FAQs
English (US) 日本語 | Japanese 中文 | Chinese (Simplified)

MK22FN1M0VLQ12 SWAP: Return from UpErs to Ready

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

MK22FN1M0VLQ12 SWAP: Return from UpErs to Ready

‎07-13-2016 02:26 AM
1,209 Views
danielpening
Contributor I

Hi everyone,

I am currently implementing an Over-the-Air Firmware Update using the processors flash swap system.

Basically the whole process is working fine but I am struggling to get the error handling right.

The swap system follows an internal state machine:

Ready->Update->Update-Erased->Complete (see Figure 29-26 Reference Manual).

I will exclude the Uninitialized state for simplification.

Transition from Ready to Complete is done by:

- Executing swap controls 0x02 (results in state Update)

- Update flash

- Erase IFR swap field (marks firmware writing as complete, results in state Update-Erased)

- Execute swap control 0x04 (results in state Complete)

Let's assume the firmware is written and the SWAP is in state Update-Erased. Now the external update-software detects a broken image and the firmware has to be rewritten.

How can I possibly reset the state to Ready to allow another firmware beeing written without activating the already written firmware before?

The state machine described above unfortunately does not allow for back-transitions.

AN4533 recommends for example "running through the swap procedure once" for fixing corrupt states.

But how can I running through the cycle WITHOUT resetting the processor which is the condition for transition from Complete to Ready?

Any feedback is highly appreciated.

Regards,

Daniel

Labels (1)
Labels
0 Kudos
Reply
1 Reply

‎07-19-2016 02:32 PM
1,011 Views
Jorge_Gonzalez
NXP Employee
NXP Employee

Hello Daniel Pening:

Not sure I understood your  comment:

...the external update-software detects a broken image and the firmware has to be rewritten.

But let me try to help.

The action taken by software depends on the state of the swap procedure when this happens. For example:

- If the swap system is in UPDATE-ERASED state: You can simply erase the broken image and load the correct one. There is no need to come back to the READY state.

- If the swap system is in COMPLETE state: In this state the MCU will switch blocks during the next reset, disregarding if the new firmware is correct or not.

In your case you might want to implement some kind of CRC checking to make sure that the new loaded firmware is correct, or expect confirmation from your external update software before passing from the UPDATE-ERASED to the COMPLETE state.

The flash swap system is robust against power loss, but broken image conditions need to be handled by the system programmer.

I hope this helps.


Best Regards!,
Jorge Gonzalez

-----------------------------------------------------------------------------------------------------------------------
Note: If this post answers your question, please click the Correct Answer button. Thank you!
-----------------------------------------------------------------------------------------------------------------------

0 Kudos
Reply