Skip to main content
W
Wocket
Visitor II
May 9, 2022
Question

With BFB2 set on an STM32F429 (i.e. the ROM bootloader runs before the application code) it is not possible to start an application that runs from the flash alias at address 0. That works fine with BFB2=0.

  • May 9, 2022
  • 2 replies
  • 882 views

STM32F429.

The problem appears after the bootloader has run and jumped to application code, which it does when BFB2=1. When my application reads data from addresses around 0, it gets data from the ROM bootloader instead of from flash. I.e. it behaves like if SYSCFG_MEMRMP.MEM_MODE=1 (system flash mapped at 0), although it should be, and is, set to 0 (flash mapped at 0) at this time. Reading the same addresses from the debugger returns data from flash.

Executing code from the mapping at 0 doesn't work: it is not possible to run a program that has specified its entry point as for example 0x00003089 in the vector table. I can set a break point at 0x3088, but the wrong instructions get executed from there.

Here is a simple reproducer program (I assemble it with GNU AS, no linker involved, so it gets located at address 0). It works for me with BFB2=0 in the option bits, but with BFB2=1 it does not.

.syntax unified
 .cpu cortex-m4
 .thumb
 
vector_table:
.word 0x20000100
.word 0x1001
 
.org 0x1000
reset:
 // Turn on a LED on PC3
 ldr r1,=0x40023800 // RCC base address
 ldr r0,=0x00000004 // GPIOCRST in RCC_AHB1ENR
 str r0,[r1,#0x30] // Set GPIOCRST in RCC_AHB1ENR
 
 ldr r1,=0x40020800 // GPIOC base address
 ldr r0,=0x00000040 // MODER3 = 1 (GPIO out)
 str r0,[r1,#0x00] // Set GPIOC_MODER
 ldr r0,=0x00000008 // ODR3 = 1
 str r0,[r1,#0x14] // Set GPIOC_ODR
 
loop:
 bl loop

    This topic has been closed for replies.

    2 replies

    B
    Brian H
    Graduate II
    November 14, 2022

    I am also having trouble getting code to work with BFB2 set. In my case, application code runs for a short time, then the chip resets, in an endless loop. This begins immediately after the option bit takes effect. See this thread. I am also without an answer so far. Hopefully this comment will help raise exposure for both of us.

    B
    Brian H
    Graduate II
    November 14, 2022

    Oh, I think I might know the answer to your problem, from the docs. See AN4767 section 3.2, Automatic Bank Selection:

    "Beware of using the address 0x0000 0000 with dual bank automatic selection. This address range remains aliased to the system memory, despite the fact that the BOOT0 value points to main Flash memory selection."

    So your application needs to be based at 0x0800 0000, not 0x0000 0000, for BFB2 to work properly. You say your application is based at 0x0000 0000, which the docs say won't work (as that address points into system memory when BFB2 is set).

    Terms & ConditionsAccessibility statement