stackoom
  简体   繁体   中英

How to implement OTA update failover scenario for STM32F4 microcontroller's flash banks?

 原文  2018-07-31 11:46:37       microcontroller/ stm32/ bootloader/ stm32f4/ ansi-c

Question

I am using the 32bit ARM STM32F439ZI microcontroller for my project. The microcontroller has 2 megabytes of flash memory organized into 2 banks of 1 megabytes each for simultaneous read and write/erase, as the datasheets points out.

I want to introduce Over The Air (OTA) firmware updates for the microcontroller.

I am using around 200-400 KB of flash storage for the firmware.

Of course, I could just only flash the download update binary using the boot loader. However, I would like to introduce a safety net by using the two 1 megabyte flash banks as a fail safe feature.

For example:

  1. The application downloads the new OTA firmware package onto an external storage.
  2. The application sets an flag with the internal flash (emulated EEPROM) as information to the boot loader to load an OTA firmware package from the external storage.
  3. The boot loader checks which "partition" (flash bank A or B) is active, switches the states and flashes the OTA firmware package onto the just activated flash bank.
  4. The boot loader resets the microcontroller.
  5. The boot loader detects, that bank B is the active bank and loads it contents as firmware.
  6. When there is a watchdog event or a crash, the boot loader detects the register flag and switches to the flash bank, which contains the previous firmware version.

I could not find resources if the "dual boot" is possible with the STM32F4 (there was something about the STM32F7 series, but that was advertised as an dedicated "feature").

Is the process possible or recommended with the STM32F4 series? Is there a better approach? And how the boot loader dispatch call (to the main function of the active flash bank) would looks like (Ansi C)?

2 answers

solution1
 0  2019-04-04 10:00:48

I'm not sure, If I understand the "Dual boot" completely, but if it is about having two versions of Firmware (Current working one to be replaced and the new firmware) in the flash, then the simplest method is to let the bootloader take a backup of the application firmware in a separate area of the flash memory before kicking-off OTA, however this reduces the total amount of usable flash. My master's thesis ( Fail-proof over the air firmware upgrade for embedded systems ) was on a very similar topic. You may want to take a look.

solution2
 0  2020-02-20 20:50:36

  1. The OTA with failover is implemented by Mongoose OS, https://mongoose-os.com for STM32 (including STM32F4). Mongoose OS repo is at https://github.com/cesanta/mongoose-os . The bootloader repo is at https://github.com/mongoose-os-apps/bootloader

  2. For STM32 setup without built-in connectivity, another approach would be to use https://vcon.io . That is, an ESP32 / ESP8266 communication module (Ethernet, WiFi, Cellular) which can OTA any attached STM32 microcontroller, and provide connectivity via varirous modes (eg transparent UART bridge).

Disclaimer: I represent both Mongoose OS and VCON products.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Can't blink LED on STM32F4 microcontroller How can I use lwIP tcp/ip stack with microcontroller stm32f4 (client) Reserving flash location for EEPROM emulation STM32F4 Allocating memory in Flash for user data (STM32F4 HAL) Flash downloaded code into STM32F4 MCU; how do I remove the downloaded code? Incorrect real baudrate for a UART communication on a stm32f4 microcontroller when programming it “bare-metal” How to use hardware NSS (SPI) on stm32f4? Debugging stm32f4 via bluetooth How to make external switch control LED stm32f4 board? STM32F4 EXTI interrupts interfere with each other
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM