- NXP Forums
- Product Forums
- General Purpose MicrocontrollersGeneral Purpose Microcontrollers
- i.MX Forumsi.MX Forums
- QorIQ Processing PlatformsQorIQ Processing Platforms
- Identification and SecurityIdentification and Security
- Power ManagementPower Management
- MCX Microcontrollers
- S32G
- S32K
- S32V
- MPC5xxx
- Other NXP Products
- Wireless Connectivity
- S12 / MagniV Microcontrollers
- Powertrain and Electrification Analog Drivers
- Sensors
- Vybrid Processors
- Digital Signal Controllers
- 8-bit Microcontrollers
- ColdFire/68K Microcontrollers and Processors
- PowerQUICC Processors
- OSBDM and TBDML
-
- Solution Forums
- Software Forums
- MCUXpresso Software and ToolsMCUXpresso Software and Tools
- CodeWarriorCodeWarrior
- MQX Software SolutionsMQX Software Solutions
- Model-Based Design Toolbox (MBDT)Model-Based Design Toolbox (MBDT)
- FreeMASTER
- eIQ Machine Learning Software
- Embedded Software and Tools Clinic
- S32 SDK
- S32 Design Studio
- GUI Guider
- Zephyr Project
- Voice Technology
- Application Software Packs
- Secure Provisioning SDK (SPSDK)
- Processor Expert Software
-
- Topics
- Mobile Robotics - Drones and RoversMobile Robotics - Drones and Rovers
- NXP Training ContentNXP Training Content
- University ProgramsUniversity Programs
- Rapid IoT
- NXP Designs
- SafeAssure-Community
- OSS Security & Maintenance
- Using Our Community
-
- Cloud Lab Forums
-
- Home
- :
- Product Forums
- :
- S12 / MagniV Microcontrollers
- :
- SCI Activated Bootloader
SCI Activated Bootloader
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I have downloaded many examples of a bootloader for the S12x and all of them require a pin to be held low to activate the bootloader. I want to be able to send a command via SCI to the application code to make it jump to the bootloader. In the past with the Atmel the application was sent a command via SCI that then set BootLoad = TRUE ,and this code then jumped to the bootloader.
If (BootLoad == TRUE) { // Got command to jump to bootloader
asm("jmp 0x3F800");
}
Is there a bootloader example that can work this way. Or how do I modify the existing examples so they do not look for a pin change.
Ray.
Solved! Go to Solution.
RadekS
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Ray,
As first I would like to note, that you don’t need unsolder MCU.
If MCU is secured, please unsecure it by mass erase.
In Code Warior debugger menu->MultilinkCyclonePro->Unsecure…
If it not works you can use unsecure12 from P&E (just for P&E debug interfaces):
http://www.pemicro.com/downloads/download_file.cfm?download_id=16
Unsecure_12 Help Files:
http://www.pemicro.com/downloads/download_file.cfm?download_id=14
Note: For downloading is necessary registration.
More details about security you can find for example here:
https://community.freescale.com/docs/DOC-93803
About mentioned code)
Yes, bootloader code is protected by default against unwanted rewrite. It is feature, not a bug.
Most important information is “Preload command file MUST contain command FLASH NOUNSECURE!”.
Please edit preload file in your project and add here command FLASH NOUNSECURE.
This will cause that debugger will just erase flash prior programming. Default security byte will be not programmed prior programming. Since bootloader code contains modification of protection byte in the same phrase as security byte, we have to ensure, that we will program it in once. Otherwise cumulative write into the same phrase typically cause ECC error and MCU will be automatically secured (after next reset).
I hope it helps you.
Have a great day,
RadekS
-----------------------------------------------------------------------------------------------------------------------
Note: If this post answers your question, please click the Correct Answer button. Thank you!
-----------------------------------------------------------------------------------------------------------------------
Alice_Yang
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
HI Ray,
I think the code is the same with your application with Atmel.
After connected use sci , the PC san true or false , then configure the BootLoade to "1" or "0" .
Have a great day,
Alice
-----------------------------------------------------------------------------------------------------------------------
Note: If this post answers your question, please click the Correct Answer button. Thank you!
-----------------------------------------------------------------------------------------------------------------------
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Alice,
This is main function of the bootloader.
void main(void) {
INT8 c;
PLL_Init(SYNR_VALUE, REFDV_VALUE, POSTDIV_VALUE); //set 40MHz BUSCLK
FCLKDIV = FLASH_PRESCALER; //set flash prescaler
CopyCodeToRAM();
InterruptModuleSetup();
InitSCI(); //initialize SCI
EnableInterrupts;
OutStr("\f\r\nS12X Bootloader v1.0\r\n"); // sign-on
for(;;) {
//display menu
OutStr("\r\na.) Erase Flash\r\n");
OutStr("b.) Program Flash\r\n");
OutStr("c.) Set Baud Rate\r\n");
OutStr("d.) Execute Application\r\n");
OutStr("? ");
c = getchar(); //get choice
(void)putchar(c); //echo choice
OutStr("\r\n"); //next line
switch (c) {
case 'a':
c = EraseFlash();
if (c != 0) //go erase all the Flash (except the bootloader)
OutStr(GetErrorString(c)); //and report an error if there was one
else
OutStr("\r\nErased successfully!\r\n");
break;
case 'b':
c = ProgramFlash();
if (c != 0) //go program the Flash
OutStr(GetErrorString(c)); //and report an error if there was one
else
OutStr("\r\nDownloaded successfully!\r\n");
break;
case 'c':
SetBaud(); //go set the SCI baud rate
break;
case 'd':
AppExecute(); //go execute the application
break;
default:
break;
}
} /* loop forever */
/* please make sure that you never leave main */
}
I can see that with this programed into the S12x that it would continusly wait for keyboard input. That means the application code would never excute on startup. If the application code was running, then a command to jump to the bootloader would work. I just cannot see how the application would ever run so you can jump to the bootloader. This is a egg or chicken thing....
Ray.
RadekS
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Idea: You can use AN4258 as bootloader and change rule for start bootloader code from pint value test to Flash/EEEPROM address value test. Since it has no sense somehow influence regular starting code of application, I would like to recommend simply check some address in Flash/EEEPROM. In main application you can just receive command for enter into bootloader. On base of that command, main application will reprogram or just erase some dedicated sector in Flash/EEEPROM and restart MCU (by watchdog).
Bootloader will check test address, whether it is (for example) empty (0xFF). In that case bottloader code will be started. After loading new application code, bootloader just additionally (re)program test address in Flash/EEEPROM….
Unfortunately testing code in AN4258 is written in assembler (StartS12X.s file), therefore you should little bit study assembler commands. Default solution is testing of one bit at port register address
movb #$01, $025C ; enable pull up resistor on PP0 (or we can use external one)
brclr $0259, $01, GoBoot ; if PP0 == 0 then start the bootloader
; if PP0 == 1 then start the application
movb #$00, $025C ; disable pull up resistor on pin PP0 - restore default state
I hope it helps you.
Have a great day,
RadekS
-----------------------------------------------------------------------------------------------------------------------
Note: If this post answers your question, please click the Correct Answer button. Thank you!
-----------------------------------------------------------------------------------------------------------------------
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I have found that after programming the bootloader I can no longer make make changes to the bootloader and program it again via the BDM. I get wrong frequency or secured, as the cause. I am going to have to unsolder the S12x IC and add a new one to recover from this. I want to make sure this never happens again. I suspect this part of the code is the cause of the security problem. I do not understand how to change it to unprotected.
Ray.
/******************************************************************************/
//Protect the bootloader at 0xF000-0xFFFF:
const unsigned char flash_array[] @0xFF08 = {0xFF,0xFF,0xFF,0xFF,0xCF,0xFF,0xFF,0xFE};
/*
0xFF08-0xFF0B - reserved
0xFF0C - P-Flash Protection byte = 0xCF (Bootloader at 0xF000-0xFFFF is protected)
0xFF0D - EEE Protection byte = 0xFF (default state, protection is disabled)
0xFF0E - Flash Nonvolatile byte = 0xFF (default state, watchdog is disabled)
0xFF0F - Flash Security byte = 0xFE (default unsecured state)
Preload command file MUST contain command FLASH NOUNSECURE!
*/
RadekS
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Ray,
As first I would like to note, that you don’t need unsolder MCU.
If MCU is secured, please unsecure it by mass erase.
In Code Warior debugger menu->MultilinkCyclonePro->Unsecure…
If it not works you can use unsecure12 from P&E (just for P&E debug interfaces):
http://www.pemicro.com/downloads/download_file.cfm?download_id=16
Unsecure_12 Help Files:
http://www.pemicro.com/downloads/download_file.cfm?download_id=14
Note: For downloading is necessary registration.
More details about security you can find for example here:
https://community.freescale.com/docs/DOC-93803
About mentioned code)
Yes, bootloader code is protected by default against unwanted rewrite. It is feature, not a bug.
Most important information is “Preload command file MUST contain command FLASH NOUNSECURE!”.
Please edit preload file in your project and add here command FLASH NOUNSECURE.
This will cause that debugger will just erase flash prior programming. Default security byte will be not programmed prior programming. Since bootloader code contains modification of protection byte in the same phrase as security byte, we have to ensure, that we will program it in once. Otherwise cumulative write into the same phrase typically cause ECC error and MCU will be automatically secured (after next reset).
I hope it helps you.
Have a great day,
RadekS
-----------------------------------------------------------------------------------------------------------------------
Note: If this post answers your question, please click the Correct Answer button. Thank you!
-----------------------------------------------------------------------------------------------------------------------
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
RadekS,
I used the P&E unsecure12, and now can program again.
Thank you.
Ray.
