Skip to main content
S
satyam9896
Visitor II
December 27, 2024
Question

How to Dynamically Change Flash Base Address for OTA Updates Without Hardcoding in Bin File?

  • December 27, 2024
  • 4 replies
  • 2386 views

Hello ST Community,

I am working on an OTA (Over-The-Air) update implementation for an STM32L072 series microcontroller which has 192kb flash memory. In my setup, I have divided the flash memory into three regions: bootloader (starting at 0x08000000), App1 (0x08005000) which will initially running, and App2 (0x0801C000) where first firware binfile will be flash through OTA process. The bootloader handles jumping to the active application( suppose active app is 1 so it will set the msp and jump to that address for example in initial stage the msp is set at app1 address which is 0x08005000), and OTA updates allow switching between App1 and App2 slots( for example ones new fw will be flashed and CRC done the value for active app will be chnaged and will be store in flash and reset and again B.L will check and set msp and jump to that address).

Here is my challenge: When performing OTA updates, the bin file includes a hardcoded vector table offset and flash base address(VECT TABLE OFFSET 0x08005000 and same flash base address ). if a new firmware update is targeted at App2, the bin file assumes the flash base address is 0x0801C000. However, this creates an issue in scenarios where the firmware is deployed to devices that have skipped previous updates (e.g., suppose person A has done with very first update where B has skipped the update but ones second update will come in future the Person B's device, which is still running App1 will have problem bcz the second bin file have hard coded vect offset and flash base address value ). In this case, the new update intended for App2 cannot run because its vector table offset and flash base address conflict with the currently active App1 slot.

I want to avoid relying on hardcoded flash base addresses in the bin file. Instead, I aim to dynamically configure the flash base address and vector table offset at runtime based on the active slot values. This would allow skipped updates to function correctly without introducing mismatches.

Is there a recommended way to achieve this on STM32L0 series devices? Specifically:

  1. Can the FLASH_BASE macro or the vector table offset be adjusted dynamically after firmware deployment?
  2. What modifications are needed in the linker script or firmware to support this functionality?
  3. How can I ensure compatibility with devices that skip one or more updates?

 

file name: system_stm32l0xxc.c

 #define USER_VECT_TAB_ADDRESS
#if defined(USER_VECT_TAB_ADDRESS)
/*!< Uncomment the following line if you need to relocate your vector Table
 in Sram else user remap will be done in Flash. */
/* #define VECT_TAB_SRAM */
#if defined(VECT_TAB_SRAM)
#define VECT_TAB_BASE_ADDRESS SRAM_BASE /*!< Vector Table base address field.
 This value must be a multiple of 0x200. */

#define VECT_TAB_OFFSET 0x00000000U /*!< Vector Table base offset field.
 This value must be a multiple of 0x200. */
#else
#define VECT_TAB_BASE_ADDRESS FLASH_BASE /*!< Vector Table base address field.
 This value must be a multiple of 0x200. */
#define VECT_TAB_OFFSET 0x5000U /*!< Vector Table base offset field.
 // This value must be a multiple of 0x200. */
#endif /* VECT_TAB_SRAM */
#endif /* USER_VECT_TAB_ADDRESS */​

 

Any guidance or suggestions for this dynamic handling of the flash base address would be greatly appreciated!

Thank you!

    This topic has been closed for replies.

    4 replies

    M
    MM..1
    Graduate II
    December 27, 2024

    My tip this is waste of energy try doing this safe. More simple and safe is concept with APP0 as factory never rewrited and APP1 as any update. Bootloader can be part of APP0 or separate based on requirments.

    S
    satyam9896Author
    Visitor II
    December 28, 2024

    but suppose App0 is running and helping in flash of new bin fine download through OTA process and save it at app1 slot but then the VECT offset need to be change dyanmically to addressing the app1 slot on very next reset save and suppose even tho it can be done but as we know that after reset app1 will be running and will help in download the bin file through ota but for that its req to erase the app0 slote first so to make it done we have to change the vect offset dyanicallly to run app1 so that it can perform the erase task. and vive versa form next ownwards updates between slot1 and slot 2.
    NOTE: im using stm32l072 which has 192kb flash. and my app code req atleast80kb.

     

    M
    MM..1
    Graduate II
    December 28, 2024

    No for every OTA your app need jump back to app0 = factory , then erase OTA1 and load OTA1.

