11.3.1.1 Flash
The Flash is divided into a set of pages. A page is the smallest addressable unit when erasing the Flash. It is only possible to erase an entire page or multiple pages at a time. Writes can be done per byte or word. One page consists of 512 bytes.
The Flash can be divided into three sections, each consisting of a variable number of pages. These sections are:
Bootloader Code (BOOT) Section
The code placed in the BOOT section has full write access to the entire Flash except for the BOOT section itself. Bootloader software must be placed in this section if used.
Application Code (APPCODE) Section
The code placed in the Application Code section has limited write access and can only write to the Application Data Flash section. This section typically contains the executable application code.
Application Data (APPDATA) Section
The code placed in the Application Data section has no write access. This section typically contains the parameters.
Inter-Section Write Protection
For security reasons, writing to the Flash section where the code is currently executing is impossible. Code writing to the APPCODE section needs to be executed from the BOOT section, and the code writing to the APPDATA section needs to be executed from either the BOOT section or the APPCODE section.
Program Execution Section | Section Being Addressed | Programming Allowed | CPU Halted |
---|---|---|---|
BOOT | BOOT | No | - |
APPCODE | Yes | Yes | |
APPDATA | Yes | ||
EEPROM | No | ||
APPCODE | BOOT | No | - |
APPCODE | |||
APPDATA | Yes | Yes | |
EEPROM | No | ||
APPDATA | BOOT | No | - |
APPCODE | |||
APPDATA | |||
EEPROM |
Section Sizes
The sizes of these sections are set by the Boot Size (FUSE.BOOTSIZE) fuse and the Code Size (FUSE.CODESIZE) fuse. The fuses select the section sizes in blocks of 512 bytes. The BOOT section stretches from FLASHSTART to BOOTEND. The APPCODE section spreads from BOOTEND to APPEND. The remaining area is the APPDATA section.
If FUSE.BOOTSIZE is written to ‘0
’ Flash is regarded as the BOOT
section. If FUSE.CODESIZE is written to ‘0
’ and FUSE.BOOTSIZE >
0
, the APPCODE section runs from BOOTEND to the end of Flash (no
APPDATA section).
BOOTSIZE | CODESIZE | BOOT Section | APPCODE Section | APPDATA Section |
---|---|---|---|---|
0 | - | 0 to FLASHEND | - | - |
> 0 | 0 | 0 to BOOTEND | BOOTEND to FLASHEND | - |
> 0 | ≤ BOOTSIZE | 0 to BOOTEND | - | BOOTEND to FLASHEND |
> 0 | > BOOTSIZE | 0 to BOOTEND | BOOTEND to APPEND | APPEND to FLASHEND |
By not employing bootloader software, the Flash capacity for the application code can be maximized by allocating the application code to the BOOT section, eliminating the need for a separate Application Code section and still allowing for an optional Application Data section.
- After Reset, the default vector table location is at the start of the APPCODE section. If code running in the BOOT section requires interrupts, the interrupt vector table can be moved to the beginning of the BOOT section. An example is a bootloader that uses interrupts while updating the main code in the Application Code section, done by setting the Interrupt Vector Select (IVSEL) bit in the CPUINT.CTRLA register. Refer to the CPUINT - CPU Interrupt Controller section for details.
- If BOOTEND/APPEND, as result of the BOOTSIZE/CODESIZE fuse setting exceeding the device FLASHEND, the corresponding fuse setting is ignored, and the default value is used. Refer to FUSE - Configuration and User Fuses in the Memories section for default values.
Size of Flash Sections
If FUSE.BOOTSIZE is written to 0x04
and FUSE.CODESIZE to
0x08
, the first 4*512
bytes will be BOOT, the next 4*512 bytes
will be APPCODE, and the remaining Flash will be APPDATA.
Flash Protection
In addition to the inter-section write protection, the NVMCTRL provides a security mechanism to avoid unwanted access to the Flash memory sections. Even if the CPU can never write to the BOOT section, a Boot Section Read Protection (BOOTRP) bit in the Control B (NVMCTRL.CTRLB) register is provided to prevent the read and execution of code from the BOOT section. This bit can be set only from the code executed in the BOOT section and has effect only when leaving the BOOT section.
Two other write protection bits (APPCODEWP and APPDATAWP) exist in the NVMCTRL.CTRLB register that can be set to prevent further updates of the respective Application Code and Application Data sections.
- Reading BOOT from APPCODE when BOOTRP is set.
- Jumping to BOOT from APPCODE and attempting to fetch an instruction from BOOT.