beautypg.com

1 bootstrap-loader mode, 1 bootstrap-loader mode -2, Maxq7667 user’s guide – Maxim Integrated MAXQ7667 User Manual

Page 220

background image

__________________________________________________________________________________________________________

13-2

MAXQ7667 User’s Guide

SECTION 13: IN-SYSTEM PROGRAMMING/BOOTLOADER

Note: The reader should be familiar with Section 11: Test Access Port (TAP) and Section 12: In-Circuit Debug Mode before reading
this section.

The MAXQ7667 is equipped with a bootstrap loader as part of the utility ROM firmware. The main function of the bootstrap loader is to

provide in-system programming capability to the user application. The MAXQ7667 in-system programming features include:

• Standard JTAG/TAP interface-based communication

• Built-in JTAG bootstrap loader for flash programming and verifying

• UART-based communication

• Built-in UART bootstrap loader for flash programming and verifying

• Password lock protection to prevent access to certain loader operations

13.1 Bootstrap-Loader Mode

The MAXQ7667 allows the user to program its flash through the JTAG or the UART port by allowing access to the ROM-based boot-

loader through these ports.

The bootloader is entered in one of three ways: by a JTAG request during the power-up sequence, through a UART request immedi-

ately after power up when no password has been set, and by jumping to the bootloader from the application code.

After a reset, the MAXQ7667 instruction pointer jumps to the beginning of ROM code (0x8000). The ROM code does some initial house-

keeping and then looks for a request from the JTAG port. If there is a valid request (i.e., SPE = 1, PSS = 00), the processor establish-

es communication between the ROM bootloader and the JTAG port. If there is no JTAG request and the password has been set (0x0010

to 0x001F is not all 0s or all Fs), the program execution jumps to the application code at address 0x0000. If the password has not been

set (0x0010 to 0x001F is all 0s or all Fs), the ROM code monitors the UART for 5 seconds waiting to receive the autobaud character,

0x0D (carriage return). If the autobaud character is not detected within 5 seconds, program execution jumps to the application code

at address 0x000. If the autobaud character is detected during the 5-second window, the UART is established as the bootloader com-

munication port and the MAXQ7667 responds with 0x3E. 0x3E is the loader prompt, which acknowledges that a command has been

completed.

Once communication has been established with the loader, the host has access to all the Family 0 Commands regardless of the state

of the PWL bit (Password Lock). If PWL = 0, all the loader commands are accessible. Family 0 commands all start with a 0 and pro-

vide basic functionality, but do not allow access to information in either program memory or data memory. This prevents unauthorized

access of proprietary information.

One of the Family 0 Commands is Password Match (0x03). The host can clear the PWL bit by transmitting this loader command fol-

lowed by the correct 32-byte password. If the 32 transmitted bytes match the information in flash at addresses 0x0010 to 0x001F, the

PWL bit is cleared and all loader commands are available. Executing the Password Match command and sending the wrong password

when the PWL bit is cleared sets the PWL bit and limits the loader to Family 0 Commands. If the bootloader is being entered from the

application code, the application code may clear the PWL bit before jumping to the loader. If this is done, all loader commands are

immediately available to the host. If the application code is used to clear the PWL bit, the application code should also provide secu-

rity features to prevent unauthorized access to proprietary information.

Another Family 0 Command is “Master Erase” (0x02). Executing this unprotected command erases the entire flash memory. Executing

a Master Erase removes the password and allows access to all the loader commands; however, since the proprietary code has been

erased, security is maintained. The Master Erase is a useful way to regain control of a chip where the password has been inadvertently

set or forgotten.

In applications where the JTAG port is not available, the password is set, and the user intends to flash the part through the UART port,

the user must develop reliable application code for jumping to the loader. This code must be debugged before setting the pass-
word. If the password is set, the JTAG port is not available, and the application code cannot start the loader or control the flash, it is

impossible to load a new program into flash.

The host can exit the loader by using the loader command “Exit Loader” (0x01), or a physical reset can be used to exit the loader. If

the Exit Loader command is used and a password has been set in flash, then program execution will immediately transfer to flash at

address 0x0000. If the password is not set in flash, then after exiting the loader the UART will be monitored for 5 seconds waiting for

the autobaud character. If the autobaud character is detected, the loader is reentered. If the autobaud character is not detected, pro-

gram execution transfers to flash at address 0x0000.

See also other documents in the category Maxim Integrated Hardware: