ST AN3155 Application Note
ST AN3155
The ST AN3155 is a versatile and powerful development tool that enables users to interact with and program STM32 microcontrollers using a USART interface.
Advertisement
Advertisement
AN3155
Application note
USART protocol used in the STM32™ bootloader
Introduction
This application note describes the USART protocol used in the STM32 microcontroller bootloader. It details each supported command. For more information about the USART hardware resources and requirements for your device bootloader, please refer to the
“STM32 system memory boot mode” application note (AN2606).
Related documents
Available from www.st.com:
AN2606 “STM32 system memory boot mode”
April 2010 Doc ID 17066 Rev 2 1/37 www.st.com
Contents
Contents
AN3155
USART bootloader code sequence . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
Choosing the USARTx baud rate . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
Bootloader command set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
Device-dependent bootloader parameters . . . . . . . . . . . . . . . . . . . . . . . . . 8
Get Version & Read Protection Status command . . . . . . . . . . . . . . . . . . 10
Read Memory command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
Write Memory command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
Erase Memory command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
Extended Erase Memory command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
Write Protect command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27
Write Unprotect command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30
Readout Protect command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
Readout Unprotect command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
Bootloader protocol version evolution . . . . . . . . . . . . . . . . . . . . . . . . . 35
2/37 Doc ID 17066 Rev 2
AN3155
List of tables
List of tables
Doc ID 17066 Rev 2 3/37
List of figures
List of figures
AN3155
4/37 Doc ID 17066 Rev 2
AN3155
1
USART bootloader code sequence
USART bootloader code sequence
Figure 1.
Bootloader for STM32 with USART
X&RECEIVEDON
53!24X2XPIN
53!24XSELECTED
!UTOBAUDRATESEQUENCE
SEND!#+BYTEDISABLE
UNUSEDPERIPHERALS
7AITFORA
COMMAND
#OMMAND
RECEIVED
'%4CMD
'/CMD
'%4CMD
ROUTINE
2$CMD
ROUTINE
OPTIONAL
2OUTINESFOR
LOADING
INTO2!-
'/CMD
ROUTINE
*0TO?!DDRESS
AI
Once the system memory boot mode is entered and the STM32 microcontroller has been configured (for more details refer to application note AN2606 “STM32 system memory boot mode”) the bootloader code begins to scan the USARTx_RX line pin, waiting to receive the
0x7F data frame: one start bit, 0x7F data bits, even parity bit and one stop bit.
The duration of this data frame is measured using the Systick timer. The count value of the timer is then used to calculate the corresponding baud rate factor with respect to the current system clock.
Next, the code initializes the serial interface accordingly. Using this calculated baud rate, an acknowledge byte (0x79) is returned to the host, which signals that the STM32 is ready to receive commands.
Doc ID 17066 Rev 2 5/37
Choosing the USARTx baud rate
2 Choosing the USARTx baud rate
AN3155
The calculation of the serial baud rate for USARTx, from the length of the first byte that is received, is used to operate the bootloader within a wide range of baud rates. However, the upper and lower limits have to be kept, in order to ensure proper data transfer.
For a correct data transfer from the host to the microcontroller, the maximum deviation between the internal initialized baud rate for USARTx and the real baud rate of the host should be below 2.5%. The deviation (f
B
, in percent) between the host baud rate and the microcontroller baud rate can be calculated using the formula below: f
B
= STM32 baud rate – Host baud rate
STM32 baud rate
× 100% , where f
B
≤
This baud rate deviation is a nonlinear function depending on the CPU clock and the baud rate of the host. The maximum of the function (f
B
) increases with the host baud rate. This is due to the smaller baud rate prescale factors, and the implied higher quantization error.
2.2
The lowest tested baud rate (B
Low
) is 1200. Baud rates below B
Low
would cause the SysTick timer to overflow. In this event, USARTx would not be correctly initialized.
Maximum baud rate
B
High
is the highest baud rate for which the deviation still does not exceed the limit. All baud rates between B
Low
and B
High
are below the deviation limit.
The highest tested baud rate (B
High
) is 115 200.
6/37 Doc ID 17066 Rev 2
AN3155 Bootloader command set
The supported commands are listed in
Table 1 below. Each command is further described in
this section.
Table 1.
USART bootloader commands
Command
(1)
Command code Command description
Get
(2)
Get Version & Read
Read Memory
Go
Write Memory
Erase
(3)
Write Protect
(4)
Readout Protect
Readout Unprotect
0x00
0x01
0x02
0x11
0x21
0x31
0x43
0x44
0x63
0x73
0x82
0x92
Gets the version and the allowed commands supported by the current version of the bootloader
Gets the bootloader version and the Read Protection status of the Flash memory
Gets the chip ID
Reads up to 256 bytes of memory starting from an address specified by the application
Jumps to user application code located in the internal
Flash memory or in SRAM
Writes up to 256 bytes to the RAM or Flash memory starting from an address specified by the application
Erases from one to all the Flash memory pages
Erases from one to all the Flash memory pages using two byte addressing mode (available only for v3.0 usart bootloader versions and above).
Enables the write protection for some sectors
Disables the write protection for all Flash memory sectors
Enables the read protection
Disables the read protection
1.
If a denied command is received or an error occurs during the command execution, the bootloader sends
NACK byte and goes back to command checking.
2.
Read protection – When the RDP (read protection) option is active, only this limited subset of commands is available. All other commands are NACKed and have no effect on the device. Once the RDP has been removed, the other commands become active.
3.
Erase (x043) and Extended Erase (0x44) are exclusive. A device may support either the Erase command or the Extended Erase command but not both.
4.
See
Section 3.1: Device-dependent bootloader parameters .
Communication safety
All communications from the programming tool (PC) to the device are verified by:
1.
checksum: received blocks of data bytes are XORed. A byte containing the computed
XOR of all previous bytes is added to the end of each communication (checksum byte).
By XORing all received bytes, data + checksum, the result at the end of the packet must be 0x00
2. for each command the host sends a byte and its complement (XOR = 0x00)
3. UART: parity check active (even parity)
Doc ID 17066 Rev 2 7/37
Bootloader command set
●
●
Each packet is either accepted (ACK answer) or discarded (NACK answer):
ACK = 0x79
NACK = 0x1F
3.1
AN3155
Device-dependent bootloader parameters
●
●
While the USART bootloader protocol’s command set and sequences are the same for all the STM32 devices, some parameters are device-dependent. For a few commands, the value of some parameters may depend on the device used. The concerned parameters are listed below:
PID (product ID), which changes with the device
Valid memory addresses (RAM, Flash memory, system memory, option byte areas) accepted by the bootloader when the Read Memory, Go and Write Memory commands are executed.
● Size of the Flash memory sector used when executing the Write Protect command.
For more details about the value of these parameters for the device you are using, please refer to the “Device-dependent bootloader parameters” section in the “STM32 system memory boot mode” application note (AN2606).
8/37 Doc ID 17066 Rev 2
AN3155 Bootloader command set
The Get command allows you to get the version of the bootloader and the supported commands. When the bootloader receives the Get command, it transmits the bootloader
version and the supported command codes to the host, as described in Figure 2
.
Figure 2.
Get command: host side
Start Get
Send 0x00 + 0xFF
Wait for ACK or NACK
NACK
ACK
Receive the number of bytes
(version+commands)
Receive the bootloader version
Receive the supported commands
Wait for ACK or NACK
ACK
End of Get
NACK
Figure 3.
Get command: device side
Start Get ai14631
Received byte = 0x00+0xFF?
No
Send NACK byte
Yes
Send ACK byte
Send the number of bytes
(version+commands)
Send the bootloader version
Send the supported commands
Send ACK byte
End of Get ai14632
Doc ID 17066 Rev 2 9/37
Bootloader command set AN3155
The STM32 sends the bytes as follows:
Byte 1: ACK
Byte 2:
Byte 3:
N = 11 = the number of bytes to follow – 1 except current and ACKs.
Bootloader version (0 < Version < 255), example: 0x10 = Version 1.0
Byte 4:
Byte 5:
Byte 6:
Byte 7:
0x00
0x01
0x02
0x11
– Get command
– Get Version and Read Protection Status
– Get ID
– Read Memory command
Byte 8:
Byte 9:
Byte 10:
0x21
0x31
– Go command
– Write Memory command
0x43 or
0x44
– Erase command or Extended Erase command (these commands are exlusive)
Byte 11:
Byte 12:
Byte 13:
Byte 14:
0x63
0x73
0x82
0x92
Last byte (15): ACK
– Write Protect command
– Write Unprotect command
– Readout Protect command
– Readout Unprotect command
3.3 Get Version & Read Protection Status command
The Get Version & Read Protection Status command is used to get the bootloader version and the read protection status. When the bootloader receives the command, it transmits the information described below (version, read protection: number of times it was enabled and disabled) to the host.
10/37 Doc ID 17066 Rev 2
AN3155 Bootloader command set
Figure 4.
Get Version & Read Protection Status command: host side
Start GV (1)
Send 0x01+0xFE
Wait for ACK or NACK
NACK
ACK
Receive the bootloader version
Receive the number of times the read protection was disabled
Receive the number of times the read protection was enabled
Wait for ACK or NACK
NACK
ACK
End of GV (1) ai14633
1.
GV = Get Version & Read Protection Status.
Figure 5.
