Hi there,
My question refers to the nRF SDK: examples\dfu\open_bootloader\main.c
When the example is built, the output HEX file contains a section that writes the Bootloader Start Address to UICR_NRFFW[0] (address 0x1000 1014) and the MBR Param Page to UICR_NRFFW[1] (address 0x1000 1014).
When the bootloader starts, it executes this code:
int main(void)
{
uint32_t ret_val;
// Must happen before flash protection is applied, since it edits a protected page.
nrf_bootloader_mbr_addrs_populate();
// Protect MBR and bootloader code from being overwritten.
ret_val = nrf_bootloader_flash_protect(0, MBR_SIZE);
APP_ERROR_CHECK(ret_val);
ret_val = nrf_bootloader_flash_protect(BOOTLOADER_START_ADDR, BOOTLOADER_SIZE);
APP_ERROR_CHECK(ret_val);
When the bootloader starts, it modifies the MBR (Master Boot Record) section in internal Flash. It writes the Bootloader Start Address to MBR_BOOTLOADER_ADDR (address 0x0000 0FF8) and the MBR Param Page to MBR_PARAM_PAGE_ADDR (address 0x0000 0FFC). It then proceeds to protect that section of flash so it can not be written to again.
Why is this self-modifying / patching code required? Why is it not sufficient to only write to UICR_NRFFW[0] and UICR_NRFFW[1]?
The problem that I see with protecting the MBR section is that it blocks future updates. If the bootloader receives a new [MBR + SoftDevice + App] image then it is unable to patch the MBR, because it is protected with the call: nrf_bootloader_flash_protect(0, MBR_SIZE);
Is there a good justifiable reason for also having to write to MBR_BOOTLOADER_ADDR (address 0x0000 0FF8) and MBR_PARAM_PAGE_ADDR (address 0x0000 0FFC)?
Thanks in advance,
Pieter
