This post is older than 2 years and might not be relevant anymore
More Info: Consider searching for newer posts

Bootloader project, sd_mbr_command gets Hard Fault at address 0x2000FF74

Using nRF52832, SDK16, SD132.

I have a (background)bootloader which is derived from dfu "secure_bootloader" example.

When there is nothing to flash bootloader successfully calls the app and everything works.

But, when bootloader has some bootloading to do and I use sd_mbr_command with command SD_MBR_COMMAND_COMPARE I get a hard fault with address 0x2000FF74.

nRF52832 map does not show anything above 0x20000000 or I'm looking at the wrong or incomplete address map.

It would be good to mention that when I try to use sd_mbr_command  with SD_MBR_COMMAND_COPY_BL I get error 9 (NRF_ERROR_INVALID_LENGTH) which is weird, the size I'm giving it is 15904 (in bytes).

This are the only 2 mbr calls I use (except "nrf_dfu_mbr_irq_forward_address_set" function which has SD_MBR_COMMAND_IRQ_FORWARD_ADDRESS_SET) and they both don't work.

Any ideas what to check?

Thanks!

Parents
  • which is weird, the size I'm giving it is 15904 (in bytes).

    SD_MBR_COMMAND_COPY_BL calculates words for the bl_len field - and 4x 15904  won't fit into the available flash space.

  • 15904 is in bytes, that is 3976 words.

    Function call:

    uint32_t addr = APPLICATION_REGION_START;
    err_code = BOOTLOADER_CopyBootloader(&addr, header->bootloaderSize);

    header->bootloaderSize -> 15904 (bytes)

    APPLICATION_REGION_START -> 0x26000

    The calling function:

    uint32_t BOOTLOADER_CopyBootloader(uint32_t* src, uint32_t len)
    {
        sd_mbr_command_t sd_mbr_cmd;
        sd_mbr_cmd.command = SD_MBR_COMMAND_COPY_BL;
        sd_mbr_cmd.params.copy_bl.bl_src = src;
        sd_mbr_cmd.params.copy_bl.bl_len = (len / sizeof(uint32_t));
        return sd_mbr_command(&sd_mbr_cmd);
    }

    I don't see an error here...

    It also fails if len is 100...

  • Good catch by Turbo here. But I'm not sure why you still get the error. Can you confirm that you are using the xxAA variant of the chip with 512k flash?

    Chiper overview: IC revisions and variants

  • Yes, it's 512k version, XXAA_REV1. Using the same module for 2 years now. I have similar bootloader in SDK14 already, working for 2 years now without errors.

    Address 0x2000FF74 is RAM, correct?

    Maybe something with RAM settings?

    SES settings:

    Application:

    FLASH RX 0x0 0x80000;RAM RWX 0x20000000 0x10000;

    Section placement:

    FLASH_PH_START=0x0

    FLASH_PH_SIZE=0x80000

    RAM_PH_START=0x20000000

    RAM_PH_SIZE=0x10000

    FLASH_START=0x26000

    FLASH_SIZE=0x52000

    RAM_START=0x20002C00

    RAM_SIZE=0xD400

    Bootloader:

    FLASH RX 0x0 0x80000;RAM RWX 0x20000000 0x10000;uicr_bootloader_start_address RX 0x10001014 0x4;uicr_mbr_params_page RX 0x10001018 0x4;mbr_params_page RX 0x0007E000 0x1000

    Section placement:

    FLASH_PH_START=0x0

    FLASH_PH_SIZE=0x80000

    RAM_PH_START=0x20000000

    RAM_PH_SIZE=0x10000

    FLASH_START=0x78000

    FLASH_SIZE=0x6000

    RAM_START=0x20000008

    RAM_SIZE=0xfff8

    Anything wrong here?

    As I saw overlapping in BL I've set RAM_SIZE=0x2BF8 to match 0x20002C00 from application but it still crashes with hard fault with address 0x2000FF74 and BL copy command returns error 9. Returned fff8.

    I must have set something up the wrong way...

    @Vidar: I can send you the entire project if needed.

  • Thanks for confirming the chip variant, I had to make sure. The memory layout looks to be ok too. Maybe it's time I try to debug this on my side - are you able to upload the project here in a public ticket? If not, please upload it to a private ticket and ask for it to be assigned to me.

    mbozic said:
    BL copy command returns error 9. Returned fff8.

     Assume it still returns 9, and not fff8?

    mbozic said:
    it still crashes with hard fault with address 0x2000FF74

     So the hardfault triggered because the CPU starts executing code at 0x2000FF74? When does this happen? After returning from the BL copy command?

  • Yes, returns error 9. FFF8 is RAM boundary which I've changed and then reverted.

    BL copy command never returns. Hard fault happens when BL copy command is called.

    I'll open a private ticket and upload the code there since it's a company project.

    But, we can leave this issue open until solution is found so I can write it here, maybe it helps somebody else in the future.

  • Vidar found an error:

    #define   APPLICATION_REGION_START       (uint32_t)SOFTDEVICE_REGION_START + SOFTDEVICE_SIZE

    Should be:

    #define   APPLICATION_REGION_START       (uint32_t)(SOFTDEVICE_REGION_START + SOFTDEVICE_SIZE)

    Address was calculated wrong when using it like this:

    BOOTLOADER_CompareBlock((uint32_t *)APPLICATION_REGION_START, (uint32_t *)BOOTLOADER_START_ADDR, header->bootloaderSize);

    Thanks Vidar again!

    Closing the case.

Reply
  • Vidar found an error:

    #define   APPLICATION_REGION_START       (uint32_t)SOFTDEVICE_REGION_START + SOFTDEVICE_SIZE

    Should be:

    #define   APPLICATION_REGION_START       (uint32_t)(SOFTDEVICE_REGION_START + SOFTDEVICE_SIZE)

    Address was calculated wrong when using it like this:

    BOOTLOADER_CompareBlock((uint32_t *)APPLICATION_REGION_START, (uint32_t *)BOOTLOADER_START_ADDR, header->bootloaderSize);

    Thanks Vidar again!

    Closing the case.

Children
No Data
Related