189) after this goes to hardfault

Thanks.

giovani · ‎2016-06-15

Posted on June 15, 2016 at 20:11

Hello!

I think that found the problem, but not the solution, bootloader working very well and jumping to application if I disable IRAM2 works fine, but I need to use IRAM2 for stemwin graphics and I don't know why when enabled IRAM2 on application firmware occur hardfault or the code ''getting crazy''. On bootloader firmware IRAM2 is disabled.