Hello,
I'm writing custom USB generic HID bootloader.
How to protect bootloader from accidental execution due to malfunctional main application (jump from main application to bootloader due to eg. stack overflow and accidental erase/overwrite of application's code)?
Thanks
Martin
Solved! Go to Solution.
Hi Martin,
I have solved a similar problem in a safety critical application where I needed to ensure that a function gets called only from a specific place, and not from a run-away program counter. That 'critical' routine was responsible to fire an airbag, so it needed to make sure it only gets called from the crash detection routine.
The basic idea is to ensure that that function (in your case the bootloader) gets only called from a specific location.
What I did is checking the stack content from the 'critical' routine to ensur that it only gets called from a well known place (PC/program counter). Additionally before calling that firing routine, the caller algorithm was writing a specific pattern in multiple places, in a very specific order.
I hope this gives you an idea.
You could do something like this in your bootloader to ensure that you only get called from the reset/startup vector, with some intermediate checking of your execution path.
I hope this helps.
Hello Martin,
was this workaround useful to your project? Share with us! :smileywink:
Best regards,
Monica
Hi Martin,
I have solved a similar problem in a safety critical application where I needed to ensure that a function gets called only from a specific place, and not from a run-away program counter. That 'critical' routine was responsible to fire an airbag, so it needed to make sure it only gets called from the crash detection routine.
The basic idea is to ensure that that function (in your case the bootloader) gets only called from a specific location.
What I did is checking the stack content from the 'critical' routine to ensur that it only gets called from a well known place (PC/program counter). Additionally before calling that firing routine, the caller algorithm was writing a specific pattern in multiple places, in a very specific order.
I hope this gives you an idea.
You could do something like this in your bootloader to ensure that you only get called from the reset/startup vector, with some intermediate checking of your execution path.
I hope this helps.