STM32 Bootloader开发记录
编写一个基础的Bootloader,记录一下开发过程及遇到的问题。
1、基本思路
作为一个Bootloader,它首先需要具备跳转功能,能够跳转到我们的APP地址空间中运行APP。
其次,它还需要有能够读写FLASH的能力。除了启动APP,另外还有对APP进行升级的操作,这个功能需要用到读写FLASH的功能。
如果还要支持在Bootloader中升级应用,还需要具备通信功能,可以是蓝牙、串口、Wi-Fi等。
除了基本的信息提示,升级过程中还需要交互功能。这些依赖于LED提示、串口输出等。
完成以上功能,一个简易的Bootloader就算是完成了。当然,只支持很少的功能,一般复杂的,我们还需要拥有固件完整性校验、签名校验,多分区启动等。
2、Bootloader启动流程
- MCU从FLASH的首地址进行加载,这里针对stm32l475,是0x8000000。这个地址存放的是终端向量表,首先初始化栈顶指针,然后各个中断函数的注册。
- 然后就跳转到我们的Bootloader中的main函数,执行我们的代码。
- 如果检测到数据分区有升级标志,或者有按键按下, 则进入升级状态;否则,跳转到APP分区的首地址。
- 如果是进入升级状态,使用串口通信的话,需要把串口打开,等待升级指令和升级数据,再接收到数据后,将其写入到FLASH中,所有的数据写入完成后,则执行跳转到APP分区首地址。
- APP分区的代码,可以是通过ST-Link直接烧录,也可以是通过我们Bootloader进行升级写入。需要注意的时候,Cubemx中生成的功能中,有中断向量表的偏移量设置项。在APP工程编译的时候,我们需要修改中断向量表的偏移量,否则,APP启动后,使用的仍然是Bootloader的中断向量表中的一些中断函数地址。显然,这是不行的。另外,APP工程还需要修改FLASH的地址。在KEIL的IROM选项中进行修改,根绝我们划分的FLASH MAP确定地址。
3、创建工程
需要创建三个工程:Bootloader、Application、dfu server。Bootloader和Application使用cubemx创建,dfu server是运行在PC端的串口升级程序,用来给STM32进行升级使用的。
仓库地址。
Bootloader
使能以下外设:PB12用于按键进入Bootloader升级模式,PE7用于LED红色指示灯,指示Bootloader所处的状态,PA10和PA9用于串口通信。
Application
APP应用使能一下外设:PA10和PA9用于串口输出显示,PE8用于绿色指示灯。
创建完MDK工程后,需要进行以下修改。
IROM
设置分区的起始地址和大小偏移量。这个设置主要是针对Application工程,由于该分区的起始地址不是FLASH的起始地址,设置好后,生成的用于烧录的HEX文件才能被设置为正确的地址。
分区划分:
Script
添加After Build脚本,用于在编译结束时生成.bin
文件。
C:\Keil_v5\ARM\ARMCC\bin\fromelf.exe .\alentek_stm32l475_application\alentek_stm32l475_application.axf --bin -o .\alentek_stm32l475_application\firmware.bin
中断向量表地址修改
需要修改Application工程中的中断向量表的偏移量(即APP分区的起始地址偏移量),这个是相较于FLASH起始地址计算的。
完成以上步骤,基础工程就搭建好了。
4、代码
接下来就是完成Bootloader启动流程中,main中需要完成的业务逻辑了。
首先是确定是否有升级需求,如果有就进入到升级模式,串口接收升级数据,否则,直接跳转APP分区运行。
进入升级模式,需要拟定通信协议。
通信协议内容如下:
CMD用于串口启动和退出OTA状态,HEADER用于传输升级文件的信息,DATA用于传输升级文件内容,RESP用于MCU对PC端的程序进行响应。
由于协议中要用到CRC校验,因此可以在cubemx中开启CRC外设,用于计算CRC32的校验值。
CRC_InitTypeDef
结构体定义的注释显示,默认使用的是CRC32/MPEG2
。
PC端,直接使用软件的CRC校验。使用效率较高的查表法来实现。
/* CRC余式表 */
const unsigned int crc_table[256] = {
0x00000000, 0x04c11db7, 0x09823b6e, 0x0d4326d9, 0x130476dc, 0x17c56b6b, 0x1a864db2, 0x1e475005,
0x2608edb8, 0x22c9f00f, 0x2f8ad6d6, 0x2b4bcb61, 0x350c9b64, 0x31cd86d3, 0x3c8ea00a, 0x384fbdbd,
0x4c11db70, 0x48d0c6c7, 0x4593e01e, 0x4152fda9, 0x5f15adac, 0x5bd4b01b, 0x569796c2, 0x52568b75,
0x6a1936c8, 0x6ed82b7f, 0x639b0da6, 0x675a1011, 0x791d4014, 0x7ddc5da3, 0x709f7b7a, 0x745e66cd,
0x9823b6e0, 0x9ce2ab57, 0x91a18d8e, 0x95609039, 0x8b27c03c, 0x8fe6dd8b, 0x82a5fb52, 0x8664e6e5,
0xbe2b5b58, 0xbaea46ef, 0xb7a96036, 0xb3687d81, 0xad2f2d84, 0xa9ee3033, 0xa4ad16ea, 0xa06c0b5d,
0xd4326d90, 0xd0f37027, 0xddb056fe, 0xd9714b49, 0xc7361b4c, 0xc3f706fb, 0xceb42022, 0xca753d95,
0xf23a8028, 0xf6fb9d9f, 0xfbb8bb46, 0xff79a6f1, 0xe13ef6f4, 0xe5ffeb43, 0xe8bccd9a, 0xec7dd02d,
0x34867077, 0x30476dc0, 0x3d044b19, 0x39c556ae, 0x278206ab, 0x23431b1c, 0x2e003dc5, 0x2ac12072,
0x128e9dcf, 0x164f8078, 0x1b0ca6a1, 0x1fcdbb16, 0x018aeb13, 0x054bf6a4, 0x0808d07d, 0x0cc9cdca,
0x7897ab07, 0x7c56b6b0, 0x71159069, 0x75d48dde, 0x6b93dddb, 0x6f52c06c, 0x6211e6b5, 0x66d0fb02,
0x5e9f46bf, 0x5a5e5b08, 0x571d7dd1, 0x53dc6066, 0x4d9b3063, 0x495a2dd4, 0x44190b0d, 0x40d816ba,
0xaca5c697, 0xa864db20, 0xa527fdf9, 0xa1e6e04e, 0xbfa1b04b, 0xbb60adfc, 0xb6238b25, 0xb2e29692,
0x8aad2b2f, 0x8e6c3698, 0x832f1041, 0x87ee0df6, 0x99a95df3, 0x9d684044, 0x902b669d, 0x94ea7b2a,
0xe0b41de7, 0xe4750050, 0xe9362689, 0xedf73b3e, 0xf3b06b3b, 0xf771768c, 0xfa325055, 0xfef34de2,
0xc6bcf05f, 0xc27dede8, 0xcf3ecb31, 0xcbffd686, 0xd5b88683, 0xd1799b34, 0xdc3abded, 0xd8fba05a,
0x690ce0ee, 0x6dcdfd59, 0x608edb80, 0x644fc637, 0x7a089632, 0x7ec98b85, 0x738aad5c, 0x774bb0eb,
0x4f040d56, 0x4bc510e1, 0x46863638, 0x42472b8f, 0x5c007b8a, 0x58c1663d, 0x558240e4, 0x51435d53,
0x251d3b9e, 0x21dc2629, 0x2c9f00f0, 0x285e1d47, 0x36194d42, 0x32d850f5, 0x3f9b762c, 0x3b5a6b9b,
0x0315d626, 0x07d4cb91, 0x0a97ed48, 0x0e56f0ff, 0x1011a0fa, 0x14d0bd4d, 0x19939b94, 0x1d528623,
0xf12f560e, 0xf5ee4bb9, 0xf8ad6d60, 0xfc6c70d7, 0xe22b20d2, 0xe6ea3d65, 0xeba91bbc, 0xef68060b,
0xd727bbb6, 0xd3e6a601, 0xdea580d8, 0xda649d6f, 0xc423cd6a, 0xc0e2d0dd, 0xcda1f604, 0xc960ebb3,
0xbd3e8d7e, 0xb9ff90c9, 0xb4bcb610, 0xb07daba7, 0xae3afba2, 0xaafbe615, 0xa7b8c0cc, 0xa379dd7b,
0x9b3660c6, 0x9ff77d71, 0x92b45ba8, 0x9675461f, 0x8832161a, 0x8cf30bad, 0x81b02d74, 0x857130c3,
0x5d8a9099, 0x594b8d2e, 0x5408abf7, 0x50c9b640, 0x4e8ee645, 0x4a4ffbf2, 0x470cdd2b, 0x43cdc09c,
0x7b827d21, 0x7f436096, 0x7200464f, 0x76c15bf8, 0x68860bfd, 0x6c47164a, 0x61043093, 0x65c52d24,
0x119b4be9, 0x155a565e, 0x18197087, 0x1cd86d30, 0x029f3d35, 0x065e2082, 0x0b1d065b, 0x0fdc1bec,
0x3793a651, 0x3352bbe6, 0x3e119d3f, 0x3ad08088, 0x2497d08d, 0x2056cd3a, 0x2d15ebe3, 0x29d4f654,
0xc5a92679, 0xc1683bce, 0xcc2b1d17, 0xc8ea00a0, 0xd6ad50a5, 0xd26c4d12, 0xdf2f6bcb, 0xdbee767c,
0xe3a1cbc1, 0xe760d676, 0xea23f0af, 0xeee2ed18, 0xf0a5bd1d, 0xf464a0aa, 0xf9278673, 0xfde69bc4,
0x89b8fd09, 0x8d79e0be, 0x803ac667, 0x84fbdbd0, 0x9abc8bd5, 0x9e7d9662, 0x933eb0bb, 0x97ffad0c,
0xafb010b1, 0xab710d06, 0xa6322bdf, 0xa2f33668, 0xbcb4666d, 0xb8757bda, 0xb5365d03, 0xb1f740b4,
};
//查表法计算crc
unsigned int crc32_calculate(unsigned char *ptr, int len)
{
unsigned int crc = 0xFFFFFFFF;
while(len--) {
crc = (crc << 8) ^ crc_table[(crc >> 24 ^ *ptr++) & 0xff];
}
return crc;
}
APP跳转代码
注意,这里的volatile
声明是必须的,否则会跳转不成功。原因参考。
static void goto_application(void)
{
printf("jump to application\r\n");
void (*app_reset_handler)(void) = (void *)(*((volatile uint32_t *) (APP1_START_ADDR + 4U)));
HAL_GPIO_WritePin(GPIOE, GPIO_PIN_7, GPIO_PIN_SET);
app_reset_handler();
}
串口打印
重新定义fputs即可使用printf输出到串口。
int fputc(int ch, FILE *f)
{
uint8_t c = ch;
HAL_UART_Transmit(&huart1, &c, 1, 5000);
return (ch);
}
FLASH操作
擦除:
static void flash_erase(uint32_t bank, uint32_t page_start, uint32_t page_num)
{
HAL_FLASH_Unlock();
FLASH_EraseInitTypeDef EraseInitStruct;
uint32_t SectorError;
EraseInitStruct.TypeErase = FLASH_TYPEERASE_PAGES;
EraseInitStruct.Banks = bank;
EraseInitStruct.Page = page_start;
EraseInitStruct.NbPages = page_num;
HAL_FLASHEx_Erase( &EraseInitStruct, &SectorError );
HAL_FLASH_Lock();
}
写入:
static void flash_write(uint32_t addr, uint8_t *data, uint32_t size)
{
HAL_FLASH_Unlock();
int i;
uint64_t dub_words;
int mod;
static ota_wbuff_t wbuff;
memset(&wbuff, 0, sizeof(ota_wbuff_t));
memcpy(wbuff.buffer + wbuff.index, data, size);
wbuff.index += size;
for ( i = 0; i < wbuff.index / 8; i++)
{
memcpy(&dub_words, wbuff.buffer + i * 8, sizeof(uint64_t));
HAL_FLASH_Program(FLASH_TYPEPROGRAM_DOUBLEWORD, addr + i * 8, dub_words);
}
mod = wbuff.index % 8;
if (mod)
{
memcpy(wbuff.buffer, wbuff.buffer + i * 8, mod);
wbuff.index = mod;
memset(&dub_words, 0xFF, sizeof(uint64_t));
memcpy(&dub_words, wbuff.buffer, wbuff.index);
HAL_FLASH_Program(FLASH_TYPEPROGRAM_DOUBLEWORD, addr + i * 8, dub_words);
memset(&wbuff, 0, sizeof(wbuff));
}
HAL_FLASH_Lock();
}
写固件(注意对齐问题):
static void flash_write_fw(uint8_t *data, uint32_t size, uint8_t is_first)
{
static ota_wbuff_t wbuff;
if (is_first)
{
memset(&wbuff, 0, sizeof(ota_wbuff_t));
wbuff.addr = APP1_PARTITION_ADDR;
}
memcpy(wbuff.buffer + wbuff.index, data, size);
wbuff.index += size;
if (wbuff.index % 8 == 0) {
flash_write(wbuff.addr, wbuff.buffer, wbuff.index);
wbuff.addr += wbuff.index;
wbuff.index = 0;
}
else {
flash_write(wbuff.addr, wbuff.buffer, wbuff.index / 8 * 8);
wbuff.addr += (wbuff.index / 8 * 8);
memcpy(wbuff.buffer, wbuff.buffer + wbuff.index / 8 * 8, wbuff.index % 8);
wbuff.index = wbuff.index % 8;
}
}
读取:
static void ota_info_read(ota_info_t *info)
{
if (!info) return;
memset(info, 0, sizeof(ota_info_t));
uint32_t addr = CONFIGURATION_PARTITION_ADDR;
memcpy(info, (uint32_t *)addr, sizeof(ota_info_t));
}
串口接收一帧数据
memcpy(uart_rx_data, uart_rx.data, 256);
数据复制不要放到串口接收中断中去做。
static int ota_receive_frame(ota_frame_t *frame, uint32_t timeout_ms)
{
if (!frame) return -4;
memset(frame, 0, sizeof(ota_frame_t));
uint16_t data_size = 0;
while (--timeout_ms) {
if (is_recv_frame_ok) {
memcpy(uart_rx_data, uart_rx.data, 256);
