tools/bootloader: add force-erase option and add bootloader version (Sponsored by CubePilot) #22777
Conversation
There was a problem hiding this comment.
@julianoes Nice! The wording on the option felt wrong to me. See if what I added works for you.
|
Fixed, thanks @davids5! |
There was a problem hiding this comment.
Thinking about this a bit more....Since this is s protocol change should we bump the rev and add it to https://github.com/PX4/PX4-Bootloader?
|
@davids5 we should but we haven't in the past, and it looks like ArduPilot has many more features and is also still on the same revision. |
|
@davids5 it doesn't need to go into the Bootloader repo, because it only applies for H7, I think. |
|
Pushed another fixup @davids5. |
|
@davids5 ok, I've accepted your suggestions. I'll run CI, then rebase, squash and force push. |
|
@davids5 on second thought, I think you're right that it would be worthwhile to bump the version number. |
julianoes
changed the title
julianoes
force-pushed
the
pr-bootloader-full-erase
branch
from
77fab46
to
42ef9ce
Compare
|
Thanks @davids5. I'll properly squash the commits and then merge it. |
julianoes
force-pushed
the
pr-bootloader-full-erase
branch
from
42ef9ce
to
7f3f809
Compare
julianoes
changed the title
|
@dagar what's an easy way to update all bootloader images? Do I have to do it one by one? |
|
@julianoes There is a target iirc. something like update_bootloaders |
|
@davids5 thanks, I'll try that. However, I wonder whether we should really bump the protocol version. The problem is that QGC refused to flash bootloader rev 6, and so does the uploader script, and that's even though they would just work fine. Instead of a "major" change it's more like a hidden extra feature. On the other hand, it's hard to know whether a flashed bootloader supports the force-erase option. You basically don't know until you try. |
So it would force an update for QGC and the uploader on the users. How bad is that? |
Not the end of the world but still unexpected. |
julianoes
changed the title
julianoes
force-pushed
the
pr-bootloader-full-erase
branch
from
7f3f809
to
13f2ca2
Compare
|
@davids5 this has evolved a bit. @bugobliterator and I came up with a bootloader version additional to the bootloader protocol revision. For more info, see the PR description and the individual commits. I also took the liberty to clean up the Python script a bit. I'd appreciate your review @davids5. FYI @dagar TODO: re-generate all bootloaders from here. |
@julianoes - can we have a call on this? I am in US EST so maybe 4 AM my time next week or 03:00 PM EST. Let me know |
|
@davids5 I have the feeling the GET_SUPPORTED_COMMANDS API that you suggested is - unfortunately - not really worth the trouble. It seems worthwhile because it would solve the problem where we don't know if force-erase is supported or not, basically if GET_SUPPORTED_COMMANDS is not supported, force-erase won't be either. However, this doesn't hold for the ArduPilot bootloader, so we're sort of back at square one. I agree that it would only be worthwhile for the next bootloader addition down the road, but it doesn't seem quite worth it, because you can easily just "try" every command, except erase which take a long time to time out. |
julianoes
force-pushed
the
pr-bootloader-full-erase
branch
from
a84c75f
to
b847765
Compare
| return | ||
|
|
||
| raise RuntimeError("timed out waiting for erase") | ||
| if self.force_erase: | ||
| raise RuntimeError("timed out waiting for erase, force erase is likely not supported by bootloader!") |
There was a problem hiding this comment.
Wouldn't the the force erase bet met with an immediate command error? In that case should you attempt to use an erase or suggest a bootloader upgrade?
There was a problem hiding this comment.
Yes, that would be nice. But a unknown byte seems to just be ignored. And the erase command is not acked until it is erased, so you have to wait a long time. Not optimal I know...
There was a problem hiding this comment.
geez That seems wrong, bit it is what the code does.
julianoes
force-pushed
the
pr-bootloader-full-erase
branch
from
38e2dda
to
7678d21
Compare
julianoes
changed the title
If the STM32H7 fails to program or erase a full chunk of 256 bytes, the ECC check will trigger a busfault when trying to read from it. To speed up erasing and optimize wear, we read before erasing to check if it actually needs erasing. That's when a busfault happens and the erase time outs. The workaround is to add an option to do a full erase without check. Credit goes to: ArduPilot/ardupilot#22090 And the protocol option added to the bootloader is the same as for ArduPilot, so compatible. Signed-off-by: Julian Oes <julian@oes.ch>
This adds a new protocol extension which allows to get the bootloader version. The bootloader version is different from the bootloader protocol revision which has stabilized at 5 and is not easy to update unless a bootloader is actually breaking the protocol. The reason being that both the Python script as well as the uploader used in QGC will not attempt to load firmware if they don't know the bootloader version, so it could basically be considered a "breaking" protocol revision. Signed-off-by: Julian Oes <julian@oes.ch>
Includes: - Remove some of the outdated Python2 checks and compatibility. - Try not catch all exceptions but only the expected ones. Otherwise, this makes it really hard to debug if anything unexpected actually goes wrong. - Make use of fstrings. - Make output slightly prettier. Signed-off-by: Julian Oes <julian@oes.ch>
Just so we don't conflict on these commands in the future.
Signed-off-by: Julian Oes <julian@oes.ch>
julianoes
force-pushed
the
pr-bootloader-full-erase
branch
from
7678d21
to
d6c9f4a
Compare
|
Final rebase, bootloader rebuild and push. As soon as CI is happy I'll merge. |
|
CI results are the same as main. Merging. |
|
Commit 4a13e49 was succesful on |
Fixed in #23174 |
This PR does two things:
Add force-erase option
If the STM32H7 fails to program or erase a full chunk of 256 bytes, the ECC check will trigger a busfault when trying to read from it.
To speed up erasing and optimize wear, we read before erasing to check if it actually needs erasing. That's when a busfault happens and the erase time outs.
The workaround is to add an option to do a full erase without check.
Credit goes to:
ArduPilot/ardupilot#22090
And the protocol option added to the bootloader is the same as for ArduPilot, so compatible.
Add bootloader version
This PR also adds a new bootloader version essentially a string that we can set in the format of:
PX4BLv1.15.0g12345678constrained to max 32 chars. This allows to check if a bootloader needs updating while not breaking any tooling by bumping the bootloader protocol revision which has been stabilized at 5 for a long time by now.The output of the px_uploader.py now looks as follows: