Tinysafeboot Bootloader

Project home: https://github.com/seedrobotics/tinysafeboot

The Tinysafeboot is a compact, feature-rich bootloader for ATMEGA and ATTINY devices.
It was originally written by Julien Thomas and Seed Robotics has since expanded and improved on his excellent work.

  • Use only 512kb (256pages) of Flash + 1 page for configuration on ATMEGA (slightly more on ATTINY)
  • Flash Read/Erase/Write/Verify
  • EEPROM Read/Erase/Write/Verify
  • Configurable timeout without need to recompile/re-install
  • Configurable Password: prevents accessing and Reading of device memories.
  • Emergency Erase: deletes all contents including user password, restoring access to the bootloader
  • Capable of individually initiating a bootloader session (for firmware update, for example) with multiple devices connected in a daisy chain (each device needs a unique password, for individual activation)

All our improvements and new features are published open source in the Github repository above.

So far we have:

  • Written a new PC side software in Mono (compatible with Windows/Linux/Mac OS) which improves device programming speed and brings new capabilities such as multiple operations in one single session
  • Written a GUI (Windows, C#) to to offer a Graphical Interface for the command line options
  • Fixed a bug in the password checking that impaired operation when multiple devices are daisy chained (backwards compatible fix)
  • Added Configurable “Magic Bytes” where you can program 2 bytes (identify different models, batch numbers, …). This is stored in the same area as the configurable password and timeout, separately from the program Flash and EEPROM areas for protection.

Booting

The bootloader takes up 512bytes of space in ATMEGA devices and slightly more on ATTINY devices.

On ATMEGA it is a straightforward Bootloader, where you simply need to set the fuses appropriately for Bootloader of size 256pages (512bytes)

On ATTINY, due to the lack of Bootloader fuses, the code loads to the top of Program memory.
[THIS SECTION NEEDS REVIEWING]
Whenever you upload a new flash program, it is loaded to the base of the flash area and the first page is modified to JUMP to the bootloader area.
Once the bootloader terminates, it executes the re-mapped instruction on the first page and returns control to the second page.
[REVIEWING ENDS]

Configurable Timeout, Password, Magic Bytes

The Timeout, Password and Magic bytes are stored in the Last Page of the Program area (just below the bootloader).

This is a safe way to ensure configuration does not take up EEPROM space and that it won't typically be overwritten inadvertently.

Because the last page is within the program area, it can be re-written using commands to write FLASH contents.
The TSB binary on the device ensures this isn't overwritten when writing the Program Flash.
Furthermore, programmers can access this configuration data from their own application by using the GNU C compiler's pgm_read_data and pointing at the last page, before the bootloader area begins.

Configuration Data is stored in the Last Page of Program space, in the following manner:

TOP OF LAST PAGE
.
(remaining bytes until end of the page are set to 0x00, as a work-around for the Daisy Chain programming bug in old bootloader versions; see issue tracker on Github)
.
[j+2] Second Magic Byte
[j+1] First Magic Byte
[j] Password Termination character = 0xFF
.
.
[1] Password byte 1
[0] TIMEOUT (byte)
START OF LAST PAGE

IMPORTANT:
The Magic Bytes and 0x00 fix at the top of Last page are only possible when using Seed Robotics' PC side loader tool; the old/original loader tool can only set Timeout and Password. In fact, if you configure these parameters with the Seed RObotics loader tool and later reconfigure them with the old/original loader tool, they will be erased.
These features are compatible with all firmware versions of the TSB bootloader (even older versions before the Seed Robotics contributions), as long as you use the Seed Robotics' PC side loader tool.

In reality, if you refer to the source code of our loader tool, you will see the TSB binary on the ATMEL device gives you a command to write whatever you want to the remaining space in Last Page, after the Timeout and Password are written.
For us, at Seed Robotics, we felt it could be leveraged by adding a storage space for 2 magic bytes. Nevertheless the possibilities are endless as the bootloader on the device side gives you access to write the full page contents.

Copyright © 2015-2019 Seed Robotics Ltd

  • tsb/home.txt
  • Last modified: 2019/07/26 15:51
  • by pedro.ramilo