STM32 CANBus bootloader - verification errors
Heads up about a problem we discovered, and I think solved. We're using the built-in STM32L452 bootloader per AN3154 to do in-system firmware updates over CAN bus from an Android host. We started with the can-prog Python utility (https://github.com/marcinbor85/can-prog), but rewrote it in Java. The software worked fine, except for consistently failing a readback verification, which always showed a four-byte mismatch at the same location near (but not at) the end of the programmed image.
I'll skip to the solution and avoid boring you with all the trial-and-error: The can-prog utility reads the firmware to be programmed from a .hex file, and the problem occurred wherever there was a short (4 bytes) line of data in the .hex file, like these:
:1017B0006566002B2D00303000785800412D4661C1
:1017C0002D66383930313233343536375D0000001C
:0417D000C501000847
:0417D400A101000867
:1017D8001000000001000000AAAAAAAA00093D0002
:1017E800003C1C46003C1C46F401F401B81E053EB2
With assistance from ST tech support, we finally landed on the problem: The flash must be written 8 bytes at a time (this is buried in the device reference manual). Modifying our code to always send the data in 8-byte chunks with the Write Memory command (0x31) solved the problem.
This was far from obvious, and ideally would be documented as a limitation (if not a bug) in AN3154. Figured I'd share it to hopefully spare others from a lot of frustration.