Added boot loader enable bit check for 512K model. Fixed Bug #1, adde…

…d graceful exit if bootloader doesn't respond on status request (because it's been locked).
JelmerT · Mar 2, 2014 · 1223bfe · 1223bfe
1 parent 7bc5b46
commit 1223bfe
Show file tree

Hide file tree

Showing 2 changed files with 17 additions and 3 deletions.
diff --git a/README.md b/README.md
@@ -15,7 +15,7 @@ To communicate with the uart port of the CC2538 SoC you need a usb to serial con
 ###Boot Loader Backdoor
 
 Once you connected the SoC you need to make sure the serial boot loader is enabled. A chip without a valid image (program), as it comes from the factory, will automatically start the boot loader. After you upload an image to the chip, the "Image Valid" bits are set to 0 to indicate that a valid image is present in flash. On the next reset the boot loader won't be started and the image is immediately executed.   
-To make sure you don't get "locked out", i.e. not being able to communicate over serial with the boot loader in the SoC anymore, you need to enable the boot loader backdoor in your image (this is not checked by the current version of the script yet). When the boot loader backdoor is enabled the boot loader will be started when the chip is reset and a specific pin of the SoC is pulled high or low (configurable).   
+To make sure you don't get "locked out", i.e. not being able to communicate over serial with the boot loader in the SoC anymore, you need to enable the boot loader backdoor in your image (the script currently only checks this on firmware for the 512K model). When the boot loader backdoor is enabled the boot loader will be started when the chip is reset and a specific pin of the SoC is pulled high or low (configurable).   
 The boot loader backdoor can be enabled and configured with the 8-bit boot loader backdoor field in the CCA area in flash. If you set this field to 0xF3FFFFFF the boot loader will be enabled when pin PA3 is pulled low during boot. This translates to holding down the `select` button on the SmartRF06 board while pushing the `EM reset` button.
 If you did lock yourself out or there is already an image flashed on your SoC, you will need a jtag programmer to erase the image. This will reset the image valid bits and enable the boot loader on the next reset. The SmartRF06EB contains both a jtag programmer and a USB to uart converter on board.
 
@@ -28,7 +28,7 @@ You can find more info on the different options by executing `python cc2538-bsl.
 
 ###Remarks
 
-* Currently the CC2538-bsl doesn't check if the boot loader backdoor is enabled in the image it is about to flash.
+* Currently the CC2538-bsl only checks the boot loader backdoor enable bit on 512K model of CC2538.
 * Programming multiple SoCs at the same time is not yet supported.
 * Automatic detection of the serial port needs testing, especially on Windows.
 * Reading the full flash of a 512K chip takes a really long time, use the length option to only read what you're interested in for now.

diff --git a/cc2538-bsl.py b/cc2538-bsl.py
@@ -189,6 +189,9 @@ def sendSynch(self):
 
     def checkLastCmd(self):
         stat = self.cmdGetStatus()
+        if not (stat):
+            raise CmdException("No response from target on status request. (Did you disable the bootloader?)")
+
         if ord(stat) == COMMAND_RET_SUCCESS:
             mdebug(10, "Command Successful")
             return 1
@@ -313,6 +316,9 @@ def cmdDownload(self, addr, size):
         cmd=0x21
         lng=11
 
+        if (size % 4) != 0: #check for invalid data lengths
+            raise Exception('Invalid data size: %i. Size must be a multiple of 4.' % size)
+
         self.sp.write(chr(lng)) #send length
         self.sp.write(self._calc_checks(cmd,addr,size)) #send checksum
         self.sp.write(chr(cmd)) # send cmd
@@ -377,7 +383,15 @@ def writeMemory(self, addr, data):
         trsf_size = 248 #amount of data bytes transferred per packet (theory: max 252 + 3)
         empty_packet = [255]*trsf_size #empty packet (filled with 0xFF)
 
-        data_fill_amount = sum(x != 255 for x in data)
+        # Boot loader enable check
+        # TODO: implement check for all chip sizes & take into account partial firmware uploads
+        if (lng == 524288): #check if file is for 512K model
+            if not ((data[524247] & (1 << 4)) >> 4): #check the boot loader enable bit  (only for 512K model)
+                if not query_yes_no("The boot loader backdoor is not enabled "\
+                    "in the firmware you are about to write to the target. "\
+                    "You will NOT be able to reprogram the target using this tool if you continue! "\
+                    "Do you want to continue?","no"):
+                    raise Exception('Aborted by user.')
 
         mdebug(5, "Writing %(lng)d bytes starting at address 0x%(addr)X" %
                { 'lng': lng, 'addr': addr})