How to Use the CAN Bootloader to Load User Application Code in the MAXQ7665A
Abstract
This application note discusses the architecture of the CAN bootloader and the modifications needed to support the user application code on the MAXQ7665A microcontroller.
Overview
The CAN bootloader enables programming of the MAXQ7665A microcontroller through its CAN interface. The bootloader also helps designers update/modify the user application code for products already deployed in the field.
The CAN bootloader provides a means of writing, reading, and erasing a predefined section of the program flash memory that typically holds the user application code. The user application code resides at 0x4000 to 0x7FFF in the MAXQ7665A.
Two separately compiled modules, the CAN bootloader and the user application code, run in the MAXQ® program memory. These pieces of code exist separately and completely unknown to each other. The modules communicate to each other through known memory space.
The reader of this application note should be familiar with the MAXQ7665A processor (64kB program flash), the CAN controller, and the IAR Embedded Workbench® for the MAXQ.
Both the CAN bootloader code and an example of the user application code are available for the MAXQ7665A here (ZIP).
MAXQ7665A CAN Bootloader
The CAN bootloader, as with the IAR cstartup module, is built and loaded through the JTAG port into the lower part of the program memory at 0x0000.This code searches for a flag value of 0x55AB at location 0x7FFF address. If the code finds the flag, the CAN bootloader jumps to the user application code at 0x4000. If this flag is not found, the CAN bootloader calls the function enter_loader( ) and waits for the incoming CAN messages.
At this time, global interrupts are disabled because the IGE bit in the IC (Interrupt and Control) register is cleared during code initialization. Therefore, the CAN bootloader polls the IIR (Interrupt Identification) register and the local CAN flag to handle any incoming messages. The CAN bootloader uses Message Center 1 to handle incoming messages; Message Center 2 is used for handling the outgoing messages. (Please refer to the CAN Bootloader Protocol, in Appendix A for these specific commands.)
The next few steps explain the order in which the CAN bootloader and the user code are loaded. The operation of the CAN bootloader and the user code are also shown.
Step 1: Load the CAN bootloader into the lower part of the program memory (Figure 1).
Using the CAN Bootloader to Load the User Application Code in the MAXQ7665A
The IAR Linker File (.xcl) and the IAR cstartup module are modified so that the user application code resides and executes from address 0x4000. Maxim provides both the modified linker and the modified cstartup files here (ZIP). The CAN bootloader loads the user application code, after which the host system sends the "Load Done" command (0x07). When the Load Done command is received by the CAN bootloader, it will put the 0x55AB at 0x7FFF in code space.
Step 2: Load the user application code (Figure 2).
Step 3: User application is finally loaded and running after a reset (Figure 3).
Reloading/Updating the User Application Code
It may be necessary to reload/update new user application code into the MAXQ7665A. To accommodate this, the CAN bootloader can be entered from the user application code by calling the function EnterLoader( ). At this point the CAN bootloader waits for CAN messages. Figure 4 illustrates the process.
Appendix A
CAN Bootloader Protocol
Boot Loader Message Format
Messages between a CAN bootloader host and target use a simple command/acknowledge (ACK) protocol. The host sends a command and within a timeout period the target responds with either an ACK with optional return data or with a NACK with an error code. The first byte of the CAN data area is always a command byte, and up to seven bytes of data can be appended afterward. All multibyte numerical data is formatted as least significant byte first (LSB). As an example, the 16-bit value 0x1234 would be written as 0x34 0x12 with 0x34 at the lowest offset.
Command Byte | Opt. Data | Opt. Data | Opt. Data | Opt. Data | Opt. Data | Opt. Data | Opt. Data |
ACK | NACK | Reserved | Reserved | Command Nibble (4 bits) |
0x02 | 0x00 | 0x80 | 0x34 | 0x12 | 0x78 | 0x56 |
0x82 |
0x42 | 0x83 |
Boot Loader Commands
Nine bootloader commands are available to allow erasing, loading, verifying, and signaling of a load complete and for restarting the CPU.
Ping (0x00)
Test message path to target. Zero to seven bytes can optionally be sent and will be echoed back by the target.
0x00 | 0x55 | 0x56 | 0x56 | 0x57 | 0x58 | 0x59 | 0x60 |
0x80 | 0x55 | 0x56 | 0x56 | 0x57 | 0x58 | 0x59 | 0x60 |
Reset CPU (0x01)
Cause target CPU to perform a hardware reset.
Note: The target will not return an ACK with this command.
0x01 |
Load (0x02)
Load into code memory at specified address. Two bytes of address must follow the load command byte, and two to four bytes of data can be written using this command. The target will reset the current address to match the passed parameter and will increment it as the words are successfully written to flash.
The example below loads the values 0x1234 to address 0x8000, and 0x5678 to address 0x8001.
0x02 | 0x00 | 0x80 | 0x34 | 0x12 | 0x78 | 0x56 |
0x82 |
Load Continue (0x03)
Load into code memory at current target address. Two to six bytes of data can be written using this command. The target will increment the target address as words are successfully written to flash.
The example below loads the values 0x1234, 0x5678, and 0x9ABC starting at the current target address.
0x03 | 0x34 | 0x12 | 0x78 | 0x56 | 0xBC | 0x9A |
0x83 |
Read (0x04)
Read code memory at specified address. Two bytes of address must follow the read command byte. The target will reset the current address to match the passed parameter and will increment it as the words are returned to the host. Three words (six bytes) will be returned.
The example below reads three word values, 0x1234, 0x5678, 0x9ABC, starting from address 0x8001.
0x04 | 0x01 | 0x80 |
0x84 | 0x34 | 0x12 | 0x78 | 0x56 | 0xBC | 0x9A |
Read Continue (0x05)
Read code memory at current target address. The target will increment the target address as words are returned to the host. Three words (six bytes) will be returned.
The example below reads three word values, 0x1234, 0x5678, 0x9ABC, starting from the current target address.
0x05 |
0x85 | 0x34 | 0x12 | 0x78 | 0x56 | 0xBC | 0x9A |
Erase (0x06)
Erase bootloader accessible code area. This command will require over 1.3 seconds to complete.
0x06 |
0x86 |
Load Done (0x07)
Notify the loader that the loaded image is good and can be booted on next CPU startup. The boot loader will write a tag at the end of the program memory to designate a good load, and will vector to the startup address of the loaded application when the CPU is restarted.
0x07 |
0x87 |
Get Current Target Address (0x08)
Returns the current target address. This will be the next address used to write or read code space using the Load Continue (0x03) or Read Continue (0x05) command.
The example below shows the target returning a current target address of 0x8005.
0x08 |
0x88 | 0x05 | 0x80 |
Errors
Flash Write (0x80)
Unable to write to flash. Flash controller returned an error.
Flash Verify (0x81)
Unable to write to flash. The data read back did not match the data written.
Flash Already Programmed (0x82)
Unable to write to flash. Flash requires an erase before this address can be programmed.
Illegal Address (0x83)
Address parameter is outside the bounds of the allowed code space.
Odd Number of Bytes (0x84)
Only word wide (16-bit) data can be written. Make sure that input data is an even number of bytes.
Missing Parameters (0x85)
Command requires parameters following the command byte.
Invalid Command (0x86)
An invalid command was sent by the host.