is_recv_frame_ok = 0;
memcpy(frame, uart_rx_data, 4);
data_size = uart_rx_data[2] | uart_rx_data[3] << 8;
memcpy(frame->data, uart_rx_data + 4, data_size);
memcpy(&frame->crc32, uart_rx_data + 4 + data_size, 5);
uart_rx_size = 0;
break;
}
HAL_Delay(1);
}
if (timeout_ms == 0) {
return -1;
}
if (frame->sof != OTA_SOF || (frame->type != OTA_CMD &&
frame->type != OTA_HEADER && frame->type != OTA_DATA) ||
frame->eof != OTA_EOF)
{
return -2;
}
int32_t crc32 = HAL_CRC_Calculate(&hcrc, (uint32_t *)(frame->data), data_size);
if (crc32 != frame->crc32) {
return -3;
}
return 0;
}
主要业务逻辑
static int ota_start(void)
{
int ret = 0;
ret = ota_receive_frame(&frame, 5000);
if (ret != HAL_OK || (frame.type != OTA_CMD && frame.cmd != OTA_START)) {
return ret;
}
ota_resp_frame(OTA_ACK, "");
HAL_Delay(100);
ret = ota_receive_frame(&frame, 5000);
if (ret != HAL_OK || (frame.type != OTA_HEADER )) {
char buffer[128] = {0};
snprintf(buffer, 127, "msg error, type: %d, ret: %d\r\n", frame.type, ret);
ota_resp_frame(OTA_NACK, buffer);
return ret;
}
memcpy(&ota_info.header, &frame.header, sizeof(ota_header_t));
ota_resp_frame(OTA_ACK, "");
ota_info.status = OTA_RUNNING;
ota_info_write(&ota_info);
return ret;
}
static int ota_receive()
{
uint8_t has_erase = 0;
uint32_t rec_total = 0;
ota_frame_t frame;
int ret = 0;
uint8_t is_first = 1;
uint32_t time1;
uint32_t time2;
time1 = HAL_GetTick();
flash_erase(FLASH_BANK_1, 32, 96);
flash_erase(FLASH_BANK_2, 256, 4);
time2 = HAL_GetTick();
// printf("erase flash time: %d ms\r\n", time2 - time1);
while (rec_total < ota_info.header.firmware_size) {
ret = ota_receive_frame(&frame, 5000);
if (ret != HAL_OK || frame.type != OTA_DATA) {
char buffer[128] = {0};
snprintf(buffer, 127, "msg error, type: %d, ret: %d, recv total: %d, fw size: %d\r\n",
frame.type, ret, rec_total, ota_info.header.firmware_size);
ota_resp_frame(OTA_NACK, buffer);
return ret;
}
flash_write_fw(frame.data, frame.data_size, is_first);
is_first = 0;
rec_total += frame.data_size;
ota_resp_frame(OTA_ACK, "");
}
return ret;
}
static int ota_stop(void)
{
ota_frame_t frame;
int ret = 0;
ret = ota_receive_frame(&frame, 5000);
if (ret != HAL_OK || frame.type != OTA_CMD || frame.cmd != OTA_END) {
char buffer[128] = {0};
snprintf(buffer, 127, "msg error, type: %d, ret: %d\r\n", frame.type, ret);
ota_resp_frame(OTA_NACK, buffer);
return ret;
}
ota_resp_frame(OTA_ACK, "");
return ret;
}
static int start_ota()
{
return (ota_start() == 0 && ota_receive() == 0 && ota_stop() == 0) ? 0 : 1;
}
int main(void)
{
HAL_Init();
SystemClock_Config();
MX_GPIO_Init();
MX_CRC_Init();
MX_USART1_UART_Init();
HAL_Delay(100);
