[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [avr-gcc-list] bootloader: replace bootloader with a newbootloader

From: Peter Zuur
Subject: RE: [avr-gcc-list] bootloader: replace bootloader with a newbootloader
Date: Mon, 13 Jun 2005 09:51:52 +0200

One way to replace a bootloader with a new version is the following:

Have a tiny real bootloader section which starts up, puts the address of its
"writePage" function at a known location in EEPROM and then jumps to a
"redirect" function which must always be located at the same address in
flash. I.O.W. create a special section for this function.

This "redirect" function is part of a soft bootloader. The function just
jumps to the start of the loader code which contains the logic needed to get
the application, but uses the stored "writePage" function pointer to
actually program the data into flash. 

This mechanism means that the size of the soft bootloader code is only
limited by the size of flash. Also, the actual application can contain
loader code which replaces the soft bootloader.



Everything is possible, except for skiing through revolving doors ...

-----Original Message-----
From: address@hidden
[mailto:address@hidden On Behalf Of
Joerg Wunsch
Sent: 13 June 2005 06:59 AM
To: address@hidden
Subject: Re: [avr-gcc-list] bootloader: replace bootloader with a

Torsten Mohr <address@hidden> wrote:

> i wonder if it is possible to replace a bootloader in an ATMega128
> with a new version.

In theory, it should be.  It's probably rarely done, as bootloaders do
not change their protocols very often.

> Is this possible in a secure way so that a power failure or
> communication failure does not leave the system in an inconsistent
> state?

A stable battery is of course better. ;-)

Basically, if you want to do this, you need a bootloader that is small
enough so two bootloaders will fit into the boot region.  That way, it
should be possible to reprogram the inactive half of the bootloader.
Take care to understand all the implications of programming the
No-read-while-write (NRWW) section of the flash ROM.  As soon as your
new half of the bootloader has been programmed successfully (and
verified CRC or such), flip the first page of the bootloader area to
point to the new loader.  I think there's a short window of time
between the page erase of that page and the actual reprogramming done
where you are vulnerable against a power failure.

One further disadvantage (besides the additional space limitation) is
that you cannot set the boot lock bits in a way that pretents the
bootloader from being inadvertently overwritten.

cheers, J"org               .-.-.   --... ...--   -.. .  DL8DTL

http://www.sax.de/~joerg/                        NIC: JW11-RIPE
Never trust an operating system you don't have sources for. ;-)

AVR-GCC-list mailing list

reply via email to

[Prev in Thread] Current Thread [Next in Thread]