try to allow new bootloader with different size than current one

however, due to the design of MBR, the SD_MBR_COMMAND_COPY_BL prioritize
its internal flash location MBR_BOOTLOADER_ADDR, we won't be able to
change bootloader starting address to increase its size

Author: hathach

.gitignore

@@ -51,10 +51,11 @@ Module.symvers
 Mkfile.old
 dkms.conf
 
-src/segger/Output
-_build-*/
+segger/Output
+_build/
 bin/
 *.emSession
 *.jlink
+.idea/
 
 TAGS

src/main.c

@@ -153,10 +153,10 @@ void softdev_mbr_init(void)
 //--------------------------------------------------------------------+
 int main(void)
 {
-  // Populate Boot Address and MBR Param if not already
-  // Happens if flashing SD hex that overwrite current MBR
+  // Populate Boot Address and MBR Param into MBR if not already
   // MBR_BOOTLOADER_ADDR/MBR_PARAM_PAGE_ADDR are used if available, else UICR registers are used
-  bootloader_mbr_addrs_populate();
+  // Note: skip it for now since this will prevent us to change the size of bootloader
+   bootloader_mbr_addrs_populate();
 
   // SD is already Initialized in case of BOOTLOADER_DFU_OTA_MAGIC
   bool sd_inited = (NRF_POWER->GPREGRET == DFU_MAGIC_OTA_APPJUM);

src/usb/msc_uf2.c

@@ -162,7 +162,21 @@ void tud_msc_write10_complete_cb(uint8_t lun)
 {
   static bool first_write = true;
 
-  if ( _wr_state.numBlocks )
+  // abort the DFU, uf2 block failed integrity check
+  if ( _wr_state.aborted )
+  {
+    // aborted and reset
+    PRINTF("Aborted\r\n");
+
+    dfu_update_status_t update_status;
+    memset(&update_status, 0, sizeof(dfu_update_status_t ));
+    update_status.status_code = DFU_RESET;
+
+    bootloader_dfu_update_process(update_status);
+
+    led_state(STATE_WRITING_FINISHED);
+  }
+  else if ( _wr_state.numBlocks )
   {
     // Start LED writing pattern with first write
     if (first_write)
@@ -177,13 +191,53 @@ void tud_msc_write10_complete_cb(uint8_t lun)
       dfu_update_status_t update_status;
       memset(&update_status, 0, sizeof(dfu_update_status_t ));
 
-      if ( _wr_state.update_bootloader )
+      if ( _wr_state.boot_addr_ucir )
       {
         // update bootloader
+        update_status.status_code = DFU_RESET;
+
+        if ( 0 == memcmp((uint8_t*) _wr_state.boot_stored_addr, (uint8_t*) BOOTLOADER_ADDR_START, _wr_state.boot_size) )
+        {
+          // skip if there is no bootloader change
+        }else
+        {
+          PRINTF("Coyping bootloader to 0x%08lX from 0x%08lX with size = 0x%lX\r\n",
+                 _wr_state.boot_addr_ucir, _wr_state.boot_stored_addr, _wr_state.boot_size);
+
+          // erase an change UCIR bootloader
+//          if (  )
+
+          sd_mbr_command_t command =
+          {
+            .command = SD_MBR_COMMAND_COPY_BL,
+            .params.copy_bl.bl_src = (uint32_t*) _wr_state.boot_stored_addr,
+            .params.copy_bl.bl_len = _wr_state.boot_size/4 // size in words
+          };
+
+          if ( NRF_SUCCESS != sd_mbr_command(&command) )
+          {
+            PRINTF("Failed to execute SD_MBR_COMMAND_COPY_BL, we are about to bricked\r\n");
+          }else
+          {
+            PRINTF("SD_MBR_COMMAND_COPY_BL successfully\r\n");
+          }
+
+          NRFX_DELAY_MS(10);
+//          update_status.status_code = DFU_UPDATE_BOOT_COMPLETE;
+//          update_status.bl_size     = _wr_state.boot_size;
+//
+//          // Reuse the DFU combined SD + Bootloader with SD Size = 0
+//          update_status.sd_image_start = _wr_state.boot_stored_addr;
+//          update_status.sd_size        = 0;
+        }
+
+        PRINTF("bootloader update complete\r\n");
       }else
       {
         // update App
         update_status.status_code = DFU_UPDATE_APP_COMPLETE;
+
+        PRINTF("Application update complete\r\n");
       }
 
       bootloader_dfu_update_process(update_status);

src/usb/uf2/ghostfat.c

@@ -151,21 +151,40 @@ static inline bool is_uf2_block (UF2_Block const *bl)
          (bl->payloadSize == 256) && !(bl->targetAddr & 0xff);
 }
 
+// used when upgrading application
 static inline bool in_app_space (uint32_t addr)
 {
   return USER_FLASH_START <= addr && addr < USER_FLASH_END;
 }
 
+// used when upgrading bootloader
 static inline bool in_bootloader_space (uint32_t addr)
 {
-  return CFG_UF2_BOOTLOADER_ADDR_START <= addr && addr < CFG_UF2_BOOTLOADER_ADDR_END;
+  return BOOTLOADER_LOWEST_ADDR <= addr && addr < BOOTLOADER_ADDR_END;
 }
 
+static inline uint32_t get_new_bootloader_size(uint32_t numblocks)
+{
+  // -1 for UCIR block
+  uint32_t new_size = (numblocks-1)*256;
+
+  // round up to 4K
+  uint32_t mod4k = new_size & 0xFFFUL;
+  if ( mod4k )  new_size += 4096 - mod4k;
+
+  return new_size;
+}
+
+// used when upgrading bootloader
 static inline bool in_uicr_space(uint32_t addr)
 {
   return addr == 0x10001000;
 }
 
+//static inline get_new_bootloader_base(uint32_t )
+
+static inline uint32_t max32 (uint32_t x, uint32_t y) { return (x > y) ? x : y; }
+
 //--------------------------------------------------------------------+
 //
 //--------------------------------------------------------------------+
@@ -284,14 +303,7 @@ void read_block(uint32_t block_no, uint8_t *data) {
  *------------------------------------------------------------------*/
 
 /**
- * Write an uf2 block wrapped by 512 sector. Writing behavior is different when upgrading:
- * - Application
- *    - current App is erased and flash with new firmware with same starting address
- *
- * - SoftDevice + Bootloader
- *    - Current App is erased, contents of SD + bootloader is written to App starting address
- *    - Trigger the SD + Bootloader migration
- *
+ * Write an uf2 block wrapped by 512 sector.
  * @return number of bytes processed, only 3 following values
  *  -1 : if not an uf2 block
  * 512 : write is successful
@@ -308,18 +320,7 @@ int write_block (uint32_t block_no, uint8_t *data, WriteState *state)
     case CFG_UF2_FAMILY_ID:
       /* Upgrading Application
        *
-       * Although SoftDevice is considered as part of application and the flashing is the same with/without it.
-       * There are still 4 cases with slight differences in finishing procedure:
-       *  1. Application with SoftDevice:
-       *      - starting address 0x0000
-       *      - since MBR is included in SD Hex file (then uf2 file), we must skip it
-       *  2. Application only
-       *    a. For running with existing SoftDevice on the flash:
-       *      - starting address is right after SD e.g 0x26000
-       *    b. For running without SoftDevice e.g using other stack such as nimble or zephyr.
-       *      - starting address is right after MBR 0x1000
-       *  3. SoftDevice only, should user somehow only flash with SD only. Bootloader mark app as invalid and wiil
-       *  back on bootloader mode after reset.
+       * SoftDevice is considered as part of application and can be (or not) included in uf2.
        *
        *                          -------------         -------------
        *                         |             |       |             |
@@ -338,34 +339,36 @@ int write_block (uint32_t block_no, uint8_t *data, WriteState *state)
       if ( in_app_space(bl->targetAddr) )
       {
         PRINTF("Write addr = 0x%08lX, block = %ld (%ld of %ld)\r\n", bl->targetAddr, bl->blockNo, state->numWritten, bl->numBlocks);
-
-        // writing to SD Info struct is used as SD detector
-        if (bl->targetAddr == (SOFTDEVICE_INFO_STRUCT_ADDRESS & 0xFFFFFF00) )
-        {
-          state->has_sd = true;
-        }
-
         flash_nrf5x_write(bl->targetAddr, bl->data, bl->payloadSize, true);
       }else if ( bl->targetAddr < USER_FLASH_START )
       {
-        // do nothing if writing to MBR
+        // do nothing if writing to MBR, occurs when SD hex is included
         // keep going as successful write
-        state->has_mbr = true;
+        PRINTF("skip writing to MBR\r\n");
       }else
       {
         return -1;
       }
     break;
 
     case CFG_UF2_BOOTLOADER_ID:
-      /* Upgrading Bootloader (with/without SoftDevice)
+      /* Upgrading Bootloader
+       *
+       * Along with bootloader code, UCIR (at 0x1000100) is also included containing
+       * 0x10001014 (bootloader address), and 0x10001018 (MBR Params address).
+       *
+       * Since SoftDevice is not part of Bootloader, it must not be included as part of uf2 file.
+       * To prevent generating uf2 from incorrect bin/hex. Bootloader imposes a hard code limit size
+       * of 64 KB (end address is fixed at MBR Params). If uf2 contains any address lower than this
+       * (except UCIR) the update is aborted.
        *
        * To prevent corruption/disconnection while transferring we don't directly write over
-       * Bootloader. Instead Bootloader is written to Application region.
-       * Once everything is received and verified. It is written to its respective address
+       * Bootloader. Instead it is written to highest possible address in Application
+       * region. Once everything is received and verified, it is safely activated using
+       * MBR COPY BL command.
        *
-       * Note: to simplify the upgrade process, we ASSUME, Bootloader size is fixed and
-       * is the same as the old bootloader
+       * Note: part of the existing application can be affected when updating bootloader.
+       * TODO May be worth to have some kind crc/application integrity checking
        *
        *                         -------------         -------------         -------------
        *                        |             |       |             |     + |     New     |
@@ -374,41 +377,68 @@ int write_block (uint32_t block_no, uint8_t *data, WriteState *state)
        *                        |             |       |    New      |  +    |             |
        *                        |             |       | Bootloader  | +     |             |
        *                        |             |       |  ++++++++   |       |             |
-       *                        | Application | --->  |             |       |             |
+       *                        |             | --->  |             |       |             |
+       *                        |             |       |             |       |             |
+       *                        | Application |       | Application |       | Application |
+       *                        |             |       |             |       |             |
        *                        |             |       |             |       |             |
-       *                        |             |       |  ++++++++   |       |  ++++++++   |
-       *                        |             |       |    New      |       |    New      |
-       *                        |             |       | SoftDevice  |       | SoftDevice  |
        *      USER_FLASH_START--|-------------|       |-------------|       |-------------|
        *                        |     MBR     |       |     MBR     |       |     MBR     |
        *                         -------------         -------------         -------------
        */
+      PRINTF("addr = 0x%08lX, block = %ld (%ld of %ld)\r\n", bl->targetAddr, bl->blockNo, state->numWritten, bl->numBlocks);
+
+      uint32_t const new_boot_size = get_new_bootloader_size(bl->numBlocks);
+
+      // Offset write the new bootloader address.
+      // The offset is the current bootloader size or the new size whichever is larger
+      uint32_t const offset_addr = max32(new_boot_size, BOOTLOADER_ADDR_END-BOOTLOADER_ADDR_START);
+
       if ( in_uicr_space(bl->targetAddr) )
       {
         /* UCIR contains bootloader & MBR address as follow:
-         * - 0x10001014 bootloader address: only change of bootloader size changes
+         * - 0x10001014 bootloader address: only change if bootloader size changes
          * - 0x10001018 MBR Params: mostly fixed
          *
-         * WARNING: incorrect value of these UCIR will break device
+         * WARNING: incorrect value of these UCIR will brick device
          */
+        uint32_t ucir_boot_addr;
+        uint32_t ucir_mbr_param;
 
