See how to calculate the CRC32 for KBOOT, both from binary and S-Record files, and how to insert the values into the bootloader configuration area..
Let’s be friends:
Comment ( 0)
Join the DZone community and get the full member experience.
In Flash-Resident USB-HID Bootloader with the NXP Kinetis K22 Microcontroller, I presented how I’m using the tinyK22 (or FRDM-K22F) with a flash resident USB HID bootloader. To make sure that the loaded application is not corrupted somehow, it is important to verify it with a Cyclic Redundancy Checksum ( CRC). The NXP KBOOT Bootloader can verify such a CRC, but how to generate and use one is not really obvious (at least to me), so this article explains how to generate that CRC.
CRC Values for KBOOT
This article explains how to calculate the CRC32 for KBOOT, both from binary and S-Record files, and how to insert the values into the BCA (Bootloader Configuration Area). Additionally, it gives tips for debugging the bootloaded application.
The bootloader is configured with a BCA (Bootloader Configuration Area). As explained in Getting Started: ROM Bootloader on the NXP FRDM-KL03Z Board, it configures the ROM bootloader. That ROM bootloader for the KL03Z does not implement the checksum feature, so I would have to build a flash-flash resident bootloader as explained in Flash-Resident USB-HID Bootloader with the NXP Kinetis K22 Microcontroller.
For the flash-resident bootloader, the BCA has part of the application to be loaded as well and located at offset 0x3C0 — right after the vector table located at offset 0x0000.
So if the application gets loaded at 0xC000 (as used in this tutorial), the BCA is located at 0xC3C0. That BCA can be implemented as a struct in C as in Getting Started: ROM Bootloader on the NXP FRDM-KL03Z Board or it could be part of the assembly code e.g. in the startup file as in this tutorial:
Bootloader Configuration Area
The CRC start address, size in bytes and the expected CRC values are just behind the tag bytes:
The question is: How do we calculate that expected CRC value?
One possibility to calculate the expected CRC values is to use the Kinetis Flash Tool. In the tool, browse for the binary (.bin) file (which is the only supported format) and press the Config button:
Config in KinetisFlashTool
In the dialog, enable the CRC Check with the image address:
Crc Check Enabled
Press OK, and the values will be shown in the BCA HEX field:
CRC value
But this is a very painful process, and only works with .bin (Binary) files.
A better approach is using the srec_cat utility ( CRC Checksum Generation with ‘SRecord’ Tools for GNU and Eclipse):
Kudos go to Robert Poor (see https://community.nxp.com/thread/462397) who has found out the correct command line to generate the CRC32 needed by KBOOT.
Ideally, the vector table at 0xC000 and the BCA at 0xC3C0 would be included into the CRC, but KBOOT does not support this, so for simplicity, I keep it excluded from the CRC calculation.
To find out the size, use the linker map file or use srec_info:
Which gives something like:
This then produces something like this:
The CRC32 is 0xD688C6B4 .
That value with the number of bytes and start address then can be entered into the sources like this:
Application CRC Values
However, this would require a recompilation of the application. So an easier way is to directly add the CRC32 to the.srec file:
Then load the new file with the KinetisFlashTool:
Updating with SRecord Files
The CRC check can be debugged in the Bootloader inside the function is_application_crc_check_pass() inside bl_app_crc_check.c:
Code in Bootloader to Check CRC
Here is how to show the CRC fields of the BCA inside a binary file:
This gives:
Inspecting values in a binary file
To calculate the CRC32 value from a Binary, I use the following command line:
It first fills the memory from 0x0000 to 0x1000 with the 0xff filler, then cuts out the area between 0x400 to 0x1000, calculates the checksum and issues it on the console.
Then add it to a binary. Below is the command line to insert that CRC32 value into the binary file at offset 0x3C4:
There is one potential problem with the CRC calculation done by the bootloader: If your debugger probe modifies the flash memory for setting breakpoints (e.g. Segger J-Link can do this to get ‘unlimited’ breakpoints (see Software and Hardware Breakpoints, then this is changing the code, and as such invalidates the CRC checksum/check. So if loading and CRC-checking application code, make sure you don’t have any breakpoints set in that area.
This article describes the manual steps to determine the CRC value and then add it to the application. For automating things with a Python script, see the work of Robert Poor at https://github.com/rdpoor/srec-crc .
Adding a CRC32 check in the bootloader makes the process more reliable, as it can detect bits in the loaded image. Knowing the correct polynomial and CRC calculation way is not always straightforward. Kudos to Robert Poor who has found out how to create the CRC32 for KBOOT. I’m now able to generate the checksum both from S19 and binary files. I’m doing things semi-automated (calculate the CRC and insert it into the file), and if I find time, I plan to automate it further. Until then, have a look how Robert is automating it (see the previous section).
The projects used in this tutorial are available on GitHub (see the links at the end of this article).
Happy checking!
Free DZone Refcard
Comment ( 0)
Published at DZone with permission
of
Erich Styger
, DZone MVB. See the original article here.
Opinions expressed by DZone contributors are their own.
