With the continuous expansion of chip resources, the diversity of App (Application) upgrade methods has increased. For example, the SOTA (Software Updates Over The Air) to be discussed in this article uses the Aurix TC3xx SWAP mechanism to make App upgrades more convenient. This article discusses some key issues in implementing SOTA:
- Aurix TC3xx memory mapping mechanism
- SWAP configuration and precautions
- Aurix TC3xx SWAP Demo implementation
Memory mapping mechanism of Aurix TC3xx
If you want to support the SWAP function, first of all, the hardware’s memory resources need to be sufficient. Because the SWAP function requires two physical memory spaces of equal size to store programs. eg: The size of the App program is 3Mbyte. If you want to support the SWAP function, at least the PFlash space of the hardware is required > 6Mbyte. First, take a look at the memory space and mapping mechanism in the TC39x manual:
1. Standard Address Map
When the SOTA function is not enabled, the App program can exist in PF0 (Program Flash0) ~ PF5 (Program Flash5) as shown below. The total space size is 16Mbyte, and the 16Mbyte space is divided into Segment A, as shown below:
2. Alternate Address Map
When the SOTA function is enabled, PFlash is divided into two Bank Groups, namely: A-Banks and B-Banks, which is what we often call the A/B partition, and one of the Banks is mapped to the CPU The executable space, this Banks is called the active area (Active Banks), and the Banks that are not mapped to the CPU execution space are called the inactive area (Inactive Banks). Among them, PF0, PF1, and PF4 are mapped to A-Banks, and PF2, PF3, and PF5 are mapped to B-Banks, as shown below:
For TC39x, the SWAP space can reach 7MByte, and the A/B partition is as follows:
A-Banks and B-Bankseach use 7M of physical memory space, and when the program is actually run, they can be mapped to the virtual address space starting from 0xA0000000, as shown below :
Note:
When operating Flash through DMU (Data Memory Unit), you need to operate the physical address space mapped by Pflash. That is: when Active Banks erases Inactive Banks, it needs to be erased/written according to the address space mapped by Inactive Banks.
eg: The starting address of A-Banks (Active Banks) is 0xA0000000, and the starting address of B-Banks (Inactive Banks) is 0xA0600000. When A-Banks operates the Flash Driver to erase/write B-Banks, the starting address of the operation is 0xA0600000.
SWAP configuration and precautions
1. Basic process of using SWAP
Enabling the SWAP function includes four basic processes:
Adjust Linker file (link file);
- Software development mainly refers to App program development and generation of executable files (.bin, .Hex, etc.);
- Burn the executable file into PFlash;
- Configure SWAP, including: A/B selection configuration, SWAP enablement.
- The corresponding process is as follows:
Note: The Reset here cannot be Application Reset. System Reset is recommended.
(1) Adjust Linker file
Here is a linker file adjustment diagram (without HSM (Hardware Security Module)), as shown below:
For TC397, A/B can allocate 7M space, and then compile Project A and Project B respectively according to the adjusted link file, that is: Project A corresponds to Linker A of A-Banks, and Project B corresponds to Linker B of B-Banks. Generally During processing, Linker A and Linker B share the same link file.
The core point of this article is: Configuring SWAP.
To configure SWAP, you need to configure UCB23 (ORIG) and UCB31 (COPY) and select the mapping address. UCB is located in the DFlash0 area, and the address space ranges of UCB23 (ORIG) and UCB31 (COPY) are as follows:
The format of UCB23 is fixed as follows:
A maximum of 16 SWAP instances can be configured, but the firmware SSW (Startup Software) only selects the last valid execution.
(1) UCB_SWAP_ORIG_MARKERLx (x=0~15)
The SWAP bit field sets the address mapping method, namely: the above-mentioned STD (Standard Address Map, 0x55), ALT (Alternate Address Map, 0xAA), as shown below:
(2) UCB_SWAP_ORIG_MARKERHx (x=0~15)
MARKERHx stores the entry address corresponding to MARKERLx.SWAP.
(3) UCB_SWAP_ORIG_CONFIRMATIONLx (x=0~15)
If you want MARKERLx.SWAP to be effective, you need to write the fixed value 0x57B5327F in the UCB_SWAP_ORIG_CONFIRMATIONLx register.
(4) UCB_SWAP_ORIG_CONFIRMATIONHx (x=0~15)
Store the entry address of CONFIRMATIONLx.CODE.
(5) Code implementation of SWAP configuration
SWAP configuration is the prerequisite for enabling SWAP. The code implementation of (1)~(4) above is as follows:
/* Memory A/B SWAP */
void Swap_ConfigAndEnable(uint32 map)
{<!-- -->
/* UCB_SWAP_COPY */
ucb_erase(UCB_SWAP_COPY);
ucb_write(UCB_SWAP_COPY, map, UCB_SWAP_COPY);
ucb_write(UCB_SWAP_COPY + 8, CONFIRMEDCODE, UCB_SWAP_COPY + 8);
ucb_write(UCB_SWAP_COPY + 0x1F0, UNLOCKCODE, 0x00000000);
/* UCB_SWAP_ORIG */
ucb_erase(UCB_SWAP_ORIG);
ucb_write(UCB_SWAP_ORIG, map, UCB_SWAP_ORIG);
ucb_write(UCB_SWAP_ORIG + 8, CONFIRMEDCODE, UCB_SWAP_ORIG + 8);
ucb_write(UCB_SWAP_ORIG + 0x1F0, UNLOCKCODE, 0x00000000);
/* Enable SWAP */
ucb_write(UCB_OTP0_COPY + 0x1E8, 0x00030000, 0x00000000);
ucb_write(UCB_OTP0_ORIG + 0x1E8, 0x00030000, 0x00000000);
}
The SWAP disabling code is as follows:
/* SWAP Disable */
void swap_disable(void)
{<!-- -->
// Erase UCB31(UCB_SWAP_COPY)
ucb_erase(UCB_SWAP_COPY);
// Write Confirmation Code into UCB31
ucb_write(UCB_SWAP_COPY + 0x1F0, UNLOCKCODE, (uint32)0x00000000);
// Delete UCB23(UCB_SWAP_ORIG)
ucb_erase(UCB_SWAP_ORIG);
// Write Confirmation Code into UCB23
ucb_write(UCB_SWAP_ORIG + 0x1F0, UNLOCKCODE, (uint32)0x00000000);
// Erase UCB40(UCB_OTP0_COPY)
ucb_erase(UCB_OTP0_COPY);
// Write Confirmation Code into UCB40
ucb_write(UCB_OTP0_COPY + 0x1F0, UNLOCKCODE, (uint32)0x00000000);
// Erase UCB32(UCB_OTP0_ORIG)
ucb_erase(UCB_OTP0_ORIG);
// Write Confirmation Code into UCB32
ucb_write(UCB_OTP0_ORIG + 0x1F0, UNLOCKCODE, (uint32)0x00000000);
}
hint:
-
The map here = 0x55 or 0xAA;
-
The CONFIRMATION register corresponding to UCB23 is configured in UNLOCKCODE mode (0x43211234).
3. SWAP enablement
To enable SWAP, you need to configure UCB_OTPx_ORIG (x = 0~7), as shown below:
During the startup phase, SSW will verify UCB_OTP0~7:
- The default verification is UCB_OTP0 (it will be verified in CONFIRMED or UNLOCKED state);
- For UCB_OTP1~7, it will only be verified in the CONFIRMED state;
- If the ORIG area is invalid, the corresponding COPY area will be checked.
To enable SWAP, you need to configure the PROCONTP register of UCB32 (Offset = 41E8H), that is: write 0x00030000 to the 0xAF4041E8 address.
Note: Before enabling the SWAP function, you need to make sure that UCB_SWAP_ORIG and UCB_SWAP_COPY have been configured. After the SWAPEN configuration is enabled, executing System Reset will take effect.
When the PROCONTP register configuration of UCB32 is enabled, you can confirm the enablement of SOTA by reading the SWAPEN bit field of HF_PROCONTP, as shown below:
Software can confirm the currently activated Banks by reading the SWAP_CFG bit field of the SCU_STMEM1 register, as shown below:
4. Board lock risk caused by improper SWAP configuration
Special attention should be paid to the use of SWAP, otherwise the board will be locked and must be restored, as shown below:
Aurix TC3xx SWAP Demo implementation
Regarding the code implementation of SWAP, refer to the project on github. The specific link is as follows:
Link