This post is older than 2 years and might not be relevant anymore
More Info: Consider searching for newer posts

Problem with bootloader relocation

My goal is to replace the legacy bootloader present in nRF52832 with a new bootloader with the DFU process.

I am using nRF5 SDK v15.3.0, GCC ARM and S132.

I have done the following with the help of this.

To summarize,

  • The new bootloader was copied into bank-1.
  • Next, the UICR region is erased and the new address is written into 0x10001014 and also the other content which was present before erasing.
  • I had verified the new address being written to 0x10001014 (NRF_UICR->NRFFW[0]).

Now the problem is that, after calling the sd_mbr_cmd(..) with SD_MBR_COMMAND_COPY_BL command, the device resets and doesn't start the new bootloader.

A similar question was asked here, but doesn't seem to have a solution.

I am not sure if I am missing something.

Thanks in advance.

Update: I have also verified (with the help of JLink by reading bytes at the new location) that the new bootloader is being copied into the new location.

  • When I generated the hex file with the help of example ld file present in examples/pca10040_ble_debug, it shows the address there at 0x0FF8.

    However, when I compared it with the ld file I am using, it was preferred to use it this way because it can be changed during run time (as per my understanding).

    Example file:

    uicr_bootloader_start_address (r) : ORIGIN = 0x00000FF8, LENGTH = 0x4
    uicr_mbr_params_page (r) : ORIGIN = 0x00000FFC, LENGTH = 0x4
    mbr_params_page (r) : ORIGIN = 0x0007E000, LENGTH = 0x1000
    bootloader_settings_page (r) : ORIGIN = 0x0007F000, LENGTH = 0x1000

    My file:

    mbr_params_page (r) : ORIGIN = 0x0007E000, LENGTH = 0x1000
    bootloader_settings_page (r) : ORIGIN = 0x0007F000, LENGTH = 0x1000
    uicr_mbr_params_page (r) : ORIGIN = 0x10001018, LENGTH = 0x4
    uicr_bootloader_start_address (r) : ORIGIN = 0x10001014, LENGTH = 0x4

  • I don't see much of benefit of using UICR in your case. I don't think you can be able to change it in runtime. UICR is a page in flash, you can't change it in runtime unless you erase and rewrite UICR.

    If you want to stick to UICR to store the start address of the bootloader it should be fine, but when you update the UICR bootloader start address (0x10001014), make sure 0x10001018 is restored after the erase as well. 

    Could you check now, after you update the bootloader to different location, do you have the UICR configured correctly. 

  • I had verified that up on DFU success the content of 0x10001014 is indeed the new address and content of 0x10001018 is also what is intended (0x7E000). However, I am seeing something weird, the page 0x7E000 is blank.

    Could this be the cause?

    Update:

    The content at 0x7E000 is present until the bootloader command is executed, but it is being erased right after the command SD_Command is executed [nrf_dfu_mbr_copy_bl (or even sd_mbr_command, tried both)]

    ------ ignoring the previous observation -----

    It tries to write to 0x7E000, but fails to update there.

    "<debug> nrf_dfu_flash: nrf_fstorage_write(addr=0x0007E000, src=0x20007474, len=896 bytes), queue usage: 1"

    I see the content in the src addr as something, but 0x7E000 is just blank after the write operation.

    ----------------------------------------------------------

  • It's protected in this call :

    ret_val = nrf_bootloader_flash_protect(BOOTLOADER_START_ADDR,area_size,NRF_BOOTLOADER_READ_PROTECT);

    Inside nrf_bootloader_app_start_final() of nrf_bootloader_app_start_final.c . Not sure in your case it's executed or not. 

    But I'm not sure why you need to check the mbr_params_page. It's for the MBR to use internally and application, or bootloader should not write to it. 

    If the bootloader start address is correct, the MBR supposed to forward the PC and vector table to the new bootloader address. Could you check where the PC is forwarded to after your download ? 

  • mbr_params_page caught my attention because it is completely blank when I compare it with a working version. So nothing related to the start is present in that region?

    I already commented the part which protects the flash.

    Immediately, after the new bootloader is downloaded and reset, the PC reads 0x20010000.

Related