[bootloader] Add recovery mode feature and version checking

Signed-off-by: George Pappas <pappasgeorge12@gmail.com>

Author: George-bGrid

projects/bootloader/CMakeLists.txt

@@ -55,6 +55,7 @@ set(SRC_FILES
     ${GIT_ROOT_DIR}/projects/bootloader/boards/stm32f401re/startup_stm32f401xe.s
     # --- Actual application ---
     ${GIT_ROOT_DIR}/projects/bootloader/src/main.c
+    ${GIT_ROOT_DIR}/projects/bootloader/src/drivers/user_input.c
     ${GIT_ROOT_DIR}/projects/bootloader/src/drivers/sys/sys_init.c
     ${GIT_ROOT_DIR}/projects/bootloader/src/drivers/sys/sys.c
     ${GIT_ROOT_DIR}/projects/bootloader/src/drivers/uart/uart_driver.c
@@ -103,7 +104,7 @@ target_compile_options(${EXECUTABLE} PRIVATE
         -ffunction-sections
         -fstack-usage
         # Optimise for size
-        #-Os
+        -Os
         )
 
 get_target_property(COMPILE_OPTIONS ${EXECUTABLE} COMPILE_OPTIONS)

projects/bootloader/boards/stm32f401re/STM32F401RETx_FLASH.ld

@@ -58,13 +58,13 @@ _estack = 0x20018000;    /* end of RAM */
 _Min_Heap_Size = 0x200;      /* required amount of heap  */
 _Min_Stack_Size = 0x400; /* required amount of stack */
 
-/* Image header info */
+/* Image header info; This should be used as is */
 __header_size_bytes__ = 40;
 __header_crc_size_bytes__ = 4;
 __header_fw_ver_size_bytes__ = 4;
 __header_hash_size_bytes__ = 32;
 
-/* Primary app info */
+/* Primary app info; This should be adjusted based on the app needs */
 __flash_app_start__ = 0x08008000;
 __flash_app_end__ = 0x0803FFFF;
 __header_app_start__ = __flash_app_end__ - __header_size_bytes__ + 1;
@@ -73,7 +73,7 @@ __header_app_crc_start__ = __header_app_start__;
 __header_app_fw_version_start__ = __header_app_start__ + __header_crc_size_bytes__;
 __header_app_hash_start__ = __header_app_start__ + __header_crc_size_bytes__ + __header_fw_ver_size_bytes__;
 
-/* Secondary app info */
+/* Secondary app info; This should be adjusted based on the app needs */
 __flash_app_secondary_start__ = 0x08040000;
 __flash_app_secondary_end__ = 0x08077FFF;
 __header_app_secondary_start__ = __flash_app_secondary_end__ - __header_size_bytes__ + 1;

projects/bootloader/src/drivers/flash/flash_apis.c

@@ -123,7 +123,8 @@ flash_api_erase_secondary_space(void)
 /**
  * @brief Function to write a firmware packet to the secondary space. Will be used by the firmware update process.
  *        NOTE: it is a responsibility of the caller to make sure that starting address offset is correct.
- *        This function will receive an offset and write the packet data to that offset, starting from the secondary space.
+ *        This function will receive an offset and write the packet data to that offset, starting from the secondary
+ * space.
  *
  * @param packet_data Pointer to the packet data
  * @param packet_size Size of the packet data
@@ -155,4 +156,49 @@ flash_api_write_firmware_update_packet(uint8_t *packet_data, uint32_t packet_siz
     }
 
