2016-06-23 05:28 AM
Hello,
I am trying to branch to the STM bootloader from my application, but it doesn't work. I use the STM32F103VFT6 and USART1. If I pull-up the pin BOOT0 and then switch on the power supply, the Flash Loader Demonstrator gets contact to the STM32F103VFT6 with 11520 Baud, 8 data bits, even parity, 1 stop bit. I checked the hints in AN2606: - Disable all peripheral clocks - Disable used PLL - Disable interrupts - Clear pending interrupts - Start address of bootloader: 0x1FFF.E000 And then I want to branch with this C / assembly code: SCB->VTOR = 0x1FFFE000; // Vector table relocation in system __asm (''movw r0, #0xE000''); __asm (''movt r0, #0x1FFF''); __asm (''ldr sp, [r0, #0]''); // Set main stack pointer of bootloader __asm (''movw r0, #0xE004''); __asm (''movt r0, #0x1FFF''); __asm (''bx r0''); // Branch to bootloader That results in hard fault and the debugger finds me in that interrupt handler. Can you help me to find my mistake? Thanks in advance!2016-06-23 06:01 AM
It is a *Vector Table* it is a list of Addresses, it does not contain executable code so jumping into it, and at an even address, will cause it to fault.
...
__asm (''movw r0, #0xE004'');
__asm (''movt r0, #0x1FFF'');
__asm (''ldr r0, [r0, #0]''); // LOAD THE ADDRESS OF RESET HANDLER
__asm (''bx r0''); // Branch to bootloader
Confirm that the ROM is situated there, and what the first two values are, and then confirm those as you step through the transition code.
Disabling interrupts might be problematic if the loader doesn't know to turn them back on.
2016-06-23 07:19 AM
Thanks for your quick reply.
In my application exists a startup file generated from Atollic TrueStudio and there starts the execution after reset with the reset handler at address 0x0800.0000 and remaped also at address 0x0000.0000. The reset handler is filled with program code, e.g. data init or call of system init. Has the bootloader a different startup behaviour? ROM confirmation is difficult, because I don't never branch to the bootloader. Tomorrow I will go with the disassembler to the start address of the bootloader and take a look at. I checked the STM32F103VFT6 bootloader ID 0x21 at address 0x1FFF.F7D6 and it is correct, so I think I have the right bootloader start address. AN2606 page 30 figure 8 shows in the middle ''Disable all interrupt sources'' and then ''System Init'', so I think the bootloader reinitializes all interrupts. Is the ''Global Interrupt Enable'' enabled on startup after reset?2016-06-23 08:33 AM
I don't use Atollic, but I'd bet there is a ''Memory View'' in the debugger which you can set to whatever address you want to see the underlying data at.
The Reset Handler function will NOT be at 0x080000002016-06-23 08:40 AM
''Disable all interrupt sources'' != ''Disable interrupts'', the former suggests you teardown everything you have initialized to generate interrupts, the latter suggests you mask interrupts at a CPU/NVIC level. ie __disable_irq() or ''cpsid i''
The System Loader expects to be handed a system in close to reset conditions, and the more it is not like that, the more likely it is to function incorrectly/unexpectedly. I've covered ways to boot into the System Loader here dozens of times.2016-06-24 05:34 AM
You are right. My Reset Handler is also on flash address 0x0800.0 Pictures flash_0x0800.0000 and flash_0x0000.0000 show disassembler windows and appropriate source code. I append you also the used startup file and the linker scipt made by Atollic Truestudio.
Do you agree with me? ________________ Attachments : flash_0x0000.0000.jpg : https://st--c.eu10.content.force.com/sfc/dist/version/download/?oid=00Db0000000YtG6&ids=0680X000006HzGQ&d=%2Fa%2F0X0000000bLb%2FOdkZYgCT94Eg_VG3HUnjTwwkrrXIT1Ncpg_8ZsqUy94&asPdf=falseflash_0x0800.0000.jpg : https://st--c.eu10.content.force.com/sfc/dist/version/download/?oid=00Db0000000YtG6&ids=0680X000006HzPb&d=%2Fa%2F0X0000000bLZ%2Few3KSPs6TeQstjaL1KZUOujvclLcMrFxAZcHUNH.4Ao&asPdf=falsestartup_stm32f10x_xl_ORG.s : https://st--c.eu10.content.force.com/sfc/dist/version/download/?oid=00Db0000000YtG6&ids=0680X000006HzPW&d=%2Fa%2F0X0000000bLa%2FC.VzujxUVWalxsOoJInHNRrCUTXtbbsUxsHcUlIjgXg&asPdf=falseSTM32F103VF_FLASH.ld : https://st--c.eu10.content.force.com/sfc/dist/version/download/?oid=00Db0000000YtG6&ids=0680X000006HzDN&d=%2Fa%2F0X0000000bLY%2FvtJljMLMjtt9HR0ZN5.L3BC0KMu4wtf.zncpdj8mktg&asPdf=false2016-06-24 08:05 AM
We are going in circles here, the Vector Table is NOT CODE, you need to dump it as data (32-bit words) not a disassembly.
Please get some Technical Reference Manuals for the Cortex-M3, or books by the likes of Joseph Yiu, and review them. The concept of a Vector Table can be seen in other architectures like the 80x86 and M68K, they are fixed format tables that point at other things.2016-06-24 08:51 AM
Memory View, here in Keil, but most any tool should be able to do this..
2016-12-06 10:45 PM
When I wanted to jump to my bootloader included in my image I had to jump to an UNEVEN address.
((void (*)(void))0x20000131)();
2016-12-07 12:27 AM
The Cortex-Mx series can only execute 16-bit Thumb code, not 32-bit ARM code. The low order bit of the PC indicates the execution of Thumb code, if you jump to an EVEN address the processor will Hard Fault.