Mirrors_Framework/PX4-Autopilot
1
0
Fork 0
mirror of https://github.com/PX4/PX4-Autopilot.git synced 2026-05-31 18:47:21 +08:00
Code Issues Actions 20 Packages Projects Releases Wiki Activity
Files
pr-aedrox
PX4-Autopilot/boards/cubepilot/cubeyellow/nuttx-config/scripts/script.ld
T
Julian Oes 1a3d232e7b fix(bootloader): remove broken PROTO_SET_DELAY boot-delay feature (#27081) 
The bootloader boot-delay feature has been mechanically broken on
every modern FMU board since the STM32F7/H7 transition. It has three
independent bugs that prevent it from ever working:

1. Offset mismatch: BOOT_DELAY_ADDRESS is hardcoded to 0x1a0, but the
   NuttX vector table is 504 B (F76x) to 664 B (H743) long. The
   linker places _bootdelay_signature at ALIGN(32) past end of
   vectors (e.g. 0x2a0 on CubeOrange), never at 0x1a0. The bootloader
   reads random exception_common pointers in place of the magic and
   never matches BOOT_DELAY_SIGNATURE1/2. Verified on CubeOrange with
   objdump of cubepilot_cubeorange_default.elf.

2. Flash cache never flushes: fc_write() stores arbitrary writes in
   cache line 1 and only flushes on a very specific condition tied
   to the sequential firmware upload flow. A standalone write during
   PROTO_SET_DELAY is cached forever. fc_read() then returns the
   cached value, so the post-write verify lies and the bootloader
   reports success. Nothing ever reaches flash.

3. H7 write granularity: the STM32H7 flash controller requires a
   full 32-byte program cycle per write. Single 32-bit writes from
   flash_func_write_word() would not be accepted by the controller
   even if they reached it.

The feature has been silently dead on every H7/F7 FMU board for
years and no one noticed, which is strong evidence nothing actually
depends on it. Rather than fix it (which would mean rewriting
PROTO_SET_DELAY, the flash cache path, and the H7 flash programming
path), remove it.

Changes:
- bl.c: PROTO_SET_DELAY case now immediately NACKs (goto cmd_bad)
  so clients that still send the command get a clear rejection
  instead of the previous silent fake-success. The opcode stays in
  the protocol enum for backwards compatibility.
- bl.h: drop BOOT_DELAY_SIGNATURE1/2 and BOOT_DELAY_MAX.
- stm/stm32_common/main.c, nxp/imxrt_common/main.c: drop the
  startup boot-delay sig check block.
- image_toc.c: decouple find_toc() from BOOT_DELAY_ADDRESS.
  BOARD_IMAGE_TOC_OFFSET is now the required define when
  BOOTLOADER_USE_TOC is enabled. The body is wrapped in #ifdef
  BOOTLOADER_USE_TOC and falls back to a stub returning false when
  the TOC is not in use (no upstream board currently enables it).
- Linker scripts: strip EXTERN(_bootdelay_signature) and the
  FILL/. += 8 block from all 142 affected .ld files across boards/.
- hw_config.h: strip the #define BOOT_DELAY_ADDRESS and its comment
  block entry from all 48 affected boards.
- Tools/px4_uploader.py, Tools/teensy_uploader.py: remove --boot-delay,
  set_boot_delay(), and SET_BOOT_DELAY client-side counterpart.

Smoke-built on cubepilot_cubeorange_default and
cubepilot_cubeorange_bootloader; no link errors, no unresolved
symbols, flash usage unchanged.

Tested:
- New BL, new FW
- Old BL, old FW
- Old BL, new FW
- New BL, old FW
2026-04-29 13:04:03 +12:00