HAL_GPIO_WritePin(GPIOE, GPIO_PIN_7, GPIO_PIN_RESET);
printf("\r\n----------------------------------------\r\n");
printf(" stm32l475 bootloader start\r\n");
printf("----------------------------------------\r\n");
if (HAL_GPIO_ReadPin(GPIOB, GPIO_PIN_12) == GPIO_PIN_SET) {
boot_to_ota = 1;
printf("start ota\r\n");
}
ota_info_read(&ota_info);
ota_info_print(&ota_info);
HAL_UART_Receive_IT(&huart1, uart_rx.data, 1);
printf("start uart IT receive\r\n");
while (1)
{
if (boot_to_ota) {
if (start_ota() == 0) {
goto_application();
}
blinky(200, 10);
} else {
HAL_GPIO_WritePin(GPIOB, GPIO_PIN_12, GPIO_PIN_SET);
printf("haven't ota event\r\nstarting application\r\n");
goto_application();
}
}
}
Application
在APP工程中,我们打印我们定义的版本号,这样在升级后,才能真正确定是否成功。
编译烧录烧录的版本, 然后修改版本号,再编译OTA刷写的固件版本。这样,升级后,通过版本是否变化,即可确定是否真正升级成功。
#define FIRMWARE_VERSION 0x04
#define HARDWARE_VERSION 0X01
printf("firmware version: 0x%02x\r\n", FIRMWARE_VERSION);
printf("hardware version: 0x%02x\r\n", HARDWARE_VERSION);
DFU SERVER
使用boost库来提供串口功能:
#include "dfu_server.h"
#include "boost/filesystem.hpp"
#include "boost/asio.hpp"
#include "common.h"
#include <iostream>
#include <string>
#include <fstream>
dfu_server::dfu_server(std::string fw, std::string sp, uint32_t br)
: firmware(fw), serialport(sp), baudrate(br), dfu_start(false), port(io)
{
std::cout << "firmware: " << firmware << std::endl;
}
void dfu_server::set_header(uint8_t major, uint8_t minor)
{
std::cout << major << std::endl;
header.major = major;
header.minor = minor;
header.firmware_size = boost::filesystem::file_size(firmware);
std::cout << "firmware size: " << header.firmware_size << std::endl
<< "major: " << uint32_t(header.major) << std::endl
<< "minor: " << uint32_t(header.minor) << std::endl;
}
void dfu_server::loop()
{
try
{
port.open(serialport);
}
catch (std::exception &err)
{
std::cout << "open serial port failed" << std::endl;
exit(-1);
}
port.set_option(boost::asio::serial_port_base::baud_rate(baudrate));
port.set_option(boost::asio::serial_port_base::character_size(8));
port.set_option(boost::asio::serial_port_base::parity(boost::asio::serial_port_base::parity::none));
port.set_option(boost::asio::serial_port_base::stop_bits(boost::asio::serial_port_base::stop_bits::one));
char data[512] = {0};
ota_frame_t frame;
while (1)
{
size_t n = port.read_some(boost::asio::buffer(data, sizeof(data)));
if (n > 0 && !dfu_start)
{
std::cout << "recv: " << std::string(data) << std::endl;
dfu_start = true;
sleep(2); //等待MCU启动
printf("dfu start........\r\n");
int ret = 0;
ret = start();
if (ret) {
continue;
}
sleep(5); // 等待MCU擦除FLASH
ret = send();
if (ret) {
continue;
}
ret = end();
if (ret) {
continue;
}
std::cout <<" send firmware success\r\n";
return ;
}else {
std::cout << "uart receive failed" << std::endl;
}
}
}
int dfu_server::receive_frame(ota_frame_t &frame)
{
char data[512];
memset(&frame, 0, sizeof(ota_frame_t));
size_t n = port.read_some(boost::asio::buffer(data, 4));
std::cout << "receive n: " << n << std::endl;
printf("%02x %02x %02x %02x\r\n", data[0], data[1], data[2], data[3]);
if (n != 4 || data[0] != OTA_SOF || data[1] != OTA_RESP) {
return -1;
}
memcpy(&frame, data, 4);
frame.data_size = data[2] | (data[3] << 8);
n = port.read_some(boost::asio::buffer(data, frame.data_size));
if (n != frame.data_size) {
return -2;
}
memcpy(frame.data, data, frame.data_size);
n = port.read_some(boost::asio::buffer(data, 5));
if (n != 5) {
return -3;
}
memcpy(&frame.crc32, data, 5);
int32_t crc = crc32_calculate(frame.data, frame.data_size);
if (crc != frame.crc32) {
printf("crc32 error: 0x%04x 0x%04x\r\n", frame.crc32, crc);
return -4;
}
return 0;
}
int dfu_server::send_frame(uint8_t type, uint16_t data_size, uint8_t *data)
{
uint32_t crc32 = 0;
uint8_t buffer[512];
buffer[0] = OTA_SOF;
buffer[1] = type;
memcpy(buffer + 2, &data_size, sizeof(data_size));
memcpy(buffer + 4, data, data_size);
crc32 = crc32_calculate(data, data_size);
std::cout << "crc32/mpeg2: " << std::hex << crc32 << std::endl;
memcpy(buffer + 4 + data_size, &crc32, sizeof(crc32));
buffer[8 + data_size] = OTA_EOF;
printf("send frame: ");
for (int i = 0; i <= 8 + data_size; i++) {
printf("%02x ", buffer[i]);
}
printf("\n");
boost::system::error_code ec;
port.write_some(boost::asio::buffer(buffer, data_size + 9), ec);
return 0;
}
void dfu_server::print_frame(ota_frame_t &frame)
{
printf("\r\n----------------------------------\r\n");
printf("%02x %02x %04x\r\n", frame.sof, frame.type, frame.data_size);
for (int i = 0; i < frame.data_size; i++) {
printf("%02x ", frame.data[i]);
}
printf("\n");
printf("%08x %02x\r\n", frame.crc32, frame.eof);
if (frame.type == OTA_RESP && frame.data_size > 1) {
std::cout << "error msg: " << (char *)frame.data + 1 << std::endl;
}
printf("----------------------------------\r\n");
}
int dfu_server::start()
{
int ret = 0;
ota_frame_t frame;
uint8_t cmd = OTA_START;
send_frame(OTA_CMD, 1, &cmd);
ret = receive_frame(frame);
print_frame(frame);
if (ret || frame.ack == OTA_NACK) {
return -1;
}
usleep(100000);
send_frame(OTA_HEADER, sizeof(header), (uint8_t *)&header);
ret = receive_frame(frame);
print_frame(frame);
if (ret || frame.ack == OTA_NACK) {
std::cout <<"receive error: " << ret << std::endl;
return -2;
}
std::cout <<"start ok\r\n";
fflush(stdout);
return ret;
}
