nRF51 SDK - S110 SoftDevice
|
To safely perform a Device Firmware Update, the new firmware image should not be copied to the final location in memory until it has been validated. This ensures that only complete and valid images are activated. If an error occurs during the transfer, the firmware should not be updated.
This process of storing the received firmware in one memory location (bank 1) and then copying it to the intended memory location (bank 0) later is called a dual-bank update.
Application images can alternatively be transferred in a single-bank update. In this process, the new application directly overwrites the existing application. If an error occurs during the transfer, both the old and the new application will be corrupt. However, a single-bank update makes it possible to transfer bigger applications that cannot be stored in addition to the original application.
All updates of the bootloader, the SoftDevice, or a combination of bootloader and SoftDevice are performed as dual-bank updates. Application updates can be performed as dual-bank or single-bank updates.
During a dual-bank update, the existing bootloader, SoftDevice, or application is preserved until it is replaced by the new firmware image. The update process differs slightly depending on the type of image that is transferred.
When updating the SoftDevice or a combination of bootloader and SoftDevice, any application that is present on the device will be erased. The memory area between the end of the existing SoftDevice and the beginning of the existing bootloader is used to store the received image before it is copied to replace the existing SoftDevice and maybe bootloader.
The following figure shows the DFU process for a combined image of bootloader and SoftDevice. If the transferred image contains only a SoftDevice, the general process is the same, but only the SoftDevice is replaced.
First, the existing application is erased to prepare for the DFU transfer. The transferred image is then stored between the current SoftDevice and bootloader. Existing application data can be retained; see Preserving application data for more information. Finally, the new SoftDevice and, if applicable, the new bootloader are validated and copied to replace the existing firmware.
When updating the application or the bootloader (without SoftDevice update), the existing application is retained during the update process.
The memory area between the end of the SoftDevice and the beginning of the bootloader (or the beginning of the application data, see Preserving application data) is divided into two banks. Bank 0 holds the existing application, and bank 1 is used to store the received image.
The following figure shows the DFU process for an application. A bootloader update works in the same way, except that the existing bootloader is replaced instead of the existing application.
The original application is located in memory bank 0. First, the bootloader erases bank 1. Existing application data can be retained; see Preserving application data for more information. The transferred image is then stored in bank 1. After all packets of the new application are received, both the old and the new application are present in the memory. This ensures that fallback to the old application is possible if the new application cannot be activated. If the new application can be activated, bank 0 is erased and the new application is copied from bank 1 to bank 0. Bank 1 is not erased until the bootloader initializes again.
In a single-bank update, the existing application is replaced with the new application during the transfer of the image. Single-bank updates are available only for application updates, because if an error occurs and the device is left without a valid application, you can recover it by uploading a valid application again. If the device is left without a valid bootloader or SoftDevice, you can recover it only by attaching a flash tool and updating the device with a flash programmer.
The following figure shows the DFU process for an application in single-bank mode.
First, the existing application is erased to prepare for the DFU transfer. The transferred image is then stored at the location of the old application, thus between the current SoftDevice and bootloader. Existing application data can be retained; see Preserving application data for more information. When the transfer is completed, the bootloader will validate the new application. If it is valid, the bootloader will start it. If it is not valid, the bootloader will reset, start in DFU mode, and wait for a new image to be uploaded.