8 Device Firmware Update (DFU)

The RNWF02 modules are secured parts and all traditional programming interfaces are disabled. These modules can only execute the firmwares which are authorized by Microchip's signer. As all the programming interfaces are disabled, the RNWF02 module's enable a special mode called the DFU mode to perform the Firmware update. The RNWF02 module provides fail safe device firmware upgrade by having two image slots in the Flash map. The RNWF02 modules shipped from Microchip uses the Image2 partition to store the default firmware.

These firmware images contain a 4 bytes sequence number in the header which is used by the boot ROM to determine which image to boot on every power up. The boot ROM always chooses the lowest sequence number firmware image among the two partition but if both images have the same sequence number, the one in the higher memory address (0x600F0000) or from Image2 partition will be booted.

The sequence number with all-zeros and all-0xFFs are reserved (invalid) sequence numbers, the boot ROM validates the firmware during the DFU programming and checks the authenticity by verifying the signature. In case the firmware is not authentic (in other words, not signed by Microchip) then the boot ROM invalidates the image by setting the sequence number to zero and there by rejects these firmware image.

In order to make the new OTA firmware to be booted the sequence number must be lower than the existing firmware sequence number. The current firmware sequence number can be fetched using the AT+DI command.

In order to implement the fail safe, the Image1 partition can be used for upgrading to new firmware image where as keeping the Image2 partition for the default/backup firmware. The device can switch back to the default firmware in the high partition by erasing the low partition of the Flash map.