    Boot process if found valid OTA1 start it instead factory. ASAP

    S
    satyam9896Author
    Visitor II
    December 28, 2024

    i belive suppose my application is running at address 0x08005000 so one this must be set is VECT offset which should be 0x5000 and also in keil in configure tool i have o set the the ROM1 start address which nothing but flash i believe and also its size otherwise it wont work ..i have attached the image of the configuration window 

    Here is my challange: i want to write this values start and size in code dyanamically so how can i achieve this in stm32l072. 

    if i will be able to do this then i can flash any bin file in ota withut hardcode vect offset table value and this config for ROM1 value . 
    also i checked but im not able to find this how to change this values in code files.

    configure.png

    T
    Tesla DeLorean
    Graduate II
    December 28, 2024

    The vector table contains hard-coded absolute addresses, you'll need to patch the table with relocated addresses.

    You could perhaps do this by having the boot loader copy and fix these in RAM, say the base at 0x20000000, and then map SCB->VTOR to that.

    The loader would also know/determine the newer app image, and that it's valid/intact, and manage the relocation/hand-over.

    A very simple assembler sequence could return the execution address if that's important, and you could build code as "address independent"

    S
    satyam9896Author
    Visitor II
    December 30, 2024

    can you please share any example for this where they will be doing same flow which you exaplined and also any refernce video. it would be helpful.

    S
    satyam9896Author
    Visitor II
    December 31, 2024

    Tell me one thing there is codeA in which nothing but in while(1) LED will Toggle and code has offset table variable set as  0x00005000 and in keil configration setting the start address of IROM1 is : Start ->  0x0801C000 and size: 0xA000 you can see the photo of keil configration setting window above already i have shared. Now, I have compiled the code and generated bin file same Bin I will flash it at address 0x08005000 from mx cube programmer.
    In this scenerio suppose my Booloader bin is at address 0x08000000 and as per logic it will help to set msp=0x08005000 and also jump to same reset handler as write below....

     
       void (*app_reset_handler)(void) = (void (*)(void))(*((volatile uint32_t*) (0x08005000+ 4U)));
     
      /* Reset the Clock */
       __HAL_RCC_GPIOC_CLK_DISABLE();
    __HAL_RCC_GPIOD_CLK_DISABLE();
    __HAL_RCC_GPIOB_CLK_DISABLE();
    __HAL_RCC_GPIOA_CLK_DISABLE();
      HAL_DeInit();
      HAL_RCC_DeInit();
     
      __set_MSP(*(volatile uint32_t*) 0x08005000);
      SysTick->CTRL = 0;
      SysTick->LOAD = 0;
      SysTick->VAL =  0;
    findbootMode =  3;
      
      /* Jump to application */
        app_reset_handler();

    my doubt is after reset the code at 0x08005000 will run or not because in my case it is not running but the time i will set keil configration ROM1 Start setting as 0x08005000 and offset will be same as privious 0x0800500 ..the code will run ..led will toggle after reset.
    why its so?




    M
    MM..1
    Graduate II
    December 31, 2024
    @satyam9896 wrote:

     code has offset table variable set as  0x00005000 and in keil configration setting the start address of IROM1 is : Start ->  0x0801C000 and size: 0xA000
    why its so?

    Have you basic knowledge about ASM and vector table in ARM ? Plus KEIL if i right rememmber have

    default -fno-pic = code must be loaded on right place. But for your understanding offset in code 5000 and base 1C000 will never work.

    void (*app_reset_handler)(void) = (void (*)(void))(*((volatile uint32_t*) (0x08005000+ 4U)));

    when you load here code compiled for 1c000 , then here is 0x0801cxxx = code adrr for jump on reset, but you load it to 5000 then on addr is nothink loaded... 

    When you build with -fpic and realy require place this code to any possition then in main start you require copy vector table to RAM (or in bootloader but here you require reserve RAM for this otherwise is erased in init app)

    and after copy recalculate every vector address to actual load possition . Ofcourse then set VTOR to ram.

    S
    satyam9896Author
    Visitor II
    January 7, 2025

    Understood, but can you give me any reference code where i can change this code like you have mentioned that 

    When you build with -fpic and realy require place this code to any possition then in main start you require copy vector table to RAM (or in bootloader but here you require reserve RAM for this otherwise is erased in init app)

    and after copy recalculate every vector address to actual load possition . Ofcourse then set VTOR to ram.

    Terms & ConditionsAccessibility statement