I am running custom firmware on a custom board using an nRF52832 chip. I have encountered an issue after migrating my project from SDK 14.2 to SDK 15.3. The issue is that my application is not starting and it occurs on two different occasions:
With that being said, if I merge the .hex files of the BL, BL settings, SD, and APP and flash them onto my device using nrfjprog, my application is loaded and runs properly. If I then remove my device from power and plug it back in, the application no longer starts. Loading the same bootloader and softdevice and then performing a DFU with my application does not successfully start my application either.
I tried both above scenarios with an example app from the SDK (blinky) which I modified to run on my custom board, and everything worked correctly. I was able to perform a DFU and have the application start, and if I power cycled the device, the app restarted.
This functionality used to work fine with my app when it was using SDK 14.2, it has only broken since migrating to SDK 15.3. Is there something that has changed that I need to be aware of?
Any help with the issue would be greatly appreciated.
You may want to re-compile the bootloader with optimization to level 0 (so you can debug) and step into the bootloader code to see why it doesn't jump to your application after a reset. I suspect your application may change (due to a flash operation ? ) causing CRC32 check doesn't match ?
Do you have any special function in your application related to UICR ? flash ?
I assume your application works fine if you only flash the softdevice and the application ?
Thank you for getting back to me! Unfortunately it's not just after a reset that my application does not start, it is also after a DFU.
We have no special function related to UICR. We use FDS in our application, but that is it.
Do you mean from SES? If so then yes, our application works fine if flashed from Segger with just the application and softdevice. It does not work if just the softdevice and application are flashed using nrfjprog (and then the device reset).
However, what is odd, is that if we take all of the .hex files of the bootloader, bootloader settings, softdevice, and application and merge them using mergehex and then flash them onto the device using nrfjprog and reset, the application runs and works fine. Even if I flash the .hex files each individually everything runs fine.
But if I flash just the bootloader and softdevice and then successfully perform a DFU, the bootloader does not jump to my application code. Is there a reason why it would work when I flash all the components together and not when I perform a DFU?
So I ran my application without loading the bootloader and the start and end addresses were 0x7D000 and 0x80000. I then ran the application with the bootloader loaded and the start and end addresses were the same. I'm assuming this is the issue since it overlaps with the bootloader's location in memory?
Also, I checked for data stored using Segger and there doesn't seem to be anything stored right before the bootloader (see image below).
As for reproducing the issue with the flash_fds example, I wish I could have tested it by performing a DFU, however a DFU package for the flash_fds example was not provided in the test images in the SDK, and since I do not have the private key of the SDK, I could not generate a DFU package on my own.
I actually tested it two ways with the same results. The first way I did it was load the bootloader project file into Segger and build and run. And then load the flash_fds project file into Segger and build and run. Also, I tried using nrfjprog to program the softdevice (with --chiperase) and then program the bootloader right after (with --reset). And then once that ran I used Segger to build and run the flash_fds example.
EDIT: I tried hardcoding the end_addr value in flash_bounds_set() to 0x78000 to see if that would resolve the issue and I got some interesting results. If I load and run the bootloader (with softdevice loaded) using nrfjprog and then use Segger to build and run my application, it now loads and runs properly! Also, if I use nrfjprog to load the softdevice, bootloader, and bootloader settings and then reset the chip, allow the bootloader to run, and then load my application and reset the chip, the application runs properly. HOWEVER, I tried only loading and running the bootloader+softdevice to then load the application using OTA DFU from the bootloader and the application did NOT start. It's also worth mentioning that in the instances where I got the application to start running properly (with the hardcoded value), the application did not restart after a power cycle.
I assume you have your own private key use with your bootloader ? You mentioned that you can do OTA DFU with your application ?
If you want to test the flash_fds you should either generate a .zip file of the hex or generate at bootloader setting. I attached here the .zip file and the bootloader setting I used. Saw no issue with the example.
Could you please double check what exactly return in flash_end_addr() ? when you have the bootloader installed and the application installed.
Especially check if you have this inside app_util.h
#define BOOTLOADER_ADDRESS ((*(uint32_t *)MBR_BOOTLOADER_ADDR) == 0xFFFFFFFF ? *MBR_UICR_BOOTLOADER_ADDR : *(uint32_t *)MBR_BOOTLOADER_ADDR)
The bootloader address should point to the start address of your bootloader.
I suspect that since we don't write to MBR_UICR_BOOTLOADER_ADDR any more it could cause an issue if you don't have correct BOOTLOADER_ADDRESS macro .
