1.4.1.5 CAN Bootloader Protocol

Request Packet

The can bootloader protocol as shown in below figure is common for all the supported commands.

can_bootloader_protocol

Command

  • Indicates the command to be processed. Each command is of 1 Byte width

  • Below are the supported commands

Command TypeCommand CodeDescription
Unlock0xA0Used to calculate application start address and end address
Data0xA1Used to send the image data
Verify0xA2Used to verify the image data sent and programmed
Reset0xA3Used to trigger a reset to run the application
Bank Swap and reset0xA4Used to Swap the bank and trigger a reset to run the application
Device Configuration0xA5Used to send the device configuration bits (Fuse Settings)
Read Version0xA6Used to read the bootloader version running

Sequence Number

  • Indicates the packet sequence number.

  • For data command the sequence number has to be incremented by 1 for every data packet. Bootloader checks the sequence number once data packet is recieved. If there is a mismatch it sends a sequence error response

  • As the sequence number is of 1 Byte width, once it reaches to a value of 255 it restarts from zero

GUARD

  • The Guard value must be a constant value of 0xE2

  • This value provides protection against spurious commands

  • Bootloader always checks for the Guard value on packet reception and proceeds further accordingly

Data Size

  • This field indicates the number of data bytes to be received

  • This value varies for different commands

Data

  • Contains the actual Data to be processed based on the command

  • Length of the data to be received is indicated by Data Size field

  • All data words must be sent in a little-endian (LSB first) format

Response Codes

Bootloader will send a single character response code in response to each command. Sequential commands can only be sent after the response code is received for a previous command, or after 100 ms timeout without a response.

Response TypeResponse CodeDescription
OK0x50Command was received and processed successfully
Error0x51There were errors during the processing of the command
Invalid0x52Invalid command is received
CRC OK0x53CRC verification was successful
CRC Fail0x54CRC verification failed
SEQ ERROR0x55Sequence number mismatch for Data command

Unlock Command

The Unlock Command sequence is as shown in below figure with corresponding responses.

can_bootloader_unlock_command
  • Unlock command must be issued before the first Data command

    • It is used to calculate application start address and end address

    • This information will be used to validate if the addresses sent are within the range of flash memory

  • Number of bytes of data to be received is 8 Bytes (Start Address + Image Size)

  • Start Address

    • It is the application Start Address of the flash memory

    • It is device dependent and should be always greater than or equal to the bootloader end address

    • It must be aligned at an Erase Unit Size boundary, which is also device dependent

    • To upgrade the bootloader itself this value must be set to 0 (For CORTEX-M based MCUs)

  • Image size must be in increments of Erase Unit bytes which is also device dependent

Data Command

The Data Command sequence is as shown in below figure with corresponding responses.

can_bootloader_data_command
  • Data command is used to send the image data

  • The maximum packet length received by CAN bootloader is 64Bytes. The Data size <= 60Bytes as we have 4 bytes reserved for packet header

Verify Command

The Verify Command sequence is as shown in below figure with corresponding responses.

can_bootloader_verify_command
  • Verify command is used to verify the image data sent and programmed

  • Image CRC is a standard IEEE CRC32 with a polynomial of 0xEDB88320

  • Internal CRC is calculated based on the values actually read from the Flash memory after programming, so it verifies the whole chain.

  • Image CRC is calculated over the previously unlocked region.

Reset Command

The Reset Command sequence is as shown in below figure with corresponding responses.

can_bootloader_reset_command
  • Reset command is used to exit the bootloader and run the application

  • It is necessary if the host has no control over the reset pin. It can also be useful even if host has control over the Reset

Bank Swap and Reset Command

The Bank Swap and Reset Command sequence is as shown in below figure with corresponding responses

can_bootloader_BankSwap_Reset_command
  • This command is enabled only when Fail safe update feature is selected for bootloader and the device has support for Dual Bank update

  • Bank Swap and Reset command is used to Swap the inactive bank to active bank and trigger a reset to exit the bootloader and run the new application programmed in the inactive bank

Device Configuration command (For CORTEX-M based MCU's)

The Device Configuration Command sequence is as shown in below figure with corresponding responses

can_bootloader_device_configuration_command
  • This command is enabled only when Enable Fuse Programming feature is selected for bootloader

  • Device Configuration command is used to send the device configuration bits (Fuse Settings)

  • Data size is equal to sum of device config area start address (4 Bytes) and Erase Unit Size which is device dependent. The maximum packet length received by CAN bootloader is 64Bytes. The Data size <= 60Bytes as we have 4 bytes reserved for packet header

  • Device configuration data should contain all the fuse settings applicable for the device. Partial Fuse bit programming is not supported

  • Attempts to request the write outside of the device configuration area will result in error and supplied data will be discarded

  • Refer to Bootloader Device Configuration Input section for details on creating the Device Configuration Input text file

Read Version command

The Read Version Command sequence is as shown in below figure with corresponding responses.

can_bootloader_read_version_command
  • Read version command is used to read the current version of bootloader running on the device

  • There is not data to be sent to the device hence size is 0 bytes

  • On receiving this command

    • Bootloader will first send one of the responses mentioned above for the command

    • Once the OK response is received, Host needs to read 2 bytes for getting the bootloader version

      • Byte 1 is the Major number

      • Byte 2 is the Minor number