This post is older than 2 years and might not be relevant anymore
More Info: Consider searching for newer posts

enter dfu with watchdog in application

Hi,

I want to use the watchdog event handler to enter DFU bootloader. My eventhandler function looks like this:

#define BOOTLOADER_DFU_START 0xB1

/**
 * @brief WDT events handler.
 */
void wdt_event_handler(void)
{

    nrf_sdh_disable_request();
    NRF_POWER->GPREGRET = BOOTLOADER_DFU_START;
     //NOTE: The max amount of time we can spend in WDT interrupt is two cycles of 32768[Hz] clock - after that, reset occurs
}

Problem:

The watchdog does not enter the dfu bootloader, but enter the application.

I'm using sdk15.2 and a nrf52832.

  • Hi,

    This cannot work since a watchdog reset resets the retention registers (see Reset behavior). You can use the exact same mechanism though, but use a normal soft reset (NVIC_SystemReset()) instead of a watchdog reset.

    Why do you want to use the watchdog to enter DFU mode in the first place?

  • Thank you for answering! I can no longer reach my hardware if it is installed. Which is why the application should start the ota bootloader when it freezes.

    Is it possible to start a normal soft reset before the watchdog reset occurs somehow?

  • Hi,

    I see (sort of). But that will not work properly either. You may use a software reset from the WDT interrupt handler to trigger DFU mode, but the watchdog is not reset by the soft reset, so you will get a watchdog reset two 32.768 kHz clock cycles after the TIMEOUT event. So even if you may have time to start the bootloader, you will not have time to do anything useful before the watchdog resets, and you are back in the application.

    But I don't see why you need to start the bootloader when there is a watchdog reset. Can you elaborate on that? What is the logic in entering DFU mode on a watchdog reset? In what situations would that make sense instead of other methods for entering DFU mode?

    I don't know if that is what you are fearing, but if you are worried about flash corruption (for some reason, which could explain why you want to do DFU on failure), then this is handled by the bootloader doing a CRC check on the application before starting it. If the CRC check fails, the bootloader will enter DFU mode. And this check happens after every reset, so it would be triggered by the watchdog reset.

  • Hi,
    My application firmware is in an early state. I don't knwo wether it is the right way to go, but generally my idea was to us a watchdog to enter a fail save state (where I can flash a new firmware), when my current application crashs after a restart for some reasons.
     
    A simple example:  A fatal error occures, due to wrong bluetooth settings. That would cause  a fatal error crash after every restart of my application and I it is no longer possible for me to flash a new firmware  via ota.

    Maybe a second option would be to enter a fail save state after a watchdog reset. Is it possible to register if an application start was triggert by an watchdog reset?

    Thank you

  • Hi,

    stackGreen said:
    My application firmware is in an early state. I don't knwo wether it is the right way to go, but generally my idea was to us a watchdog to enter a fail save state (where I can flash a new firmware), when my current application crashs after a restart for some reasons.
     
    A simple example:  A fatal error occures, due to wrong bluetooth settings. That would cause  a fatal error crash after every restart of my application and I it is no longer possible for me to flash a new firmware  via ota.

    I see. I do not recall seeing this before, but it seems like something that can make sense in some products.

    stackGreen said:
    Maybe a second option would be to enter a fail save state after a watchdog reset. Is it possible to register if an application start was triggert by an watchdog reset?

    Yes, that is possible. The RESETREAS register will tell you the cause for the reset, so you can check that on application start-up. Note that it must be cleared after being read since it is not cleared automatically by resets. You should also know about erratum 136.

Related