[closed] updating the bootloader via OTA -- is it possible?

User avatar
hassan789
Posts: 108
Joined: Thu Jun 29, 2017 2:15 am

[closed] updating the bootloader via OTA -- is it possible?

Postby hassan789 » Wed Jun 13, 2018 3:43 am

Hello,
Is it possible to update the bootloader via OTA?
Last edited by hassan789 on Wed Jun 13, 2018 4:41 pm, edited 1 time in total.

ESP_Angus
Posts: 1002
Joined: Sun May 08, 2016 4:11 am

Re: updating the bootloader via OTA -- is it possible?

Postby ESP_Angus » Wed Jun 13, 2018 3:59 am

No. At least, it's not supported and it's not possible to do so safely.

It is technically possible to erase the bootloader sectors and rewrite them from an app (you may need to disable this option first), but if there's a power failure or a crash before the process completes then the device will need physical reflashing to unbrick.

User avatar
hassan789
Posts: 108
Joined: Thu Jun 29, 2017 2:15 am

Re: updating the bootloader via OTA -- is it possible?

Postby hassan789 » Wed Jun 13, 2018 2:53 pm

ESP_Angus wrote:No. At least, it's not supported and it's not possible to do so safely.

It is technically possible to erase the bootloader sectors and rewrite them from an app (you may need to disable this option first), but if there's a power failure or a crash before the process completes then the device will need physical reflashing to unbrick.


I see. Looks like, rom bootloader always jumps to 0x1000... so it seems that it basically impossible to have a safe-upgrade of stage 2 bootloader.

p-rimes
Posts: 51
Joined: Thu Jun 08, 2017 6:20 pm

Re: [closed] updating the bootloader via OTA -- is it possible?

Postby p-rimes » Wed Jun 13, 2018 5:56 pm

This is interesting, and maybe it calls for refactoring the current ESP-IDF bootloader such that there could be a fallback bootloader. So there would have to be another level of initial bootloader. At least, it seems like whatever the initial bootloader stage should fit in a single flash sector at 0x1000. In that initial bootloader sector, enough code to verify integrity of that sector (If it is good, then jump to a more complicated bootloader. In the case of corruption, select the fallback bootloader which may or may not be updatable.)

It does seem slightly risky to have a bootloader which cannot be updated, and/or a multi-sector bootloader that could be corrupted during update.

ESP_Angus
Posts: 1002
Joined: Sun May 08, 2016 4:11 am

Re: [closed] updating the bootloader via OTA -- is it possible?

Postby ESP_Angus » Thu Jun 14, 2018 12:57 am

I'd like to hear bit about what the use cases are for OTA bootloader updating.

From the ESP-IDF side, we try to keep as much functionality out of the bootloader as possible - for this reason. And we keep IDF backwards compatible with older bootloaders (you should be able to boot an app built from current master branch on an ESP-IDF V1.0 bootloader, if necessary.)

For ESP32, we can't really change this as the Mask ROM is what boots from 0x1000 (I guess technically we could make an additional bootloader stage so it goes ROM->second stage at 0x1000->third stage at ???->app, but this seems a little overly complex and brittle) However we can consider our options for future chips.

So, what situations are you looking to accommodate via bootloader OTA?

p-rimes
Posts: 51
Joined: Thu Jun 08, 2017 6:20 pm

Re: [closed] updating the bootloader via OTA -- is it possible?

Postby p-rimes » Thu Jun 14, 2018 1:09 am

Hi ESP_Angus, thanks for replying.

Well, looking backwards in time, if I understand correctly MD5 checksumming was not always present in the bootloader. So there may be bootloaders out there which do not support checksummed boots, and will never be able to gain that feature. While that doesn't actually affect any of my products, that's an example of when I would want to upgrade my bootloader.

And, this extra (2nd? 3rd?) stage bootloader process is what I am suggesting. I believe a first stage bootloader that fits within a single flash sector (and contains enough code to verify its own sector), would be optimal.

This is not super high on my priority list tbh, but I just thought it should be noted that a single-sector bootloader has some benefits.

User avatar
hassan789
Posts: 108
Joined: Thu Jun 29, 2017 2:15 am

Re: [closed] updating the bootloader via OTA -- is it possible?

Postby hassan789 » Sun Jun 17, 2018 4:11 am

ESP_Angus wrote:I'd like to hear bit about what the use cases are for OTA bootloader updating.


Hi Angus,
For devices that don't have any human interaction (eg street lamps), the bootloader can contain logic to auto-fallback to factory OR auto-rollback to previous good running image, OR auto-validate new image as running good. These features are critical in large scale deployments. A lot of this logic is not present early into the project, so waiting to perfect the bootloader causes a large delay to market. Also, the logic is highly dependent on the role of the partition (ie. factory, test, safe-mode, previous stable running build, etc). If a role of any of those partitions is added/changed, then a bootloader update may be required.

In short, from the software developers perspective, a safely-upgradeable bootloader allows for faster launch to market with a simpler bootloader, as well as increases flexibility to allow the dev team to change anything and everything later down the project.

8-)

Who is online

Users browsing this forum: No registered users and 5 guests