-
Notifications
You must be signed in to change notification settings - Fork 13.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
tools/bootloader: add force-erase option and add bootloader version (Sponsored by CubePilot) #22777
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@julianoes Nice! The wording on the option felt wrong to me. See if what I added works for you.
Fixed, thanks @davids5! |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thinking about this a bit more....Since this is s protocol change should we bump the rev and add it to https://github.com/PX4/PX4-Bootloader?
@davids5 we should but we haven't in the past, and it looks like ArduPilot has many more features and is also still on the same revision. |
@davids5 it doesn't need to go into the Bootloader repo, because it only applies for H7, I think. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
See inlines
Pushed another fixup @davids5. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think it would be good to use
up_progmem_ispageerased
as the name, see comment
@davids5 ok, I've accepted your suggestions. I'll run CI, then rebase, squash and force push. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
On the issue of the revision - The uploader side can blindly send the command and it can fail silently.
As far as putting this in the the bootloader repo: It would be a nice to have but will not fit on all the SoC.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The rest all looks good. This is just a nit. I will leave it up to you, if you want to push again :)
@davids5 on second thought, I think you're right that it would be worthwhile to bump the version number. |
77fab46
to
42ef9ce
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ok Looks good!
Thanks @davids5. I'll properly squash the commits and then merge it. |
42ef9ce
to
7f3f809
Compare
@dagar what's an easy way to update all bootloader images? Do I have to do it one by one? |
@julianoes There is a target iirc. something like update_bootloaders |
@davids5 thanks, I'll try that. However, I wonder whether we should really bump the protocol version. The problem is that QGC refused to flash bootloader rev 6, and so does the uploader script, and that's even though they would just work fine. Instead of a "major" change it's more like a hidden extra feature. On the other hand, it's hard to know whether a flashed bootloader supports the force-erase option. You basically don't know until you try. |
So it would force an update for QGC and the uploader on the users. How bad is that? |
Not the end of the world but still unexpected. |
7f3f809
to
13f2ca2
Compare
@davids5 this has evolved a bit. @bugobliterator and I came up with a bootloader version additional to the bootloader protocol revision. For more info, see the PR description and the individual commits. I also took the liberty to clean up the Python script a bit. I'd appreciate your review @davids5. FYI @dagar TODO: re-generate all bootloaders from here. |
@julianoes - can we have a call on this? I am in US EST so maybe 4 AM my time next week or 03:00 PM EST. Let me know |
@davids5 I have the feeling the GET_SUPPORTED_COMMANDS API that you suggested is - unfortunately - not really worth the trouble. It seems worthwhile because it would solve the problem where we don't know if force-erase is supported or not, basically if GET_SUPPORTED_COMMANDS is not supported, force-erase won't be either. However, this doesn't hold for the ArduPilot bootloader, so we're sort of back at square one. I agree that it would only be worthwhile for the next bootloader addition down the road, but it doesn't seem quite worth it, because you can easily just "try" every command, except erase which take a long time to time out. |
a84c75f
to
b847765
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
See inline.
return | ||
|
||
raise RuntimeError("timed out waiting for erase") | ||
if self.force_erase: | ||
raise RuntimeError("timed out waiting for erase, force erase is likely not supported by bootloader!") |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Wouldn't the the force erase bet met with an immediate command error? In that case should you attempt to use an erase or suggest a bootloader upgrade?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes, that would be nice. But a unknown byte seems to just be ignored. And the erase command is not acked until it is erased, so you have to wait a long time. Not optimal I know...
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
geez That seems wrong, bit it is what the code does.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yep.
38e2dda
to
7678d21
Compare
If the STM32H7 fails to program or erase a full chunk of 256 bytes, the ECC check will trigger a busfault when trying to read from it. To speed up erasing and optimize wear, we read before erasing to check if it actually needs erasing. That's when a busfault happens and the erase time outs. The workaround is to add an option to do a full erase without check. Credit goes to: ArduPilot/ardupilot#22090 And the protocol option added to the bootloader is the same as for ArduPilot, so compatible. Signed-off-by: Julian Oes <[email protected]>
This adds a new protocol extension which allows to get the bootloader version. The bootloader version is different from the bootloader protocol revision which has stabilized at 5 and is not easy to update unless a bootloader is actually breaking the protocol. The reason being that both the Python script as well as the uploader used in QGC will not attempt to load firmware if they don't know the bootloader version, so it could basically be considered a "breaking" protocol revision. Signed-off-by: Julian Oes <[email protected]>
Includes: - Remove some of the outdated Python2 checks and compatibility. - Try not catch all exceptions but only the expected ones. Otherwise, this makes it really hard to debug if anything unexpected actually goes wrong. - Make use of fstrings. - Make output slightly prettier. Signed-off-by: Julian Oes <[email protected]>
Just so we don't conflict on these commands in the future.
Signed-off-by: Julian Oes <[email protected]>
7678d21
to
d6c9f4a
Compare
Final rebase, bootloader rebuild and push. As soon as CI is happy I'll merge. |
CI results are the same as main. Merging. |
Commit 4a13e49 was succesful on |
Fixed in #23174 |
This PR does two things:
Add force-erase option
If the STM32H7 fails to program or erase a full chunk of 256 bytes, the ECC check will trigger a busfault when trying to read from it.
To speed up erasing and optimize wear, we read before erasing to check if it actually needs erasing. That's when a busfault happens and the erase time outs.
The workaround is to add an option to do a full erase without check.
Credit goes to:
ArduPilot/ardupilot#22090
And the protocol option added to the bootloader is the same as for ArduPilot, so compatible.
Add bootloader version
This PR also adds a new bootloader version essentially a string that we can set in the format of:
PX4BLv1.15.0g12345678
constrained to max 32 chars. This allows to check if a bootloader needs updating while not breaking any tooling by bumping the bootloader protocol revision which has been stabilized at 5 for a long time by now.The output of the px_uploader.py now looks as follows: