self modifying bootloader

Go To Last Post
8 posts / 0 new
Author
Message
#1
  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 0

Hi!

I made a 31 word bootloader based on Kasper Pedersens tinyloader. The reset vector points to the loader and in the loader there is a jump to the application.

How can I update the jump address in the loader? It is in the same page as the loader. If I fill the page buffer and erase the page the loader is no longer there and can't write the page buffer to the flash.

Hmm, I have an idea how Kasper might have done it. Write a temporary loader (TL) application, time out so the loader boots the TL, use the TL to write the updated loader, time out and write the actual application with the updated loader. Really really ugly if it's that way.

Only, I have stripped the loader of the time outs, using manual reset instead. For the above method that would mean 3 manual resets per application update instead of 2. Well ... it'll be only if the boot address changes. Or if application code needs to be written to the page with the loader.

Or is there a trick I missed?

  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 0

To replace a bootloader you need a second bootloader - as long as they both fit in the BLS and aren't located in the same SPM page this should be doable.

BTW apps start at 0x0000 - why would you ever need to change the target of the jump?

  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 0

For ATtiny/ATmega48 my bootloader jump to its own start address - 1.
This was inside the last page of the application.
And then the bootloader can write the rjmp to the application to it.

Peter

  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 0

Bootloader starts at say 3fb2. Flashend is 3fff (on atmega168). To get there I point the reset jump to 3fb2. To get to the application I jump to whereever the reset vector in the hex file I'm loading points to.

IIRC I can change the reset start location to the start of the boot section. Then I could start the application by jumping to 0. But the loader (31 words) is much smaller than the bootsection (128 words). If I put it at the start of the boot section, then the space between the loader and flashend is mostly lost.

Also I don't see this option on the ATtiny45. How would one enter the loader there if the reset vector jumps to the application?

  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 0

Quote:

To get there I point the reset jump to 3fb2

You mean you aren't using BOOTRST? So you are relying on the application to be in place at 0x0000 to provide the (r)jmp 0x3FB2? That sounds like a VERY dangerous strategy.
Quote:

But the loader (31 words) is much smaller than the bootsection (128 words)

I was going to ask that very question - what's the point in writing a bootloader that's smaller than the smallest possible BOOTSZ?
Quote:

Also I don't see this option on the ATtiny45

Ah - the chips without an app/BLS division are a whole new kettle of worms.

  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 0

This is the way a TL download works:

On reset, on address 0 there is the rjmp to the loader. The loader executes, and is caught by the PC, and the PC now has read/write control.

The PC erases the page below the loader, and every other page downwards. This is done so that in the event that the process gets interrupted, there will still be an rjmp to boot. If it gets interrupted just after erasing the first page, so that the rjmp is gone, there is only FFFF's up to the loader, and the loader still gets executed.

The PC now modifies the application binary. The first instruction is read, and the true application start address found. This address is written (as a recomputed RJMP) to the topmost word of application space, the word just below the bootloader. The reset vector is replaced with the rjmp to the loader, and the image written to flash lowest page first. This is done so that if the process is interrupted, it will still get to the loader and be reprogrammable.

So I think you will end up taking 33 (dec) words of space. Still bloody impressive.

/Kasper

  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 0

Quote:

If it gets interrupted just after erasing the first page, so that the rjmp is gone, there is only FFFF's up to the loader, and the loader still gets executed.

Oh - smart!

  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 0

clawson wrote:
Quote:
But the loader (31 words) is much smaller than the bootsection (128 words)

I was going to ask that very question - what's the point in writing a bootloader that's smaller than the smallest possible BOOTSZ?

The application can extend into the BLS and be flashsize-31 (or 30, if rjmp is used to the application) words big.