174 lines
5.4 KiB
Plaintext
Raw Permalink Blame History

/****************************************************************************
* scripts/script.ld
*
* Copyright (C) 2020 Gregory Nutt. All rights reserved.
* Author: Gregory Nutt <gnutt@nuttx.org>
*
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
* 3. Neither the name NuttX nor the names of its contributors may be
* used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
* FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
* COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
* BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
* OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
* AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
* ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
* POSSIBILITY OF SUCH DAMAGE.
*
****************************************************************************/
/* The STM32F765IIT6 has 2048 KiB of main FLASH memory. This FLASH memory
* can be accessed from either the AXIM interface at address 0x0800:0000 or
* from the ITCM interface at address 0x0020:0000.
*
* Additional information, including the option bytes, is available at at
* FLASH at address 0x1ff0:0000 (AXIM) or 0x0010:0000 (ITCM).
*
* In the STM32F765IIT6, two different boot spaces can be selected through
* the BOOT pin and the boot base address programmed in the BOOT_ADD0 and
* BOOT_ADD1 option bytes:
*
* 1) BOOT=0: Boot address defined by user option byte BOOT_ADD0[15:0].
* ST programmed value: Flash on ITCM at 0x0020:0000
* 2) BOOT=1: Boot address defined by user option byte BOOT_ADD1[15:0].
* ST programmed value: System bootloader at 0x0010:0000
*
* NuttX does not modify these option byes. On the unmodified NUCLEO-144
* board, the BOOT0 pin is at ground so by default, the STM32F765IIT6 will
* boot from address 0x0020:0000 in ITCM FLASH.
*
* The STM32F765IIT6 also has 512 KiB of data SRAM (in addition to ITCM SRAM).
* SRAM is split up into three blocks:
*
* 1) 128 KiB of DTCM SRM beginning at address 0x2000:0000
* 2) 368 KiB of SRAM1 beginning at address 0x2002:0000
* 3) 16 KiB of SRAM2 beginning at address 0x2007:c000
*
* When booting from FLASH, FLASH memory is aliased to address 0x0000:0000
* where the code expects to begin execution by jumping to the entry point in
* the 0x0800:0000 address range.
*
* Bootloader reserves three 32K banks (2 Mbytes Flash memory single bank)
* organization (256 bits read width)
*/
MEMORY
{
FLASH_ITCM (rx) : ORIGIN = 0x00218000, LENGTH = 1952K
FLASH_AXIM (rx) : ORIGIN = 0x08018000, LENGTH = 1952K
ITCM_RAM (rwx) : ORIGIN = 0x00000000, LENGTH = 16K
DTCM_RAM (rwx) : ORIGIN = 0x20000000, LENGTH = 128K
SRAM1 (rwx) : ORIGIN = 0x20020000, LENGTH = 368K
SRAM2 (rwx) : ORIGIN = 0x2007c000, LENGTH = 16K
}
OUTPUT_ARCH(arm)
EXTERN(_vectors)
ENTRY(_stext)
/*
* Ensure that abort() is present in the final object. The exception handling
* code pulled in by libgcc.a requires it (and that code cannot be easily avoided).
*/
EXTERN(abort)
SECTIONS
{
.text : {
_stext = ABSOLUTE(.);
*(.vectors)
. = ALIGN(32);
*(.text .text.*)
*(.fixup)
*(.gnu.warning)
*(.rodata .rodata.*)
*(.gnu.linkonce.t.*)
*(.glue_7)
*(.glue_7t)
*(.got)
*(.gcc_except_table)
*(.gnu.linkonce.r.*)
_etext = ABSOLUTE(.);
} > FLASH_AXIM
/*
* Init functions (static constructors and the like)
*/
.init_section : {
_sinit = ABSOLUTE(.);
KEEP(*(.init_array .init_array.*))
_einit = ABSOLUTE(.);
} > FLASH_AXIM
.ARM.extab : {
*(.ARM.extab*)
} > FLASH_AXIM
__exidx_start = ABSOLUTE(.);
.ARM.exidx : {
*(.ARM.exidx*)
} > FLASH_AXIM
__exidx_end = ABSOLUTE(.);
_eronly = ABSOLUTE(.);
.data : {
_sdata = ABSOLUTE(.);
*(.data .data.*)
*(.gnu.linkonce.d.*)
CONSTRUCTORS
_edata = ABSOLUTE(.);
} > SRAM1 AT > FLASH_AXIM
.bss : {
_sbss = ABSOLUTE(.);
*(.bss .bss.*)
*(.gnu.linkonce.b.*)
*(COMMON)
. = ALIGN(4);
_ebss = ABSOLUTE(.);
} > SRAM1
/* Stabs debugging sections. */
.stab 0 : { *(.stab) }
.stabstr 0 : { *(.stabstr) }
.stab.excl 0 : { *(.stab.excl) }
.stab.exclstr 0 : { *(.stab.exclstr) }
.stab.index 0 : { *(.stab.index) }
.stab.indexstr 0 : { *(.stab.indexstr) }
.comment 0 : { *(.comment) }
.debug_abbrev 0 : { *(.debug_abbrev) }
.debug_info 0 : { *(.debug_info) }
.debug_line 0 : { *(.debug_line) }
.debug_pubnames 0 : { *(.debug_pubnames) }
.debug_aranges 0 : { *(.debug_aranges) }
.ramfunc : {
_sramfuncs = .;
*(.ramfunc .ramfunc.*)
. = ALIGN(4);
_eramfuncs = .;
} > ITCM_RAM AT > FLASH_AXIM
_framfuncs = LOADADDR(.ramfunc);
}
Reference in New Issue View Git Blame Copy Permalink