int dfu_server::send()
{
int ret = 0;
uint8_t rbuf[256];
ota_frame_t frame;
std::ifstream fw(firmware, std::ios::in | std::ios::binary);
if (!fw) {
std::cout << "error: open firmware failed" << std::endl;
return -1;
}
size_t size = 0;
size_t count = 0;
int index = 0;
usleep(100000);
while ( fw.readsome((char *)rbuf, 128)) {
size = fw.gcount();
count += size;
printf("send data size: %d, progress: %d%%\r\n", size, count * 100 / header.firmware_size);
send_frame(OTA_DATA, size, rbuf);
ret = receive_frame(frame);
print_frame(frame);
if (ret) {
std::cout << std::dec << "receive error: " << ret << std::endl;
break;
}
// if (index++ == 3) {
// exit(-1);
// }
}
if (ret == 0) {
printf("send ok\r\n");
}
fw.close();
return ret;
}
int dfu_server::end()
{
int ret = 0;
uint8_t cmd = OTA_END;
ota_frame_t frame;
usleep(200000);
send_frame(OTA_CMD, sizeof(cmd), &cmd);
ret = receive_frame(frame);
print_frame(frame);
if (ret) {
std::cout << std::dec <<"receive error: " << ret <<std::endl;
}
return ret;
}
5、升级测试
先烧写Bootloader,然后再烧写Application。板卡连接串口,使用串口调试助手查看输出:
----------------------------------------
stm32l475 bootloader start
----------------------------------------
firmware size: 9928
major: 0x01
minor: 0x01
status: OTA_RUNNING
start uart IT receive
haven't ota event
starting application
jump to application
----------------------------------------
stm32l475 application start
----------------------------------------
firmware version: 0x05
hardware version: 0x01
此时,bootloader启动,并跳转到application运行。版本号为5。
接着拉高PB12,模拟按键按下,然后重启MCU。此时RED LED灯亮起,进入OTA模式。
----------------------------------------
stm32l475 bootloader start
----------------------------------------
start ota
firmware size: 9928
major: 0x01
minor: 0x01
status: OTA_RUNNING
start uart IT receive
启动DFU SERVER,刷写版本号为6的firmware。
.\dfu_server.exe G:\stm32\alentek_stm32l475_application\MDK-ARM\alentek_stm32l475_application\firmware6.bin COM4
然后再次重启MCU,此时开始下载firmware,刷写完成如下。
然后再次连接MCU串口到串口调试助手,并将PB12拉低接到GND上,重启MCU,RGB灯显示绿色,启动成功:
----------------------------------------
stm32l475 bootloader start
----------------------------------------
firmware size: 9928
major: 0x01
minor: 0x01
status: OTA_RUNNING
start uart IT receive
haven't ota event
starting application
jump to application
----------------------------------------
stm32l475 application start
----------------------------------------
firmware version: 0x06
hardware version: 0x01
固件版本已经更新为0x06了,说明固件下载成功。
后续
争取把升级功能移植到Application工程中,在app中升级应用。使用App2分区来存储固件,Bootloader负责刷写App2分区固件到App1中,完成升级。
加入签名校验功能。
串口调试
需要注意的是,由于是串口使用的是HEX格式的数据,就只能通过每一帧数据来进行接收,每一帧数据的第3、4个字节用于指定剩余长度,来确定接收一帧数据何时结束。这样可是实现变长数据包的传输。
目前还有一些未知的问题,PC端的串口接收,有概率会接收不到数据。PC端的升级程序使用的是C++进行编写的,串口库用的boost库的asio模块。串口接收的API有概率会接收不到数据。奇怪的是,该接口是阻塞的,没有数据,自然不会结束。如果该接口返回,那么要么是错误,要么是接收到数据了,然而该接口返回,却没有接收到数据。我这里也只是在每一帧数据传输中间加了一个等待的延时,暂时缓解了接收失败的情况。
uint8_t cmd = OTA_START;
send_frame(OTA_CMD, 1, &cmd);
ret = receive_frame(frame);
print_frame(frame)
if (ret || frame.ack == OTA_NACK) {
return -1;
}
usleep(100000);
send_frame(OTA_HEADER, sizeof(header), (uint8_t *)&header);
ret = receive_frame(frame);
print_frame(frame);
开始时,串口我使用的是轮询接收,因为上面的问题,我认为是轮询接收导致的,然后换成了中断接收,最后面发现并不是轮询接收导致的问题。中断接收的好处时,我们可以更好的去组合一帧数据。中断接收需要在cubemx中打开USART1的全局中断。
typedef struct {
uint8_t data[256];
int16_t pos;
uint16_t data_size;
}uart_rx_t;
static uart_rx_t uart_rx = {.pos = 0};
void HAL_UART_RxCpltCallback(UART_HandleTypeDef *huart)
{
HAL_UART_Receive_IT(&huart1, uart_rx.data + (++uart_rx.pos), 1);
if (uart_rx.pos == 3) {
uart_rx.data_size = uart_rx.data[2] | uart_rx.data[3] << 8;
}
else if (uart_rx.data_size + 8 == uart_rx.pos) {
uart_rx_size = uart_rx.pos + 1;
is_recv_frame_ok = 1;
uart_rx.pos = -1;
}
}
void main()
{
....
HAL_UART_Receive_IT(&huart1, uart_rx.data, 1);
....
}
另外还需要单独调用一次HAL_UART_Receive_IT()
去打开接收。否则,不会触发中断接收的。
FLASH调试
STM32 FLASH写入时,应注意HAL库接口是一次写入两个字的数据。因此,当数据量不是2个字的整数倍时,我们需要对多余的部分进行缓冲,直到最后一次写入时,对2个字的数据进行对其补全,否则会导致写入失败。
针对stm32l475 512K flash,一共有两个BANK,第一个BANK,共128页(0-127),第二个BANK,共128页(256-384)。擦除时,只能按页进行擦除。
读取则直接通过地址访问每一个地址上该字节的内容。
当写入数据不对时,我们可通过JST-Link连接MCU,读取FLASH内容,并保存其二进制,和我们升级使用的bin文件用对比工具进行对比,找到数据写入出错的位置,再配合代码检擦bug。
由于代码的问题,我在写入FLASH过程中,出现了错误,最终通过对比工具,确定了是写入有问题。这里修改了PC端程序,只发送三个数据包就退出。然后对比FLASH数据和firmware数据。
跑飞
串口发送时,会有跑飞的情况发生。KEIL进行断点调试发现。
出错的位置在HAL_UART_Receive()
函数中:
HAL_StatusTypeDef HAL_UART_Receive(UART_HandleTypeDef *huart, uint8_t *pData, uint16_t Size, uint32_t Timeout)
{
uint8_t *pdata8bits;
uint16_t *pdata16bits;
uint16_t uhMask;
uint32_t tickstart;
/* Check that a Rx process is not already ongoing */
if (huart->RxState == HAL_UART_STATE_READY)
{
if ((pData == NULL) || (Size == 0U))
{
return HAL_ERROR;
}
}
}
明明传入的是栈分配的内存,但是这里报错是空,并且这个函数返回时跳转到HardFault_Handler()
,怀疑是栈溢出错误。因此修改resp_buf
为下面的静态分配static uint8_t resp_buf[512] = {0};
后,发现该问题解决。
static int ota_resp_frame(uint8_t ack, const char *error)
{
static uint8_t resp_buf[512] = {0};
resp_buf[0] = OTA_SOF;
resp_buf[1] = OTA_RESP;
resp_buf[2] = 1 + strlen(error);
resp_buf[4] = ack;
strncpy((char *)resp_buf + 5, error, strlen(error));
uint32_t crc32 = HAL_CRC_Calculate(&hcrc, (uint32_t *)(resp_buf + 4), 1 + strlen(error));
memcpy(resp_buf + 5 + strlen(error), &crc32, sizeof(crc32));
resp_buf[9+strlen(error)] = OTA_EOF;
HAL_UART_Transmit(&huart1, resp_buf, 10 + strlen(error), 5000);
return 0;
}