     return ret;
+}
+
+/**
+ * @brief Function that compares the primary and secondary firmware versions and returns true if the secondary is newer.
+ *
+ * @return true if the secondary firmware is newer, false otherwise.
+ */
+bool
+flash_api_is_secondary_newer(void)
+{
+    // Get the primary and secondary firmware versions
+    uint8_t  primary_version_major = *((uint8_t *)(&__header_app_fw_version_start__));
+    uint16_t primary_version_minor = *((uint16_t *)(&__header_app_fw_version_start__) + 1);
+    uint8_t  primary_version_patch = *((uint8_t *)(&__header_app_fw_version_start__) + 3);
+
+    uint8_t  secondary_version_major = *((uint8_t *)(&__header_app_secondary_fw_version_start__));
+    uint16_t secondary_version_minor = *((uint16_t *)(&__header_app_secondary_fw_version_start__) + 1);
+    uint8_t  secondary_version_patch = *((uint8_t *)(&__header_app_secondary_fw_version_start__) + 3);
+#ifdef DEBUG_LOG
+    printf("Primary version: %d.%d.%d\r\n", primary_version_major, primary_version_minor, primary_version_patch);
+    printf(
+        "Secondary version: %d.%d.%d\r\n", secondary_version_major, secondary_version_minor, secondary_version_patch);
+#endif
+
+    // Compare the versions
+    if (secondary_version_major > primary_version_major)
+    {
+        return true;
+    }
+    else if (secondary_version_major == primary_version_major)
+    {
+        if (secondary_version_minor > primary_version_minor)
+        {
+            return true;
+        }
+        else if (secondary_version_minor == primary_version_minor)
+        {
+            if (secondary_version_patch > primary_version_patch)
+            {
+                return true;
+            }
+        }
+    }
+
+    return false;
 }

projects/bootloader/src/drivers/flash/flash_apis.h

@@ -19,5 +19,6 @@
 bool flash_api_transfer_secondary_to_primary(void);
 bool flash_api_erase_secondary_space(void);
 bool flash_api_write_firmware_update_packet(uint8_t *packet_data, uint32_t packet_size, uint32_t addr_offset);
+bool flash_api_is_secondary_newer(void);
 
 #endif // FLASH_APIS_H

projects/bootloader/src/drivers/sys/sys_init.c

@@ -113,6 +113,6 @@ sys_prepare_for_application(void)
     mpu_config_lock();
     // TODO: GPA: It is important to set the unprivileged mode after the MPU is enabled, to protect bootloader.
     // Right now, setting the unprivileged mode is commented out, because it will cause the bootloader to crash.
-    //set_unprivileged_mode();
+    // set_unprivileged_mode();
     __enable_irq();
 }

projects/bootloader/src/drivers/user_input.c

@@ -0,0 +1,61 @@
+/**
+ * @file user_input.c
+ * @brief This source file is about creating an api to get a user input. In the current implementation, the input is the
+ *        default button on the stm32f401re nucleo board.
+ * @version 0.1
+ * @date 2024-06-24
+ *
+ * @copyright Copyright (c) 2024
+ *
+ */
+
+// --- includes --------------------------------------------------------------------------------------------------------
+#include "user_input.h"
+
+#include "stm32f4xx_hal.h"
+#include <stdbool.h>
+
+// --- defines ---------------------------------------------------------------------------------------------------------
+#define BUTTON_GPIO_PORT GPIOC
+#define BUTTON_GPIO_PIN  GPIO_PIN_13
+
+// --- static function declarations ------------------------------------------------------------------------------------
+static void user_input_init(void);
+
+// --- static function definitions -------------------------------------------------------------------------------------
+static void
+user_input_init(void)
+{
+    static bool is_init = false;
+
+    if (is_init) {
+        return;
+    }
+    // Enable the GPIOA clock
+    __HAL_RCC_GPIOC_CLK_ENABLE();
+
+    // Configure the GPIO pin as input with pull-up
+    GPIO_InitTypeDef GPIO_InitStruct = { 0 };
+    GPIO_InitStruct.Pin              = BUTTON_GPIO_PIN;
+    GPIO_InitStruct.Mode             = GPIO_MODE_INPUT;
+    GPIO_InitStruct.Pull             = GPIO_PULLUP;
+    GPIO_InitStruct.Speed            = GPIO_SPEED_FREQ_LOW;
+    HAL_GPIO_Init(BUTTON_GPIO_PORT, &GPIO_InitStruct);
+
+    is_init = true;
+}
+
+// --- function definitions --------------------------------------------------------------------------------------------
+/**
+ * @brief This function checks if the user input is pressed.
+ *
+ * @return true
+ * @return false
+ */
+bool
+user_input_is_pressed(void)
+{
+    user_input_init();
+
+    return HAL_GPIO_ReadPin(BUTTON_GPIO_PORT, BUTTON_GPIO_PIN) == GPIO_PIN_RESET;
+}

