How to work with a bootloader?

Hello!

I would like to learn how to work with a bootloader on a Synergy S3A7 device. My intention is to flash a bootloader which loads my application from internal flash memory, which can be updated trough a UART or USB connection if necessary. I found some documentation about the S7G2 DK, but the examples provided there don't work at all. It's mentioned that it is necessary to install SSP 1.3.0, but now we are at version 1.7.5. I didn't find a way to download this version. I can't either believe that there is a bootloader only for S7G2DK, but it's very hard to get some usable information about this topic, especially for Renesas Synergy devices.

  • Hi Kerberos,

    Information about Flashloader Framework (along with a download link) is provided in the following post: renesasrulz.com/.../48882

    Regards
  • In reply to Renesas Karol:

    Karol,

    That thread says that the Flashloader Framework has been deprecated in favor of the Secure Boot Manager.

    I've looked at both and I think I understand the Flashloader Framework pretty well. It nicely divides between the bootloader and the downloader, and lets you customize both (since the downloader is also going to be the application, that's good!). I am not sure how this works with debugging, though. When I connect via JTAG, does it flash both the bootloader and downloader, and start in the bootloader and jump to the downloader? And I guess there's no security at all for this process: anybody can JTAG in and download your exe code, right?

    However, I don't understand how the Secure Boot Manager works at all. It seems very confusing and difficult to debug with, and worst, I can't figure out how or if it can load an image that was downloaded by the application. Does the SBM allow loading an image that is stored locally?

    So... some guidance from the pros would be very helpful.

    1. Suppose I have two dev boards. One has the SBM installed, and the other does not. I build and debug my application on the non-secure board, and then install it via the SBM on the secure board for testing. Does that sound like a reasonable strategy? How do I ensure that the two environments are the same? How do I account for the resources consumed by the SBM (is it just some flash space, and how much?)

    2. Can the SBM load a file from a flash drive, SSD card, or other local storage? Can I modify the source code for the SBM to do so?

    3. I really don't understand how much I can customize the SBM. I don't need all the security keys; just verifying the image is valid and not letting anyone download the firmware is sufficient.

    So, if you were running a new project with these requirements: downloads encrypted updates from the web,decrypts and installs them off-line, if the install fails restores a previous version, and prevents users from copy the firmware out of flash: which approach would you use - FF or SBM?
  • Take a look at the appnote for the secure boot manager App Note. Most of your questions are answered there.

    Note the idea of using a secure boot loader is that it will verify that the code that it is booting is trusted ie that it was developed by someone known who had access to a private key to sign the image. That secure boot loader verifies that the code was developed by someone who knew that private key, without actually having that private key.

    If you don't need this, you can use the built in bootloader to update via uart or usb. If you want a bootloader that loads new code from another source, you have to write it using the bootloader framework.
  • In reply to larry_c_not_Renesas:

    I did read that document, and I couldn't quite figure out if it supported loading a saved file. Frankly I don't see how it could; and I gather they're not giving us the source code to the SBM so we can't customize it. I'll go read it again.

    Your last sentence, however, is the kind of guidance I was looking for. I'm concerned that Renesas isn't officially supporting the bootloader framework anymore. Surely the whole IoT fad means people want to download updates over the web. How does the SBM handle that?

    I guess I'm looking for the experience of people who have used the SBM in an actual project. How did it go? What were the downsides? What problems did it cause or solve?
  • In reply to MCP:

    The bootloader frameworks is your starting point. You have to decide thd source of the update file and write that part. You either use the framework, or write a bootloader from scratch. Two weeks vs two months is the difference.
    If you want to uodate your device from a uart or usb, that's builflt into most chips. You ground MD at boot, and the built in loader will read those interfaces. Renesas provides a PC tool to send the file. This takes 1 hr to set up.
    Larry
  • In reply to larry_c_not_Renesas:

    Finally I can log in again.

    Thanks again for your advice. I don't understand the point of the Secure Boot Manager; it seems to be a very niche offering. If I could connect a PC to the S7 via a USB or serial cable, I don't need a bootloader because it's already got one built-in. Making a secure version seems like an application problem. But I don't expect Renesas to solve my application problems; I just want them to solve my hardware problems.

    Right now I have having some trouble finding the actual project associated with the "Customizable Flashloader Solution for Snergy MCUs" PDF. That document is really good but it doesn't answer some basic questions. Like... how does it all work? The REA pack gives you a bunch of options, but I don't know what those options mean.

    This is what I have got so far (the ? are the parts I don't understand):

     

    1. Download the "REA Synergy Flashloader 0.0.0 pack" and copy it to your development directory "internal\projectgen\arm\packs" folder.

     

    2. Create a new project to the be the bootloader and select the bootloader framework stack for your thread. Follow the "S7_SK_ux_mass_host_boot_nano_1_3_0" bootloader example to read a bch file from a USB memory stick or SD card and burn it into Flash (or, on the HE-PMI, from the eMMC card, though that means getting the image onto the card via some kind of downloader, vs. just sticking in a USB flash stick and using that). Use the python batch file from the Gallery to turn an srec into a bch.

    But where is the .srec file?

    Also I can't quite figure out the memory driver stack. I don't understand what it does or why it exists?

    Is there a project associated with the Customizable Flashloader and where is it?

     

    3. Configure your app to launch from a different space?

    There are some framework stacks in the REA pack for blocking and non-blocking downloaders. I don't even understand why they exist. I already know how to download files to local storage, and if I don't, I don't need to learn that from a bootloader. I certainly don't need a tutorial on blocking or non-blocking comms when I am trying to write a bootloader. I just need to know how to configure my app to run in a different space. There are some hints to that in the PDF, but I have no idea how to actually accomplish that, or if those hints are complete, or if I should look at the downloader stacks for clues.

     

    4. Flash the bootloader the normal way; i.e. whatever you're already doing.

     

    5. Load the app via the bootloader.

     

    5. Debug the app by disabling flash-loading in the debugger? I have seen some hints on how to do this but am not entirely confident I understand it.

     

    Separately, I am mystified by comment that hardware graphics acceleration doesn't work on internal flash? I have an HE-PMI board, which runs off of internal flash, and it uses the D/AVE library, so I am just flummoxed. Can I just ignore this statement?

    Given that bootloaders are absolutely critical and every single project will eventually need one, I really don't understand why Renesas has not done more to make it clear and easy. In theory it's not even hard; flash my code to the right address, reset the vector table, jump to the start of that code. All of this is simple and straightforward, if you already know exactly where to type the magic numbers.

  • In reply to MCP:

    #5. This just means when you start the debugger for your app, DON'T set it to download new code over the one just written to flash by your bootloader. You want to validate that the bootloader correctly wrote the entire image. After a few times, just download the app to the area where it normally lives. Procedure to do this differs between iar and e2.

    The .srec file will only get produced if you configure your linker to produce it. Process different on iar and e2. I will end up where your ELF file lives (the regular debug file).

    To configure your app for downloading, just link it so that it lives at an address like 0x100000. This is in the .lnk for in the corresponding IAR project link file. Your bootloader project will live at 0x0 - where the reset vector starts to cpu. After the bootloader finished downloading - jump to your at at 0x1000000. First stop interrupts, set up a stack pointer, stop the RTOS scheduler, etc. All normal stuff. You want the bootloader to be dead before starting the new downloaded app.

    If you want a very simple bootloader that loads the exec over serial or usb - that's built in. If that's not you, the framework is the best set of tools for making something custom.
  • In reply to larry_c_not_Renesas:

    I am definitely writing one using the framework. I'm just struggling to figure out how to use the framework, because there is very little documentation on it (I can't believe I downloaded the REA pack file and got exactly zero documents to read.)

    I finally found this thread, which seems to include the actual projects for "Customizable Flashloader Solution for Snergy MCUs.PDF" from Ian:

    renesasrulz.com/.../49221

    I will review those and see if it answers my questions.