8 Device Firmware Update (DFU)

The WINCS02PC modules are secured parts and all traditional programming interfaces are disabled. These modules can only execute the firmwares which are authorized by Microchip's signer. As all the programming interfaces are disabled, the WINCS02PC module's enable a special mode called the DFU mode to perform the Firmware update. The WINCS02PC module provides fail safe device firmware upgrade by having two image slots in the Flash map. The WINCS02PC modules shipped from Microchip uses the Image1 partition to store the default firmware.

These firmware images contain a 4 bytes sequence number in the header which is used by the boot ROM to determine which image to boot on every power up. The boot ROM always chooses the lowest sequence number firmware image among the two partition but if both images have the same sequence number, the one in the higher memory address (0x600F0000) or from Image2 partition will be booted.

The sequence number with all-zeros and all-0xFFs are reserved (invalid) sequence numbers, the boot ROM validates the firmware during the DFU programming and checks the authenticity by verifying the signature. In case the firmware is not authentic (in other words, not signed by Microchip) then the boot ROM invalidates the image by setting the sequence number to zero and there by rejects these firmware image.

In order to implement the fail safe, the Image2 partition can be used for upgrading to new firmware image where as keeping the Image1 partition for the default/backup firmware. The device can switch back to the default firmware in the low partition by erasing the high partition of the Flash map.