New version of MCUBoot bootloader : I need your help!
#1
Lightbulb 
Hi everyone!
These last few weeks, I've been working on improving the MCUBoot bootloader. This bootloader is the one that is programmed at the factory along with InfiniTime 0.7.1.
I think I've reached a state that allows other developers and users of PineTime devkit (not sealed) to test, debug and raise issues.
But first, a bit of background info:

What is the purpose of a bootloader?
The bootloader is the first software to be ran after a reset. Its main goal is to initialize the MCU and load the application firmware. The bootloader can provides many additional functionalities like firmware upgrade, recovery, firmware authentification, HW diagnostic and selftest,...

As of now, there are 2 major bootloaders for the PineTime:
  • The MCUBoot bootloader (used by InfiniTime)
  • The NRF Bootloader (used by Wasp-os)

They provide different functionalities and are based on different software.

The MCUBoot bootloader is 100% open-source and provide  a minimal set of functionalities : firmware upgrade (the upload of the new firmware is done by the application firmware, InfiniTime for example), manual revert to the previous version of the firmware, really basic UI.

The NRF bootloader is based on closed-source software from Nordic Semi and provide more functionalities like OTA (firmware upload via BLE). This bootloader is tightly coupled to the NRF SoftDevice BLE stack (closed source as well).

Both bootloaders are incompatible (a firmware built for one cannot run on the other one).

Why do we need a new version of the MCUBoot bootloader?
To improve it! The version that is currently programmed at the factory is the very first version we released. Since then, we found some bugs and found out we needed a bit more functionalities and reliability.

The most visible additions to this new version are :
  • The possibility to force revert to the previous version of the firmware
  • The possibility to install a recovery firmware from the external flash memory. This firmware can be useful if you installed a firmware that does not support OTA, for example.
  • Simple UI
  • The bootloader displays its own version and exports it to the application.

In the end, the goal is to be confident enough in this bootloader to advise users of sealed PineTimes to update their device. And maybe apply the new bootloader at production level too.

How to test it?
The code of the new bootloader is available on github. It contains the code of the bootloader extracted from Lup's repo.

The file README.md explains how the bootloader works and provides pictures of the UI.

The release page contains one test release.

If you have a devkit, a SWD debugger and if you know how to restore you device in case of issue, you can try to apply the update as explained on the release page.

If you don't have a SWD setup, don't know how to use it to reflash your device from scratch or if you use a sealed device, please, do not apply this update and wait for an actual release of the bootloader !

What should be tested?
  • The update procedure from a device coming out of factory (factory bootloader + InfiniTime 0.7.1) : First update the bootloader, then flash the recovery firmware, then use your PineTime
  • The OTA procedure (update InfiniTime)
  • The revert procedure
  • The recovery procedure
  • The switching procedure to/from InfiniTime and wasp-os

And report issues, comments, questions, feedbacks and successes on this post, or in the github repo!

[EDIT 01/01/2021] : Test degraded cases
The release page now contains 3 test firmwares that can be applied to test degraded cases that could happen during the OTA:
  • testfw-random-dfu.zip : this firmware contains only random data instead of executable code. This could happen if the user applied a DFU file that is not intended to be run on a Pinetime. In this case, the bootloader will apply the upgrade, notice that it's not runnable and will automatically revert to the previously running firmware.
  • testfw-no-validate-no-watchdog.zip : this firmware displays a yellow InfiniTime logo. It does not validate the firmware and does not refresh the watchdog. It simulates a firmware that crashes and that is not able to refresh the firmware. The watchdog will reset the device and MCUBoot will revert to the previously running firmware.
  • testfw-validate-wdt-no-ota.zip : This firmware does refresh the watchdog AND automatically validate the version. It means that to the point of view of MCUBoot, the firmware is working fine! BUT... this bad firmware does not provide the OTA and the reset functionality. This is one of the worst degraded case : the bootloader cannot do anything! The only workaround is to wait for the battery to drain completely and then charge the PineTime again. This is reset the CPU and offer the possibility to force a firmware revert during the next boot.
  • The worst of the worst degraded cases is one where the new firmware erase or overwrite the bootloader and/or the recovery firmware with invalid data. In this case, the device is totally bricked and can only be recovered using SWD (meaning the device must be opened).

Thanks!
Working on InfiniTime, the FOSS firmware for the PineTime: https://github.com/InfiniTimeOrg/InfiniTime

Mastodon : https://mastodon.codingfield.com/@JF
Twitter : https://twitter.com/codingfield
Matrix : @JF002:matrix.org


Messages In This Thread
New version of MCUBoot bootloader : I need your help! - by JF002 - 12-27-2020, 09:33 AM

Possibly Related Threads…
Thread Author Replies Views Last Post
Information PineTime Updater for Flashing New Bootloader and FreeRTOS Firmware lupyuen 2 5,245 07-31-2020, 05:10 PM
Last Post: lupyuen
  MCUBoot Bootloader for PineTime lupyuen 2 5,781 05-18-2020, 04:23 PM
Last Post: lupyuen
  common bootloader? Jeeves 15 20,342 05-11-2020, 05:34 AM
Last Post: danielt
  wasp-bootloader: a robust SoftDevice bootloader for PineTime danielt 3 5,508 04-14-2020, 05:31 AM
Last Post: danielt

Forum Jump:


Users browsing this thread: 2 Guest(s)