* Less generics on bootloader. Keep PAGE_SIZE as a common multiple of DFU and ACTIVE page sizes. * Document restriction * Add unit tests for different page sizes
		
			
				
	
	
		
			34 lines
		
	
	
		
			2.3 KiB
		
	
	
	
		
			Plaintext
		
	
	
	
	
	
			
		
		
	
	
			34 lines
		
	
	
		
			2.3 KiB
		
	
	
	
		
			Plaintext
		
	
	
	
	
	
| = Bootloader
 | |
| 
 | |
| `embassy-boot` a lightweight bootloader supporting firmware application upgrades in a power-fail-safe way, with trial boots and rollbacks.
 | |
| 
 | |
| The bootloader can be used either as a library or be flashed directly if you are happy with the default configuration and capabilities.
 | |
| 
 | |
| By design, the bootloader does not provide any network capabilities. Networking capabilities for fetching new firmware can be provided by the user application, using the bootloader as a library for updating the firmware, or by using the bootloader as a library and adding this capability yourself.
 | |
| 
 | |
| The bootloader supports both internal and external flash by relying on the `embedded-storage` traits.
 | |
| 
 | |
| 
 | |
| == Hardware support
 | |
| 
 | |
| The bootloader supports
 | |
| 
 | |
| * nRF52 with and without softdevice
 | |
| * STM32 L4, WB, WL, L1 and L0
 | |
| 
 | |
| In general, the bootloader works on any platform that implements the `embedded-storage` traits for its internal flash, but may require custom initialization code to work.
 | |
| 
 | |
| == Design
 | |
| 
 | |
| The bootloader divides the storage into 4 main partitions, configured by a linker script:
 | |
| 
 | |
| * BOOTLOADER - Where the bootloader is placed. The bootloader itself consumes about 8kB of flash.
 | |
| * ACTIVE - Where the main application is placed. The bootloader will attempt to load the application at the start of this partition. This partition is only written to by the bootloader.
 | |
| * DFU - Where the application-to-be-swapped is placed. This partition is written to by the application.
 | |
| * BOOTLOADER STATE - Where the bootloader stores the current state describing if the active and dfu partitions need to be swapped. When the new firmware has been written to the DFU partition, a flag is set to instruct the bootloader that the partitions should be swapped.
 | |
| 
 | |
| The partitions for ACTIVE (+BOOTLOADER), DFU and BOOTLOADER_STATE may be placed in separate flash. The page size used by the bootloader is determined by the lowest common multiple of the ACTIVE and DFU page sizes.
 | |
| The BOOTLOADER_STATE partition must be big enough to store one word per page in the ACTIVE and DFU partitions combined.
 | |
| 
 | |
| The bootloader has a platform-agnostic part, which implements the power fail safe swapping algorithm given the boundaries set by the partitions. The platform-specific part is a minimal shim that provides additional functionality such as watchdogs or supporting the nRF52 softdevice.
 |