27.5.7 Safe Flash Update Using Dual Banks
This feature enables a firmware to execute from the NVM and at the same time program the Flash with a new version of itself.
The new firmware has to be programmed in BANKB if STATUS.AFIRST=1, or BANKA otherwise.
After programming is completed one can issue the BKSWRST command to swap the banks and to reset the device. The information of which BANK is mapped to the NVM main address space base address is self contained in the NVM using a special fuse that can be programmed or erased individually. This fuse is managed by the BKSWRST command. STATUS.AFIRST reflects the status of this fuse after Reset. The BKSWRST command is atomic meaning that no fetch in the NVM can occur while executing this command. This command executes with the following steps:
- Stall AHB interfaces.
- If PARAM.SEE is ‘1’ and 0 < SEESTAT.SBLK < 11, the NVMCTRL starts to reallocate the SmartEEPROM data to the first bank. Active SEES remains the same at the end of the reallocation.
- Is STATUS.AFIRST = 1: program the AFIRST fuse (new value = 0) otherwise erase it (new value = 1)
- Resets the device, after reset, RSTC RCAUSE indicates that the reset was triggered by the NVMCTRL.
After Reset the new firmware is executed from the last programmed bank.
If the SmartEEPROM is configured, the size of the the reserved space in Flash must not exceed the bank size. In other words 2*SEESTAT.SBLK.8192 must be lower than half the NVM size in Bytes. In situations where both the banks contain separate applications (or an application in one bank and a bootloader in the other bank), both the banks must have Flash area reserved for SmartEEPROM. This means that the usable area for code in each bank is the Size of the Bank, minus the size of the Flash configured for the SmartEEPROM using SBLK Fuse.