1 Reply Latest reply on Nov 8, 2020 8:58 PM by GaneshD_41

    Launcher + Copier corrupt Launcher during upgrade

    joca_4708066

      Hi, when doing firmware upgrade brown out testing on a device running PSoC 4 I noticed that sometimes it failed to upgrade and corrupted the launcher.
      Looking at the Copier code I could guess what happen, the power is cut during flash write of metadata #1. It had cleared the flash area but not yet written to it.
      When the launcher boots next time it will restart the copying but will read out the destination row from metadata #1. This results in it copying the new image to row 0(0xffff + 1) and corrupting the launcher.

       

      I've verified this with the following fix.
      Bootloader.c:672(version 1.60)

      -    uint16 launcherLastRow = Bootloader_GetMetadata(Bootloader_GET_BTLDR_LAST_ROW, Bootloader_MD_BTLDB_ACTIVE_0);

      +    uint16 launcherLastRow = Bootloader_GetMetadata(Bootloader_GET_BTLDR_LAST_ROW, Bootloader_MD_BTLDB_ACTIVE_1);

       

      It might seem less safe to use the value from the new metadata, but the copier just copies metadata #2 over metadata #1 without any sanity checks so in the end it does not matter.

       

      I also wonder how firmware upgrades using the Copying method is intended to work. It always copies from one fixed location to another.

      So if I where to upgrade the bootloader component to a newer version and that version used a more flash, I would not be able to produce applications that could be loaded on devices using the older bootloader. Reading launcher last row from metadata #2 might solve this case as well.

       

      Regards, Johan Carlsson

        • 1. Re: Launcher + Copier corrupt Launcher during upgrade
          GaneshD_41

          Hello Johan,

           

          First of all thank you very much for your time and interest in doing the analysis and mentioning the workaround for the brown-out problem.

           

          We will discuss on this internally and will do the necessary steps to enhance the documentation..

           

          I also wonder how firmware upgrades using the Copying method is intended to work. It always copies from one fixed location to another.

          So if I where to upgrade the bootloader component to a newer version and that version used a more flash, I would not be able to produce applications that could be loaded on devices using the older bootloader.

           

          Yes. You are correct. It is required to build the Applications with the Bootloader that is present in the devices running in the field.

          In case the Bootloader is updated in the newer application, the Bootloader that is running in the field devices should be upgraded first and then build the applications with the newer Bootloader version.

           

          Thanks

          Ganesh