Get Version & Read Protection Status command: device side
Start GV (1)
Received byte = 0x01+0xFE?
No
Send NACK byte
Yes
Send ACK byte
Send the bootloader version
Option byte 1
Option byte 2
Send ACK byte
End of GV
(1) ai14634
1.
GV = Get Version & Read Protection Status.
Doc ID 17066 Rev 2 11/37
Bootloader command set AN3155
The STM32 sends the bytes as follows:
Byte 1: ACK
Byte 2: Bootloader version (0 < Version
≤
Byte 3: Option byte 1: 0x00 to keep the compatibility with generic bootloader protocol
Byte 4: Option byte 2: 0x00 to keep the compatibility with generic bootloader protocol
Byte 5: ACK
3.4 Get ID command
The Get ID command is used to get the version of the chip ID (identification). When the bootloader receives the command, it transmits the product ID to the host.
The STM32 device sends the bytes as follows:
Byte 1: ACK
Byte 2: N = the number of bytes – 1 (N = 1 for STM32), except for current byte and
ACKs.
Bytes 3-4: PID
(1)
byte 3 = 0x04, byte 4 = 0x1X
Byte 5: ACK
1.
PID stands for product ID. Byte 1 is the MSB and byte 2, the LSB of the address. Refer to
Device-dependent bootloader parameters
for more details about the PID of the device you are using.
Figure 6.
Get ID command: host side
Start GID
(1)
Send 0x02+0xFD
Wait for ACK or NACK
NACK
ACK
Receive N = number of bytes – 1
Receive PID
Wait for ACK or NACK
NACK
ACK
End of GID
(1) ai14633
1.
GID = Get ID.
12/37 Doc ID 17066 Rev 2
AN3155
3.5
Note:
Bootloader command set
Figure 7.
Get ID command: device side
Start GID
(1)
Received byte = 0x02+0xFD?
No
Send NACK byte
Yes
Send ACK byte
Send N = number of bytes – 1
Send product ID
Send ACK byte
End of GID
(1) ai14636
1.
GID = Get ID.
Read Memory command
The Read Memory command is used to read data from any valid memory address (see note) in RAM, Flash memory and the information block (System memory or option byte areas).
Refer to
Section 3.1: Device-dependent bootloader parameters
for more details about the valid memory addresses for the device you are using.
When the bootloader receives the Read Memory command, it transmits the ACK byte to the application. After the transmission of the ACK byte, the bootloader waits for an address (4 bytes, byte 1 is the address MSB and byte 4 is the LSB) and a checksum byte, then it checks the received address. If the address is valid and the checksum is correct, the bootloader transmits an ACK byte, otherwise it transmits a NACK byte and aborts the command.
When the address is valid and the checksum is correct, the bootloader waits for the number of bytes to be transmitted – 1 (N bytes) and for its complemented byte (checksum). If the checksum is correct it then transmits the needed data ((N + 1) bytes) to the application, starting from the received address. If the checksum is not correct, it sends a NACK before aborting the command.
Doc ID 17066 Rev 2 13/37
Bootloader command set
The host sends bytes to the STM32 as follows:
Bytes 1-2: 0x11+0xEE
Wait for ACK
Bytes 3 to 6: start address
Byte 7:
●
● byte 3: MSB byte 6: LSB
Checksum: XOR (byte 3, byte 4, byte 5, byte 6)
Byte 8:
Byte 9:
Wait for ACK
The number of bytes to be read – 1 (0 < N ≤
Checksum: XOR byte 8 (complement of byte 8)
Figure 8.
Read Memory command: host side
Start RM (1)
Send 0x11+0xEE
Wait for ACK or NACK
NACK
ACK
Send the start address (4 bytes) with checksum
Wait for ACK or NACK
NACK
ACK
Send the number of bytes to be read (1 byte) and a checksum (1 byte)
Wait for ACK or NACK
NACK
ACK
Receive data from the BL
End of RM
(1) ai14637
1.
RM = Read Memory.
AN3155
14/37 Doc ID 17066 Rev 2
AN3155 Bootloader command set
Figure 9.
Read Memory command: device side
Start RM (1)
1.
RM = Read Memory.
Received byte =
0x11+0xEE
Yes
No
Yes
ROP active
No
Send ACK byte
Receive the start address (4 bytes) with checksum
Address valid & checksum OK?
Yes
Send ACK byte
No
Receive the number of bytes to be read (1 byte) and a checksum (1 byte)
Checksum OK?
No
Yes
Send ACK byte
Send data to the host
End of RM (1)
Send NACK byte ai14638
Doc ID 17066 Rev 2 15/37
Bootloader command set AN3155
●
●
The Go command is used to execute the downloaded code or any other code by branching to an address specified by the application. When the bootloader receives the Go command, it transmits the ACK byte to the application. After the transmission of the ACK byte, the bootloader waits for an address (4 bytes, byte 1 is the address MSB and byte 4 is LSB) and a checksum byte, then it checks the received address. If the address is valid and the checksum is correct, the bootloader transmits an ACK byte, otherwise it transmits a NACK byte and aborts the command.
When the address is valid and the checksum is correct, the bootloader firmware performs the following:
● it initializes the registers of the peripherals used by the bootloader to their default reset values it initializes the user application’s main stack pointer it jumps to the memory location programmed in the received ‘address + 4’ (which corresponds to the address of the application’s reset handler).
For example if the received address is 0x0800 0000, the bootloader will jump to the memory location programmed at address 0x0800 0004.
In general, the host should send the base address where the application to jump to is programmed
Figure 10.
Go command: host side
Start Go
Send 0x21 + 0xDE
Wait for ACK or NACK
ACK
Send the Start Address (4 bytes) & checksum
NACK
Wait for ACK or NACK
ACK
NACK
NACK
Wait for ACK or NACK
ACK
End of EER
AIB
16/37 Doc ID 17066 Rev 2
AN3155 Bootloader command set
Note: 1 Valid addresses for the Go command are in RAM or Flash memory (refer to
Device-dependent bootloader parameters for more details about the valid memory
addresses for the device you are using). All other addresses are considered not valid and are NACKed by the device.
2 When an application is loaded into RAM and then a jump is made to it, the program must be configured to run with an offset to avoid overlapping with the first RAM memory used by the bootloader firmware (refer to
Section 3.1: Device-dependent bootloader parameters
for more details about the RAM offset for the device you are using).
3 The Jump to the application works only if the user application sets the vector table correctly to point to the application address.
Figure 11.
Go command: device side
Start Go
Received bytes =
0x21+0xDE?
Yes
ROP active
Yes
No
No
Send ACK byte
Receive the start address (4 bytes) & checksum
Send ACK byte
Address valid & checksum OK?
No
Send NACK byte
Send ACK byte
Jump to user application
End of Go ai14640b
Doc ID 17066 Rev 2 17/37
Bootloader command set
The host sends bytes as follow to the STM32:
Byte 1: 0x21
Byte 2: 0xDE
Wait for ACK
Byte 3 to byte 6: start address byte 3: MSB
Byte 7: byte 6: LSB checksum: XOR (byte 3, byte 4, byte 5, byte 6)
AN3155
3.7 Write Memory command
The Write Memory command is used to write data to any valid memory address (see note below) of RAM, Flash memory, or Option byte area.
When the bootloader receives the Write Memory command, it transmits the ACK byte to the application. After the transmission of the ACK byte, the bootloader waits for an address (4 bytes, byte 1 is the address MSB and byte 4 is the LSB) and a checksum byte, it then checks the received address. For the Option byte area, the start address must be the base address of the Option byte area (see note) to avoid writing inopportunely in this area.
Note: 1 Write operations to Flash memory/SRAM must be word (32-bit) aligned and data should be in multiples of four bytes. If less data are written the remaining bytes should be filled by
0xFF.
2 Refer to
Section 3.1: Device-dependent bootloader parameters
for more details about the valid memory addresses for the device you are using.
●
●
●
●
If the received address is valid and the checksum is correct, the bootloader transmits an
ACK byte, otherwise it transmits a NACK byte and aborts the command. When the address is valid and the checksum is correct, the bootloader: gets a byte, N, which contains the number of data bytes to be received receives the user data ((N + 1) bytes) and the checksum (XOR of N and of all data bytes) programs the user data to memory starting from the received address at the end of the command, if the write operation was successful, the bootloader transmits the ACK byte; otherwise it transmits a NACK byte to the application and aborts the command
The maximum length of the block to be written for the STM32 is 256 bytes.
If the Write Memory command is issued to the Option byte area, all options are erased before writing the new values, and at the end of the command the bootloader generates a system Reset to take into account the new configuration of the option byte.
Note: 1 When writing to the RAM, you should take care not to overlap the first RAM memory used by the bootloader firmware.
2 No error is returned when performing write operations on write-protected sectors.
3 No error is returned when the start address is invalid.
18/37 Doc ID 17066 Rev 2
AN3155
Figure 12.
Write Memory command: host side
3TART7-
3ENDXX#%
7AITFOR!#+
OR.!#+
.!#+
!#+
3ENDTHESTARTADDRESSBYTES
CHECKSUM
7AITFOR!#+
OR.!#+
.!#+
!#+
3ENDTHENUMBEROFBYTESTOBEWRITTEN
BYTE THEDATA.BYTES ANDCHECKSUM
7AITFOR!#+
OR.!#+
!#+
%NDOF7-
.!#+
Bootloader command set
AIB
1.
WM = Write Memory.
2.
N+1 should always be a multiple of 4.
Doc ID 17066 Rev 2 19/37
Bootloader command set
Figure 13.
Write Memory command: device side
Start WM
(1)
Received byte =
0x31+0xCE?
Yes
ROP inactive?
Yes
Send ACK byte
No
No
Receive the start address (4 bytes) & checksum
Checksum OK?
No
Yes
Send ACK byte
Receive the number of bytes to be written
(1 byte), the data (N + 1 bytes)
(2)
and checksum
No
Checksum OK?
Yes
Flash memory address?
Yes
Yes
Yes
RAM address?
Yes
Option byte address?
& address =
0x1FFF F800?
Yes
Write the received data to Flash memory from the start address
Write the received data to RAM from the start address
Write the Keys for Option byte area access
Write the received data to
Option byte area from start address
No
Send ACK byte
Send
ACK byte
Send
NACK byte
Generate system reset
AN3155
20/37
1.
WM = Write Memory.
2.
N+1 should always be a multiple of 4.
Doc ID 17066 Rev 2
End of WM (1) ai14642c
AN3155
The host sends the bytes to the STM32 as follows:
Byte 1: 0x31
Byte 2: 0xCE
Wait for ACK
Byte 3 to byte 6: start address byte 3: MSB
Byte 7: byte 6: LSB
Checksum: XOR (Byte3, Byte4, Byte5, Byte6)
Byte 8:
Wait for ACK
Number of bytes to be received (0 < N ≤
N +1 data bytes:(Max 256 bytes)
Checksum byte: XOR (N, N+1 data bytes)
Bootloader command set
3.8
Note:
Erase Memory command
The Erase Memory command allows the host to erase Flash memory pages. When the bootloader receives the Erase Memory command, it transmits the ACK byte to the host.
After the transmission of the ACK byte, the bootloader receives one byte (number of pages to be erased), the Flash memory page codes and a checksum byte; if the checksum is correct then bootloader erases the memory and sends an ACK byte to the host, otherwise it sends a NACK byte to the host and the command is aborted.
Erase Memory command specifications:
1.
the bootloader receives one byte that contains N, the number of pages to be erased –
1.
N = 255 is reserved for global erase requests. For 0
≤ ≤
2. the bootloader receives (N + 1) bytes, each byte containing a page number
No error is returned when performing erase operations on write protected sectors.
Doc ID 17066 Rev 2 21/37
Bootloader command set
Figure 14.
Erase Memory command: host side
Start ER
(1)
Send 0x43+0xBC
Send 0xFF
Yes
Wait for ACK or NACK
ACK
Global
Erase?
NACK
No
Send the number of pages to be erased (1 byte)
Send 0x00
Send the page numbers
Send checksum
Wait for ACK or NACK
NACK
ACK
End of ER (1) ai14643b
1.
ER = Erase Memory.
AN3155
22/37 Doc ID 17066 Rev 2
AN3155
Note:
Bootloader command set
Figure 15.
Erase Memory command: device side
Start ER
(1)
Received bytes =
0x43+0xBC?
Yes
No
Yes
ROP active
No
Send ACK byte
Receive the number of pages to be erased (1 byte)
Yes
0xFF received?
No
Receive the page codes
No
Receive the checksum
Yes
Start Global Erase
(Mass Erase)
Checksum
OK?
No
Yes
Erase the corresponding pages
Send ACK byte Send NACK byte
End of ER
(1) ai14642b
1.
ER = Erase Memory.
After sending the erase memory command and its checksum, if the host sends 0xFF followed by data different from 0x00, the mass erase is not performed but an ACK is send by the device.
The host sends bytes to the STM32 as follows:
Byte 1: 0x43
Byte 2: 0xBC
Wait for ACK
Byte 3: 0xFF or number of pages to be erased – 1 (0 ≤ N ≤
Byte 4: 0x00 (in case of global erase) or ((N + 1 bytes (page numbers) and then checksum
XOR (N, N+1 bytes))
Doc ID 17066 Rev 2 23/37
Bootloader command set
3.9
Note:
AN3155
Extended Erase Memory command
The Extended Erase Memory command allows the host to erase Flash memory pages using two bytes addressing mode. When the bootloader receives the Extended Erase Memory command, it transmits the ACK byte to the host. After the transmission of the ACK byte, the bootloader receives two bytes (number of pages to be erased), the Flash memory page codes (each one coded on two bytes, MSB first) and a checksum byte (XOR of the sent bytes); if the checksum is correct, the bootloader erases the memory and sends an ACK byte to the host. Otherwise it sends a NACK byte to the host and the command is aborted.
Extended Erase Memory command specifications:
1.
The bootloader receives one half-word (two bytes) that contain N, the number of pages to be erased: a) For N = 0xFFFY (where Y is from 0 to F) special erase is performed:
- 0xFFFF for global mass erase
- 0xFFFE for bank 1 mass erase
- 0xFFFD for bank 2 mass erase
- Codes from 0xFFFC to 0xFFF0 are reserved b) For other values where 0
≤ < maximum number of pages: N + 1 pages are erased.
2. The bootloader receives: a) In the case of a special erase, one byte: checksum of the previous bytes:
- 0x00 for 0xFFFF
- 0x01 for 0xFFFE
- 0x02 for 0xFFFD a) In the case of N+1 page erase, the bootloader receives (2 x (N + 1)) bytes, each half-word containing a page number (coded on two bytes, MSB first). Then all previous byte checksums (in one byte).
No error is returned when performing erase operations on write-protected sectors.
The maximum number of pages is relative to the product and thus should be respected.
24/37 Doc ID 17066 Rev 2
AN3155 Bootloader command set
Figure 16.
Extended Erase Memory command: host side
Start EER
Send 0x44 + 0xBB
Wait for ACK or NACK
ACK
Special Erase ?
NACK
YES
Send Special Erase cmd:
0xFFFF = Mass erase
0xFFFE = Bank1 erase
0xFFFD = Bank2 erase
(0xFFF0 to 0xFFFC are reserved)
Send the checksum of the two bytes
NO
Send the number of pages to be erased N (on two bytes) MSB first
Send the page numbers
(each on two bytes, MSB first)
Send byte checksum of all sent bytes (N (2 bytes),
2x(N+1) bytes)
NACK
Wait for ACK or NACK
ACK
End of EER
AI
1.
EER = Extended Erase Memory
Doc ID 17066 Rev 2 25/37
Bootloader command set
Figure 17.
Extended Erase Memory command: device side
Start EER
Received bytes = 0x44 + 0xBB ?
YES
NO
YES
ROP Active ?
NO
Send ACK Byte
Receive Number of Pages to be erased N (2 bytes) MSB first
NO
YES
Start Special Erase:
0xFFFF = Mass erase
0xFFFE = Bank1 erase
0xFFFD = Bank2 erase
(0xFFF0 to 0xFFFC are reserved)
Receive Checksum of the 2 bytes
(0x00, 0x01 or 0x02)
Checksum of 2 bytes OK and command supported ?
YES
Perform the requested erase
0xFFFY received ?
Where Y can be [0..F]
NO
Receive the page codes (on 2 bytes each, MSB first)
Receive the checksum of all received bytes (N (on 2 bytes),
2 x(N+1) bytes)
Checksum of all received bytes OK ?
YES
Erase the corresponding pages
NO
Send NACK byte Send ACK byte Send NACK byte
AN3155
End of EER
AI
1.
EER = Extended Erase Memory.
26/37 Doc ID 17066 Rev 2
AN3155 Bootloader command set
The host sends the bytes to the STM32F1xxx as follows:
Byte 1: 0x44
Byte 2: 0xBB
Wait for ACK
Bytes 3-4: - Special erase (0xFFFF, 0xFFFE or 0xFFFD)
OR
- Number of pages to be erased (N+1 where: 0 ≤ N < Maximum number of pages).
Remaining bytes
- Checksum of Bytes 3-4 in case of special erase (0x00 if 0xFFFFor 0x01 if
0xFFFE or 0x02 if 0xFFFD).
OR
- (2 x (N + 1)) bytes (page numbers coded on two bytes MSB first) and then the checksum for bytes 3-4 and all the following bytes)
3.10 Write Protect command
Note:
The Write Protect command is used to enable the write protection for some or all Flash memory sectors. When the bootloader receives the Write Protect command, it transmits the
ACK byte to the host. After the transmission of the ACK byte, the bootloader waits for the number of bytes to be received (sectors to be protected) and then receives the Flash memory sector codes from the application.
At the end of the Write Protect command, the bootloader transmits the ACK byte and generates a system Reset to take into account the new configuration of the option byte.
Refer to
Section 3.1: Device-dependent bootloader parameters
for more details about the sector size for the device you are using.
The Write Protect command sequence is as follows:
●
● the bootloader receives one byte that contains N, the number of sectors to be writeprotected – 1 (0
≤ ≤ the bootloader receives (N + 1) bytes, each byte contains a sector code
Note: 1 The total number of sectors and the sector number to be protected are not checked, this means that no error is returned when a command is passed with a wrong number of sectors to be protected or a wrong sector number.
2 If a second Write Protect command is executed, the Flash memory sectors that had been protected by the first command become unprotected and only the sectors passed within the second Write Protect command become protected.
Doc ID 17066 Rev 2 27/37
Bootloader command set
Figure 18.