Good point, I have my own set of public/private keys that I will use with the examples to test the flash_fds app.
As for the BOOTLOADER_ADDRESS macro, unfortunately I’m currently not in the office, but I looked into it a lot yesterday so will try to respond from memory to see if we can resolve this issue today.
Yes we do have that macro inside app_util.h. I believe MBR_BOOTLOADER_ADDR was 0xFF8, pointing to a value of 0xFFFFFFFF. flash_end_addr() ended up returning 0x80000 because one of the lines of code has something that resembled two _sz being multiplied together.
I’m sorry if that’s not 100% detailed or clear, I’m going off memory, but I wanted to be able to respond before you left for the day. I’m not in tomorrow and would like to get this resolved before the weekend, if possible.
I was able to be in touch with one of your colleagues in Anaheim today, and they helped me work through some of the details of this issue. Essentially the MBR_BOOTLOADER_ADDR loaded into memory location 0xFF8 was correctly set at 0x78000 when the softdevice and bootloader were loaded, but for some reason, when using Segger to load the application, the value in 0xFF8 was being overwritten to 0xFFFFFFFF.
However, that did not happen when the app was loaded via nrfjprog or via DFU (the value remained 0x78000). So that was significantly throwing off our troubleshooting. I am now working through the issue with that knowledge in mind to better isolate the main problem.
It's really strange that the application would touch the MBR area. Do you have any code that may set the attribute to the MBR address (0-0x1000) ?
If you can provide the hex file that reproduce the problem I can have a look.
Hello Hung, it wasn't that the application was modifying the MBR -- SES was erasing the MBR page and reflashing the SoftDevice when Adam started the debugger. Using Target -> Attach prevents SES from modifying the flash.
I'm sorry I wasn't more specific in my last reply. When I used Target -> Attach debugger, I no longer ran into the fds_init() issue that we were previously discussing (the BOOTLOADER_ADDRESS macro was returning the correct value). Unfortunately the issue of our application not starting after a successful DFU or after a power cycle persisted.
4. The application then starts and runs without issue. ️
I assume when you do debugging you have followed the suggestion from Daniel so that Segger wouldn't erase MBR, Softdevice ?
I am not sure what could be wrong here.
In the step "Test Again Using NRFJPROG" do you mean that if you connect and use SEGGER to debug, you have trouble after that ? What you can do is to make a hex dump (nrfjprog --readcode) before and after connecting Segger and then compare to see what changed. You would also need to read UICR (nrfjprog --readuicr)
For further debugging I would suggest:
- Adding some more LED pattern inside the bootloader, so we know if the bootloader is executed, and if it forward to the application
- Strip down the application until it would work with DFU update. (for example only do LED blinking). To do that you can just add an infinite loop in your code. Then you can gradually more this loop down until you can reproduce the issue.
If you can provide an minimal code that we can test here with the NRF52 DK it would be easier to find the root cause.
Yes, when I now do debugging, I program and reset my device using nrfjprog and then use Target -> Attach debugger to do debugging.
Hung Bui said:In the step "Test Again Using NRFJPROG" do you mean that if you connect and use SEGGER to debug, you have trouble after that ?
No, the trouble occurs before connecting and using Segger to debug. Essentially what I'm trying to say is that if I have the application running without issue and then power cycle my device, my application will not restart and run. Adding the addition comments about attaching the debugger was to shown when the application was running without issue and when it wasn't.
Hung Bui said:- Adding some more LED pattern inside the bootloader, so we know if the bootloader is executed, and if it forward to the application
I added an LED pattern inside the bootloader just before nrf_bootloader_init(), and in every scenario the bootloader was executed. However I did start doing a little bit of debugging and noticed something that may or may not be worth mentioning.
I performed two separate DFUs, one with an application that just flashes some LEDs (and is a functioning app without any over the above issues), and one with our application that does not start after a DFU.
After performing a DFU with the LED app, the bootloader LED sequence executed twice (I'm assuming that means the bootloader was restarted twice). The LED app was then started.
After performing a DFU with our application, the bootloader LED sequence executed three times. I followed the bootloader execution in Segger and noticed that after bootloader restarted twice, it called app_start() and had the address of 0x1000, but that is when the bootloader restarted for the third time.
I feel like that behaviour wasn't supposed to occur. Not sure if that gives you any addition information to work with.
Hung Bui said:If you can provide an minimal code that we can test here with the NRF52 DK it would be easier to find the root cause.
As was recommended, I've opened a private ticket that I will send you the link to in a private message. Thanks.
OK, we can continue on the private case.