-        // Nothing to do since bootloader size is fixed
-        return 512;
-      }
-      else if ( in_bootloader_space(bl->targetAddr) )
-      {
-        // Right above the old SoftDevice
+        memcpy(&ucir_boot_addr, bl->data + 0x14, 4);
+        memcpy(&ucir_mbr_param, bl->data + 0x18, 4);
+
+        PRINT_HEX(ucir_boot_addr);
+        PRINT_HEX(ucir_mbr_param);
+
+        PRINT_HEX(new_boot_size);
+
+        // Check MBR params is fixed and prohibited to change and
+        // Bootloader address against its new size
+        if ( (ucir_mbr_param != BOOTLOADER_MBR_PARAMS_PAGE_ADDRESS) ||
+             (ucir_boot_addr != BOOTLOADER_ADDR_END - new_boot_size) )
+        {
+          PRINTF("Incorrect UCIR value");
+          state->aborted = true;
+          return -1;
+        }else
+        {
+          // Good to go, save the boot address
+          state->boot_addr_ucir   = ucir_boot_addr;
+          state->boot_size        = new_boot_size;
+          state->boot_stored_addr = BOOTLOADER_ADDR_END - (new_boot_size + offset_addr);
+
+          PRINT_HEX(state->boot_stored_addr);
+        }
       }
-      else if ( in_app_space(bl->targetAddr) )
+      else if ( in_bootloader_space(bl->targetAddr) && (bl->targetAddr >= BOOTLOADER_LOWEST_ADDR) )
       {
-        // Right below the old Bootloader
-        //wr_addr = USER_FLASH_START + bl->targetAddr;
-        // writing to SD Info struct is used as SD detector
-        // if (bl->targetAddr == SOFTDEVICE_INFO_STRUCT_ADDRESS) state->has_sd = true;
-
+//        PRINT_HEX(offset_addr);
+        flash_nrf5x_write(bl->targetAddr-offset_addr, bl->data, bl->payloadSize, true);
       }
       else
       {
+        state->aborted = true;
         return -1;
       }
     break;
@@ -446,6 +476,12 @@ int write_block (uint32_t block_no, uint8_t *data, WriteState *state)
       if ( state->numWritten >= state->numBlocks )
       {
         flash_nrf5x_flush(true);
+
+        // Failed if update bootloader without UCIR value
+        if ( (bl->familyID == CFG_UF2_BOOTLOADER_ID) && !state->boot_addr_ucir )
+        {
+          state->aborted = true;
+        }
       }
     }
   }

src/usb/uf2/uf2.h

@@ -52,9 +52,12 @@ SOFTWARE.
 typedef struct {
     uint32_t numBlocks;
     uint32_t numWritten;
-    bool has_sd;            // if uf2 includes SD
-    bool has_mbr;           // if uf2 includes MBR
-    bool update_bootloader; // if updating bootloader
+
+    bool aborted;             // aborting update and reset
+    uint32_t boot_addr_ucir;  // if ucir bootloader address value
+    uint32_t boot_size;       // new bootloader size
+    uint32_t boot_stored_addr;  // temporary base address storing new bootloader
+
     uint8_t writtenMask[MAX_BLOCKS / 8 + 1];
 } WriteState;
 

src/usb/uf2/uf2cfg.h

@@ -1,16 +1,23 @@
 #include "boards.h"
 #include "dfu_types.h"
 
-#define CFG_UF2_FAMILY_ID               0xADA52840
-#define CFG_UF2_BOOTLOADER_ID           ((USB_DESC_VID << 16) | USB_DESC_UF2_PID)
+#define CFG_UF2_FAMILY_ID         0xADA52840
+#define CFG_UF2_BOOTLOADER_ID     ((USB_DESC_VID << 16) | USB_DESC_UF2_PID)
 
-#define CFG_UF2_NUM_BLOCKS              8000        // at least 4,1 MB for FAT16
-#define CFG_UF2_FLASH_SIZE              (1024*1024) // 1 MB
+#define CFG_UF2_NUM_BLOCKS        8000        // at least 4,1 MB for FAT16
+#define CFG_UF2_FLASH_SIZE        (1024*1024) // 1 MB
 
 // Application Address Space
-#define USER_FLASH_START                MBR_SIZE // skip MBR included in SD hex
-#define USER_FLASH_END                  0xAD000
+#define USER_FLASH_START          MBR_SIZE // skip MBR included in SD hex
+#define USER_FLASH_END            0xAD000
 
-// Bootloader Address Space
-#define CFG_UF2_BOOTLOADER_ADDR_START   BOOTLOADER_REGION_START
-#define CFG_UF2_BOOTLOADER_ADDR_END     BOOTLOADER_MBR_PARAMS_PAGE_ADDRESS
+// Current Bootloader start address
+#define BOOTLOADER_ADDR_START     BOOTLOADER_REGION_START
+
+// Bootloader end address which is always fixed
+#define BOOTLOADER_ADDR_END       BOOTLOADER_MBR_PARAMS_PAGE_ADDRESS
+
+// 64 KB is hard coded limit size for bootloader when updating.
+// This is used as sanity check to make sure user doesn't make mistake
+// converting wrong bin/hex into uf2 file for bootloader.
+#define BOOTLOADER_LOWEST_ADDR    (BOOTLOADER_ADDR_END - 64*1024)