1.9.2 OTA Bootloader Execution Flow

OTA Bootloader - Dual Bank (For MCUs):

• On device reset after System initialize, the Bootloader task starts executing from while(1) super loop

• It retrieves the Control Block (Metadata) from inactive bank

  • If any error in reading the Control Block (Metadata) it directly jumps Run application

• It checks if the Meta Data read is valid

  • If valid:

    • Checks if the blockUpdated flag is set. If set it jumps to Update Control Block (Metadata) step or continues to Trigger Check.

  • If Invalid:

    • It continues to Trigger Check

Trigger Check

• If there are no conditions to enter the Firmware Upgrade mode, the Bootloader jumps to Run application
  • Refer to the Bootloader Trigger Methods for different conditions to enter Firmware Upgrade mode

Update Control Block (Metadata)

• The following fields are updated in the Control Block (Metadata), then it swaps bank and then triggers reset to Run application

  • Clears the blockUpdated flag

  • Set imageType to active

  • Set status to valid

Run Application

• The application start address used to jump to application space can be

  • Application start address generated during compile time or

  • Application start address retrieved from valid Control Block (Metadata)

• Calls SYS_DeInitialize() function to release resources used

• Jumps to application space to run the updated application

OTA Bootloader - External Memory (For MCUs):

• On device reset after System initialize, the Bootloader task starts executing from the SYS_Tasks()

• Once the OTA driver is ready, it retrieves the Control Block (Metadata) from serial memory

  • If any error in reading the Control Block (Metadata) it directly jumps Run application

• It checks if the Meta Data read is valid

  • If valid:

    • Checks if the blockUpdated flag is set. If set it jumps to Programming step or continues to Trigger Check

  • If Invalid:

    • It continues to Trigger Check

Trigger Check

• If there are no conditions to enter the Firmware Upgrade mode, the Bootloader jumps to Run application
  • Refer to the Bootloader Trigger Methods for different conditions to enter Firmware Upgrade mode

Programming

• Starts reading the application binary from serial memory and perform erase/program operations on internal Flash

• Once programming is completed, it generates CRC32 on programmed space of internal Flash and verifies it against the CRC32 value stored in Meta data

• Once verification is complete it clears the blockUpdated flag in the Control Block (Metadata) and triggers reset to Run application

Run Application

• The application start address used to jump to application space can be

  • Application start address generated during compile time or

  • Application start address retrieved from valid Control Block (Metadata)

• Calls SYS_DeInitialize() function to release resources used

• Jumps to application space to run the updated application

MPU OTA Bootloader System Level Execution Flow:

• The first stage ROM Bootloader is executed on PoR. The main role of ROM Bootloader is to verify and load secondary program loader (AT91BootStrap) from persistent storage, such as SDMMC, NAND Flash, Serial/QSPI Flash, into internal SRAM and execute it.

• The main role of Secondary Program Loader (AT91BootStrap) is to initialize SDRAM, DDR, and load a third stage Harmony OTA Bootloader from persistent storage into DDR and execute it

• Then Harmony OTA Bootloader starts executing the user application

• Harmony OTA Bootloader performs the following functions:

  • It loads the harmony OTA application from SD/eMMC/NAND/Serial Flash memory to the DDR memory and executes it

• Harmony OTA application performs the following functions:

  • It receives the updated harmony OTA application image over OTA (BLE) and writes it to SD/eMMC/NAND/Serial Flash memory

  

• MPU Bootloader system level execution flow is depicted as below: