This post is older than 2 years and might not be relevant anymore
More Info: Consider searching for newer posts

Bootloader project, sd_mbr_command gets Hard Fault at address 0x2000FF74

Using nRF52832, SDK16, SD132.

I have a (background)bootloader which is derived from dfu "secure_bootloader" example.

When there is nothing to flash bootloader successfully calls the app and everything works.

But, when bootloader has some bootloading to do and I use sd_mbr_command with command SD_MBR_COMMAND_COMPARE I get a hard fault with address 0x2000FF74.

nRF52832 map does not show anything above 0x20000000 or I'm looking at the wrong or incomplete address map.

It would be good to mention that when I try to use sd_mbr_command  with SD_MBR_COMMAND_COPY_BL I get error 9 (NRF_ERROR_INVALID_LENGTH) which is weird, the size I'm giving it is 15904 (in bytes).

This are the only 2 mbr calls I use (except "nrf_dfu_mbr_irq_forward_address_set" function which has SD_MBR_COMMAND_IRQ_FORWARD_ADDRESS_SET) and they both don't work.

Any ideas what to check?

Thanks!

Parents Reply Children
  • 15904 is in bytes, that is 3976 words.

    Function call:

    uint32_t addr = APPLICATION_REGION_START;
    err_code = BOOTLOADER_CopyBootloader(&addr, header->bootloaderSize);

    header->bootloaderSize -> 15904 (bytes)

    APPLICATION_REGION_START -> 0x26000

    The calling function:

    uint32_t BOOTLOADER_CopyBootloader(uint32_t* src, uint32_t len)
    {
        sd_mbr_command_t sd_mbr_cmd;
        sd_mbr_cmd.command = SD_MBR_COMMAND_COPY_BL;
        sd_mbr_cmd.params.copy_bl.bl_src = src;
        sd_mbr_cmd.params.copy_bl.bl_len = (len / sizeof(uint32_t));
        return sd_mbr_command(&sd_mbr_cmd);
    }

    I don't see an error here...

    It also fails if len is 100...

  • uint32_t addr = APPLICATION_REGION_START;
    err_code = BOOTLOADER_CopyBootloader(&addr, header->bootloaderSize);

    That will put an address on the STACK (&addr) into the src parameter.

    Correct code should look like this:

    uint32_t addr = APPLICATION_REGION_START;
    err_code = BOOTLOADER_CopyBootloader((uint32_t*)addr, header->bootloaderSize);

  • You are correct, I've copied one of my testing attempts. Unfortunately it does not matter since I use BOOTLOADER_CopyBootloader((uint32_t*)APPLICATION_REGION_START, header->bootloaderSize) from the start and it doesn't work. Whatever I use -> Error 9.

    Thanks for noticing and replaying!

  • Good catch by Turbo here. But I'm not sure why you still get the error. Can you confirm that you are using the xxAA variant of the chip with 512k flash?

    Chiper overview: IC revisions and variants

  • Yes, it's 512k version, XXAA_REV1. Using the same module for 2 years now. I have similar bootloader in SDK14 already, working for 2 years now without errors.

    Address 0x2000FF74 is RAM, correct?

    Maybe something with RAM settings?

    SES settings:

    Application:

    FLASH RX 0x0 0x80000;RAM RWX 0x20000000 0x10000;

    Section placement:

    FLASH_PH_START=0x0

    FLASH_PH_SIZE=0x80000

    RAM_PH_START=0x20000000

    RAM_PH_SIZE=0x10000

    FLASH_START=0x26000

    FLASH_SIZE=0x52000

    RAM_START=0x20002C00

    RAM_SIZE=0xD400

    Bootloader:

    FLASH RX 0x0 0x80000;RAM RWX 0x20000000 0x10000;uicr_bootloader_start_address RX 0x10001014 0x4;uicr_mbr_params_page RX 0x10001018 0x4;mbr_params_page RX 0x0007E000 0x1000

    Section placement:

    FLASH_PH_START=0x0

    FLASH_PH_SIZE=0x80000

    RAM_PH_START=0x20000000

    RAM_PH_SIZE=0x10000

    FLASH_START=0x78000

    FLASH_SIZE=0x6000

    RAM_START=0x20000008

    RAM_SIZE=0xfff8

    Anything wrong here?

    As I saw overlapping in BL I've set RAM_SIZE=0x2BF8 to match 0x20002C00 from application but it still crashes with hard fault with address 0x2000FF74 and BL copy command returns error 9. Returned fff8.

    I must have set something up the wrong way...

    @Vidar: I can send you the entire project if needed.

Related