projects/bootloader/src/drivers/user_input.h

@@ -0,0 +1,21 @@
+/**
+ * @file user_input.h
+ * @brief This source file is about creating an api to get a user input. In the current implementation, the input is the
+ *        default button on the stm32f401re nucleo board.
+ * @version 0.1
+ * @date 2024-06-24
+ *
+ * @copyright Copyright (c) 2024
+ *
+ */
+
+#ifndef USER_INPUT_H
+#define USER_INPUT_H
+
+// --- includes --------------------------------------------------------------------------------------------------------
+#include <stdbool.h>
+
+// --- function declarations -------------------------------------------------------------------------------------------
+bool user_input_is_pressed(void);
+
+#endif // USER_INPUT_H

projects/bootloader/src/main.c

@@ -22,6 +22,7 @@
 #include "flash_apis.h"
 #include "common.h"
 #include "com_protocol.h"
+#include "user_input.h"
 
 // --- typedefs --------------------------------------------------------------------------------------------------------
 /**
@@ -62,12 +63,8 @@ typedef struct bl_fsm_ctx_t
     bl_fsm_evts_e   evt_produced : 3;
 
     // Status flags
-    uint8_t is_button_pressed : 1;
     uint8_t newer_ver_on_backup : 1;
     uint8_t recover_main_img : 1;
-
-    // Unused bits
-    uint8_t unused : 7;
 } bl_fsm_ctx_s;
 
 /**
@@ -93,10 +90,10 @@ static bl_fsm_evts_e fsm_bootloop_hdl(bl_fsm_ctx_s * const ctx);
  * E.g. At first, the (current_state == BL_FSM_NONE_STATE and the hdl_output(evt) == BL_FSM_NONE_STATE) -> fsm_init_hdl will be executed.
  *      The fsm_init_hdl, will set the current_state == BL_FSM_INIT_STATE and if (for example) hdl_output(evt) ==  BL_FSM_ERR_OR_NONE_EVT,
  *      -> fsm_crc_check_hdl will be called on the next state machine cycle.
- * 
+ *
  * The purpose of this fsm is to follow a path, from the init (boot) phase to either booting the application, or entering the recovery
  * mode.
- * 
+ *
  */
 static const bl_fsm_handler bl_fsm_map[BL_FSM_STATE_COUNT][BL_FSM_EVT_COUNT] = {
                                /* | BL_FSM_ERR_OR_NONE_EVT | BL_FSM_CHECK_PASS_EVT | BL_FSM_CHECK_FAIL_EVT | BL_FSM_BUTTON_PRESSED_EVT */
@@ -178,15 +175,13 @@ fsm_init_hdl(bl_fsm_ctx_s * const ctx)
 #ifdef DEBUG_LOG
         printf(" --- BOOTLOADER Start --- \r\n");
 #endif
-    // TODO: GPA: we need to check if button is pressed or if there is a newer version in the backup region
-    // Button has always higher priority. If pressed, the init handler returnes and bootloader enters recovery mode.
-    if (/*button is pressed*/ 0)
+
+    if (user_input_is_pressed())
     {
-        ctx->is_button_pressed = true;
         return BL_FSM_BUTTON_PRESSED_EVT;
     }
 
-    if (/*newer version in backup*/ 0)
+    if (flash_api_is_secondary_newer())
     {
         ctx->newer_ver_on_backup = true;
     }

scripts/build_tools/build.sh

@@ -57,6 +57,10 @@ create_dfu_image() {
     echo "Creating DFU image..."
     pwd
     python create_dfu_image.py "$GIT_ROOT/$binary_path" "$GIT_ROOT/$linker_script" "$version_major" "$version_minor" "$version_patch"
+    #if python fails, try with python3
+    if [ $? -ne 0 ]; then
+        python3 create_dfu_image.py "$GIT_ROOT/$binary_path" "$GIT_ROOT/$linker_script" "$version_major" "$version_minor" "$version_patch"
+    fi
     #TODO: GPA: don't fail the rest of the script if the python script fails.
 }
 

scripts/build_tools/build_info.yaml

@@ -22,7 +22,7 @@ projects:
       linker_script: "projects/app/boards/stm32f401re/STM32F401RETx_FLASH.ld"
       version:
         major: 1
-        minor: 1
+        minor: 2
         patch: 0
   - project_name: "bootloader"
     build_all: true

scripts/firmware_update_tools/bootloader_tool.py

@@ -24,7 +24,7 @@ def compute_crc16(data):
 class FirmwareUpdateFactory:
     def __init__(self):
         self.buffer = bytearray(256)
-    
+
     def create_fwug_start_msg(self):
         msg_len = 2 + 2  # Total length: 2 bytes header + 2 bytes footer
         msg_header = struct.pack('BB', COM_PROTO_MSG_TYPE_FWUG_START, msg_len)
@@ -34,61 +34,61 @@ def create_fwug_start_msg(self):
         message = msg_header + struct.pack('>H', crc16)
         self.buffer[:len(message)] = message
         return self.buffer[:len(message)]
-    
+
     def create_fwug_data_msg(self, packet_number, payload):
         if len(payload) != FIRMWARE_UPDATE_PACKET_SIZE:
             raise ValueError(f"Payload must be {FIRMWARE_UPDATE_PACKET_SIZE} bytes")
-        
+
         msg_len = 2 + 2 + FIRMWARE_UPDATE_PACKET_SIZE + 2  # Header + packet number + payload + footer
         msg_header = struct.pack('BB', COM_PROTO_MSG_TYPE_FWUG_DATA, msg_len)
         packet_num = struct.pack('<H', packet_number)  # Big-endian packet number
         msg_footer = struct.pack('H', 0)  # Placeholder for CRC16
-        
+
         message = msg_header + packet_num + payload + msg_footer
         crc16 = compute_crc16(message[:-2])
         message = msg_header + packet_num + payload + struct.pack('>H', crc16)
-        
+
         self.buffer[:len(message)] = message
         return self.buffer[:len(message)]
-    
+
     def create_fwug_cancel_msg(self):
         msg_len = 2 + 2  # 2 bytes header + 2 bytes footer
         msg_header = struct.pack('BB', COM_PROTO_MSG_TYPE_FWUG_CANCEL, msg_len)
         msg_footer = struct.pack('H', 0)
         message = msg_header + msg_footer
         crc16 = compute_crc16(message[:-2])
         message = msg_header + struct.pack('>H', crc16)
-        
+
         self.buffer[:len(message)] = message
         return self.buffer[:len(message)]
 
-def send_message_via_serial(message, port='COM9', baudrate=115200):
+def send_message_via_serial(message, port='/dev/ttyACM0', baudrate=115200):
     # Open serial port
     ser = serial.Serial(port, baudrate)
-    
+
     # Create the buffer of 256 bytes
     buffer_size = 256
     buffer = bytearray(buffer_size)
-    
+
     # Copy message into the buffer
     buffer[:len(message)] = message
-    
+
     # Fill the rest of the buffer with 0xFF
     for i in range(len(message), buffer_size):
         buffer[i] = 0xFF
-    
+
     # Convert buffer to hex string
     hex_buffer = buffer.hex()
-    
+
     # Print hex buffer for verification
     #print("Hex Buffer:", hex_buffer)
     ser.write(bytes.fromhex(hex_buffer))
-    
+
     # Initialize variables for response handling
     max_wait_time = 15  # Maximum wait time in seconds
-    check_interval = 0.001  # Interval to check for response in seconds
+    check_interval = 0.01  # Interval to check for response in seconds
     total_wait_time = 0
-    
+
     # Wait for the response
     response = bytearray()
     while total_wait_time < max_wait_time:
@@ -97,15 +97,16 @@ def send_message_via_serial(message, port='COM9', baudrate=115200):
             break
         time.sleep(check_interval)
         total_wait_time += check_interval
-    
+
     # Print the response in hex format for verification
     # if response:
     #     print("Response (Hex):", response.hex())
     # else:
     #     print("No response received within the maximum wait time")
-    
+
     # Close serial port
     ser.close()
+    return response
 
 # Function to send firmware update data in chunks
 def send_firmware_update(file_path, factory):
@@ -116,12 +117,12 @@ def send_firmware_update(file_path, factory):
             data_chunk = f.read(FIRMWARE_UPDATE_PACKET_SIZE)
             if not data_chunk:
                 break  # No more data to send
-            
+
             # Create FWUG_DATA message
             data_msg = factory.create_fwug_data_msg(packet_number, data_chunk)
             print(f"Sending FWUG_DATA Message {packet_number}:")
-            send_message_via_serial(data_msg)
-            
+            response = send_message_via_serial(data_msg)
+            print("Response:", response.hex())
             packet_number += 1
 
 if __name__ == "__main__":