Write Protect command: host side
Start WP (1)
Send 0x63+0x9C
Wait for ACK or NACK
NACK
ACK
Send the number of sectors to be protected (1 byte)
Send the sector codes
Send checksum
Wait for ACK or NACK
NACK
ACK
End of WP
(1)
1.
WP = Write Protect.
ai14645b
AN3155
28/37 Doc ID 17066 Rev 2
AN3155 Bootloader command set
Figure 19.
Write Protect command: device side
Start WP (1)
Received bytes =
0x63+0x9C?
No
Yes
Yes
ROP active
No
Send ACK byte
Receive the number of sectors to be protected (1 byte)
Receive the sector codes
Receive the checksum
Checksum
OK?
No
Yes
Write-protect the requested sectors
Send ACK byte
Generate system reset
End of WP
(1)
Send NACK byte ai14646b
1.
WP = Write Protect.
Doc ID 17066 Rev 2 29/37
Bootloader command set AN3155
3.11 Write Unprotect command
The Write Unprotect command is used to disable the write protection of all the Flash memory sectors. When the bootloader receives the Write Unprotect command, it transmits the ACK byte to the host. After the transmission of the ACK byte, the bootloader disables the write protection of all the Flash memory sectors. After the unprotection operation the bootloader transmits the ACK byte.
At the end of the Write Unprotect command, the bootloader transmits the ACK byte and generates a system Reset to take into account the new configuration of the option byte.
Figure 20.
Write Unprotect command: host side
Start WPUN
(1)
Send 0x73+0x8C
Wait for ACK or NACK
ACK
NACK
Wait for ACK or NACK
ACK
End of WPUN
(1)
NACK ai14647
1.
WPUN = Write Unprotect.
30/37 Doc ID 17066 Rev 2
AN3155 Bootloader command set
Figure 21.
Write Unprotect command: device side
Start WPUN (1)
Received bytes =
0x73+0x8C?
Yes
No
Yes
ROP active
No
Send ACK byte
Remove the protection for the entire Flash memory
Send ACK byte
Generate system reset
End of WPUN
(1)
Send NACK byte ai14648b
1.
WPUN = Write Unprotect.
The Readout Protect command is used to enable the Flash memory read protection. When the bootloader receives the Readout Protect command, it transmits the ACK byte to the host. After the transmission of the ACK byte, the bootloader enables the read protection for the Flash memory.
At the end of the Readout Protect command, the bootloader transmits the ACK byte and generates a system Reset to take into account the new configuration of the option byte.
Doc ID 17066 Rev 2 31/37
Bootloader command set
Figure 22.
Readout Protect command: host side
Start RDP_PRM
(1)
Send 0x82+0x7D
Wait for ACK or NACK
ACK
NACK
Wait for ACK or NACK
ACK
End of RDP_PRM
(1)
NACK
1.
RDP_PRM = Readout Protect.
Figure 23.
Readout Protect command: device side
Start RDP_PRM (1)
Received bytes =
0x82+0x7D?
No
Yes
Yes
ROP active
No
Send ACK byte
Activate Read protection for Flash memory
Send ACK byte
Generate system reset
End of RDP_PRM
(1) ai14649
Send NACK byte ai14650b
1.
RDP_PRM = Readout Protect.
AN3155
32/37 Doc ID 17066 Rev 2
AN3155 Bootloader command set
The Readout Unprotect command is used to disable the Flash memory read protection.
When the bootloader receives the Readout Unprotect command, it transmits the ACK byte to the host. After the transmission of the ACK byte, the bootloader erases all the Flash memory sectors and it disables the read protection for the entire Flash memory. If the erase operation is successful, the bootloader deactivates the RDP.
If the erase operation is unsuccessful, the bootloader transmits a NACK and the read protection remains active.
At the end of the Readout Unprotect command, the bootloader transmits an ACK and generates a system Reset to take into account the new configuration of the option byte.
Figure 24.
Readout Unprotect command: host side
Start RDU_PRM
(1)
Send 0x92+0x6D
Wait for ACK or NACK
ACK
NACK
Wait for ACK or NACK
ACK
End of RDU_PRM
(1)
NACK ai14651
1.
RDU_PRM = Readout Unprotect.
Doc ID 17066 Rev 2 33/37
Bootloader command set
Figure 25.
Readout Unprotect command: device side
3TART2$5?02-
2ECEIVEDBYTES
XX$
9ES
3END!#+BYTE
.O
$ISABLE2/0
3END!#+BYTE
#LEARALL2!-MEMORY
'ENERATESYSTEMRESET 3END.!#+BYTE
%NDOF2$5?02-
AI
2.
RDU_PRM = Readout Unprotect.
AN3155
34/37 Doc ID 17066 Rev 2
AN3155
4
Bootloader protocol version evolution
Bootloader protocol version evolution
Table 2 lists the bootloader versions.
Table 2.
Bootloader protocol versions
Version
V2.0
V2.1
V2.2
V3.0
Description
Initial bootloader version.
– Update Go command to initialize the main stack pointer
– Update Go command to return NACK when jump address is in the Option byte area or System memory area
– Update Get ID command to return the device ID on two bytes
– Update the bootloader version to V2.1
– Update Read Memory, Write Memory and Go commands to deny access, with a NACK response, to the first bytes of RAM memory used by the bootloader
– Update Readout Unprotect command to initialize the whole RAM content to 0x0 before ROP disable operation
– Extended Erase command added to support number of pages larger than 256 and separate bank mass erase.
– Erase command has not been modified in this version but, due to addition of the Extended Erase command it is no longer supported (Erase and Extended Erase commands are exclusive).
Doc ID 17066 Rev 2 35/37
Revision history AN3155
Table 3.
Date
09-Mar-2010
20-Apr-2010
Document revision history
Revision
1
2
Changes
Initial release.
Table 1: USART bootloader commands : added Extended Erase
command; removed footnote 2 concerning read protection from the
Readout Protect command.
Communication safety : amended Note 1 .
Section 3.2: Get command : updated byte 10.
Updated
Figure 10: Go command: host side
for missing ACK state.
Section 3.7: Write Memory command : added Note 1 and Note 2
.
Figure 13 : added notes regarding N+1.
Added
Section 3.9: Extended Erase Memory command
.
Table 2: Bootloader protocol versions
: added v3.0.
36/37 Doc ID 17066 Rev 2
AN3155
Please Read Carefully:
Information in this document is provided solely in connection with ST products. STMicroelectronics NV and its subsidiaries (“ST”) reserve the right to make changes, corrections, modifications or improvements, to this document, and the products and services described herein at any time, without notice.
All ST products are sold pursuant to ST’s terms and conditions of sale.
Purchasers are solely responsible for the choice, selection and use of the ST products and services described herein, and ST assumes no liability whatsoever relating to the choice, selection or use of the ST products and services described herein.
No license, express or implied, by estoppel or otherwise, to any intellectual property rights is granted under this document. If any part of this document refers to any third party products or services it shall not be deemed a license grant by ST for the use of such third party products or services, or any intellectual property contained therein or considered as a warranty covering the use in any manner whatsoever of such third party products or services or any intellectual property contained therein.
UNLESS OTHERWISE SET FORTH IN ST’S TERMS AND CONDITIONS OF SALE ST DISCLAIMS ANY EXPRESS OR IMPLIED
WARRANTY WITH RESPECT TO THE USE AND/OR SALE OF ST PRODUCTS INCLUDING WITHOUT LIMITATION IMPLIED
WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE (AND THEIR EQUIVALENTS UNDER THE LAWS
OF ANY JURISDICTION), OR INFRINGEMENT OF ANY PATENT, COPYRIGHT OR OTHER INTELLECTUAL PROPERTY RIGHT.
UNLESS EXPRESSLY APPROVED IN WRITING BY AN AUTHORIZED ST REPRESENTATIVE, ST PRODUCTS ARE NOT
RECOMMENDED, AUTHORIZED OR WARRANTED FOR USE IN MILITARY, AIR CRAFT, SPACE, LIFE SAVING, OR LIFE SUSTAINING
APPLICATIONS, NOR IN PRODUCTS OR SYSTEMS WHERE FAILURE OR MALFUNCTION MAY RESULT IN PERSONAL INJURY,
DEATH, OR SEVERE PROPERTY OR ENVIRONMENTAL DAMAGE. ST PRODUCTS WHICH ARE NOT SPECIFIED AS "AUTOMOTIVE
GRADE" MAY ONLY BE USED IN AUTOMOTIVE APPLICATIONS AT USER’S OWN RISK.
Resale of ST products with provisions different from the statements and/or technical features set forth in this document shall immediately void any warranty granted by ST for the ST product or service described herein and shall not create or extend in any manner whatsoever, any liability of ST.
ST and the ST logo are trademarks or registered trademarks of ST in various countries.
Information in this document supersedes and replaces all information previously supplied.
The ST logo is a registered trademark of STMicroelectronics. All other names are the property of their respective owners.
© 2010 STMicroelectronics - All rights reserved
STMicroelectronics group of companies
Australia - Belgium - Brazil - Canada - China - Czech Republic - Finland - France - Germany - Hong Kong - India - Israel - Italy - Japan -
Malaysia - Malta - Morocco - Philippines - Singapore - Spain - Sweden - Switzerland - United Kingdom - United States of America www.st.com
Doc ID 17066 Rev 2 37/37
Advertisement