[En-Nut-Discussion] Robust Ethernet bootloader

Philipp Burch phip at hb9etc.ch
Tue Jun 5 14:08:54 CEST 2018


Hi Uwe!

On 05.06.2018 12:30, Uwe Bonnes wrote:
>>>>>> "Philipp" == Philipp Burch <phip at hb9etc.ch> writes:
> 
>     Philipp> Hi everyone, I'm in a project where we will soon have to deploy
>     Philipp> some boards running Nut/OS into "the field". Those boards are
>     Philipp> all connected to a local computer using Ethernet, but the
>     Philipp> computer itself is usually only accessible over the net. In the
>     Philipp> first prototype, we simply put a J-Link into the machine to be
>     Philipp> able to update the MCU firmware (or even debug it), in case a
>     Philipp> problem arises, but this definitely is no productive
>     Philipp> solution. We use Ethernet to have a robust and isolated
>     Philipp> connection after all, which USB and JTAG is not.
> 
>     Philipp> Our target platform is a TIVA TM4C1294NCPDT processor, which
>     Philipp> has an integrated Ethernet MAC and PHY. My primary concern is
>     Philipp> robustness of the bootloader, it should be rather hard to brick
>     Philipp> the device. I see that there is some Ethernet-based bootloader
>     Philipp> functionality in the ROM of this MCU, but as far as I can tell,
>     Philipp> this must be invoked from the application code. So in case the
>     Philipp> update fails, there will most likely be no way to re-flash the
>     Philipp> firmware without local intervention. What I would prefer is a
>     Philipp> small self-contained bootloader that always runs when the
>     Philipp> firmware starts (after power-on, watchdog-reset, hard-fault,
>     Philipp> etc.), validates the firmware image and then starts the
>     Philipp> application. In case the validation fails, it should sit there
>     Philipp> and wait for a new image to be downloaded.
> 
>     Philipp> My questions:
> 
>     Philipp> - What are your experiences and suggestions for Ethernet
>     Philipp> bootloaders?
> 
>     Philipp> - Did I miss anything important?
> 
>     Philipp> - Does Nut/OS offer some functionality for this?
> 
> Hello Phillip,
> 
> I have a CAN bootloader deployed to several STM32F303 boards. It behaves the
> same as the Can Bootloader I used for several hundred ATCan128
> board running for some year now without major problem.
> 
> Some functionality needed for that task is probably already in the main
> tree, while I probably did not abstract most other helper functions to be of
> general meaning so it is not in the main tree. I can send the project is
> wanted.

It would be great if you could send me some examples, yes! I'm primarily
unsure about the application image itself, the bootloader as such should
be rather simple to implement.

> 
> A general Ethernet bootloader is also needed by some other of my projects.
> So I am also interested in your work. I looked at the present bootloader,
> but it was not clear to me what was needed to bring it up and hwo to talk to
> it.  I thought of modifying some of the http upload examples, like
> httpd_upload.c to transfer the new firmware.

Uploading the image should be quite easily doable with all the tools
present in Nut/OS and Ethernut. Since with this approach the bootloader
will need to reside in the MCU flash next to the application, I'd rather
keep it as small as possible to avoid wasting memory for it. Maybe just
a TFTP client or server. On the other hand, should it ever be used on a
platform that is directly connected to the internet, some authentication
and ideally encryption method would definitely be necessary.

What present bootloader do you mean? I quickly searched for a bootloader
in conjunction with Ethernut, but did not find something promising. Or
is there something in the sources?

Thanks!

Bye,
Philipp


More information about the En-Nut-Discussion mailing list