stm8s flash entire new program - how?

papadeltasierra · ‎2024-03-26

Let's assume I have a program that exposes a serial interface for commands and one such command is "load new program". I upload the new program as hex strings and the old program writes this to flash and the resets. Hopefully at this point the new program starts up.

Now the peripheral library gives three examples but they write either to EEPROM or just tiny bits of data to flash and it appears that only the calls to FLASH_ProgramBlock() and FLASH_EraseBlock() run from RAM.

Since I am rewriting up-to ALL the flash memory, do I need to wrap and entire method in RAM() so that the entire processing, from the UART receiving hex to the writing to flash gets run from RAM? I assume I cannot risk any of the old program (or at least the update method) running from anything other than RAM because I might be overwriting the flash copy of the old program.

Is that correct? Anyone point me at an example of this or some documentation beyond PM0051?

Thanks,

Paul DS.

Peter BENSCH · ‎2024-03-26

This is the old problem of overwriting the currently running programme code. It is exacerbated by the lack of caching of the new binary. Just imagine a sudden interruption of the update process, which bricks your system until a debugger is connected and everything being rewritten.

For this reason, procedures have been developed that are used, for example, in FOTA (Firmware Over The Air): a second memory block (memory bank) in e.g. STM32 MCUs or as external memory. One of at least two blocks is then the golden image, a second block receives the update. Only when everything has demonstrably arrived correctly in the second block (checksums, etc.) are the blocks swapped and the second block becomes a new golden image and is started immediately.

I don’t know of a similar code for an STM8 without external memory.

Regards
/Peter

In order to give better visibility on the answered topics, please click on Accept as Solution on the reply which solved your issue or answered your question.

papadeltasierra · ‎2024-03-27

Peter, thanks for the heads-up; I've been a programmer for 30 years working on telecoms systems with 5/6-9s reliability so I am very familiar with such issues :-).

For the stm8, I am just looking at implementing an "it works 99% of the time" feature for very rare upgrade purposes without the need for an ST-Link. There is a specific board, an HC-12, that uses an stm8s chip and has such an update option and I'm developing some custom firmware for it and wanted to emulate the same update feature.

Clearly there is the "it can fail and brick the device" danger but the HC-12 provides this feature so it is possible for this to work well enough to be worth doing. I was hoping there was some guidance on how this might be achieved otherwise I'm going to be spending a lot of time resetting the "discovery" dev board I have coming to help me develop this firmware.

papadeltasierra · ‎2024-03-27

Realised that my original question was perhaps not clear enough. I am not looking for a strategy for the update, rather an answer to the question "if I write some code that will do the update, how do I ensure it is running from RAM?"

I think there is a "RAM()" macro but if use this against my update method, will the method AND any library calls I use all be in RAM or do I have to explicitly mark every single call used?