Getting unexpected behaviour after erasing and writing flash

is45 · ‎2025-06-20

Hello,

I have been trying to flash firmware from one MCU to another MCU, and everything until actually jumping to the memory address where the firmware has been flashed to is working so far.

Here's what I do in my code:

I have the "Application" project, which is basically the firmware to be flashed. I build this project in STM32CUBEIDE, and then I take the application.bin file and convert it to a C array using some software. Then, MCU-1 uses that C array and flashes it to MCU2. MCU2 has 3 applications slots in its flash memory, and it flashes the bytes it receives to application slot 2 (0x08080000). Once it finishes, it jumps to the starting address of the second application slot using the following function:

void BOOT_JumpToAddress(uint32_t address)
{
    printf("Jumping to 0x%08X\r\n", address);

    // Function pointer to reset handler
    void (*app_reset_handler)(void) = (void *)(*((volatile uint32_t *)(address + 4U)));

    // Disable RCC, HAL, reset SYSTICK, and remap vector table offset
    HAL_RCC_DeInit();
    HAL_DeInit();
    SysTick->CTRL = 0;
    SysTick->LOAD = 0;
    SysTick->VAL = 0;
    SCB->VTOR = address;
    uint32_t msp_value = *((volatile uint32_t *)address);
    __set_MSP(msp_value);
    // Jump into application
    app_reset_handler();
}

Everything until this step works correctly. But when MCU-2 runs this function to enter the application slot 2, nothing happens. If it worked correctly, I should have seen "Application version 0.1 started".

To ensure this wasn't a problem with the flashing, I used STM32 Cube Programmer. Then, I manually flashed the SAME binary file that I used to make the C array, and I flashed it into application slot 1 this time (0x0804000). And when I do this, I see "Application version 0.1 started".

I decide to run my MCU-2 again, but this time, I don't flash anything. I have coded my custom bootloader to jump into Application slot 2 if it does not receive anything. And this time, when it jumps, it prints out "Application version 0.1 started".

How does that happen? Why did flashing to application slot 1 through st-link make application slot 2 work?

To see more of this weird behaviour, I changed the Application code to instead print "Application version 0.2 started".

Once again, I recompiled the binary, made the C array, and made MCU-1 send the bytes to MCU-2. MCU-2 flashed it, and this time, when it jumped to application slot 2, it still printed "Application version 0.1 started".

Then, again I used STM32 Cube Programmer to flash the same binary into application slot 1. As expected, this time it prints out "Application version 0.2 started".

And then again, when I decided to run MCU-2 this time and not flash anything, when it jumped to application slot 2, it printed out it prints out "Application version 0.2 started".

I have also exported the binaries at application slot 1 and 2 using STM32 Cube Programmer, and they both have the exact same bytes in the same location (verified this using an online website)

Would anyone have any idea whether ST-Link and STM32 Cube Programmer do something that my custom bootloader function to jump to the memory address doesn't do? Thank you!