Replacing & Flashing Damaged Cortex M3 Chip

So my MCU on the back has sustained some physical damage and the spark was unresponsive after that so I’ve since then painstakingly and carefully de-soldered the chip from underneath.

Right after I started the desol process I realized my theory of just replacing the chip and flashing it again with the firmware may not have been well thought out at all.

I got some time to think while I continued desoldering, so I have the following doubts:

  1. Does the Cortex MCU come with a custom bootloader which will be absent on the MCU that I purchase outside, which will prevent me from just soldering the chip on and flashing it?

  2. I have some experience with AVR Chips and to flash firmware onto it using the USB/UART usually means there is a bootloader already on these chips that enables this flashing using the USB. Does the same thing apply to STM32F103 or can it actually be flashed using the USB?

  3. I’m assuming CC3000 comes with its own firmware from TI or would I need to meddle with it as well? If I do then this is probably the end of the line for this Spark module and I’ll have to get myself a new one.

Would appreciate it if I got some clarity on this. Thanks!

Unless you’ve got a JTAG programmer, you’ll be SOL as the STM32 has a custom boot loader onboard to handle DFU updates.

As far as AVR chips go, the ones used on Arduino boards have a special boot loader onboard that allow them to be flashed over UART. However, these can be flashed over SPI without a boot loader, so if you have access to a Raspberry Pi or another, working Arduino, flashing them isn’t a big deal.

Anyway, the good news is that you might be able to pickup a suitable JTAG programmer for around what a new Core costs from eBay. They’re exceedingly handy, especially if you get one capable of debugging. A worthy investment, I’d say.

The CC3000 has its own onboard flash that holds the firmware, so you’re good to go there. (You can even upgrade the firmware directly from the microcontroller over the SPI interface. There’s also a separate I2C interface for direct access to the flash in case something goes horribly wrong!)

I’ll also add, a ST-Link V2 is cheap and works great for reflashing your Core. They are $21.25 at Digikey

And while you could build your own JTAG interface for free, I would recommend buying one from Spark to save you some headaches.

Seems like a lot of work, but once you do all that and breathe life back into your Core… I’ll personally give you a 1337 wizard title and an Internet high five!:hand:

4 Likes

Huh… Actually, the STM32 has a factory programme bootloader!

https://my.st.com/public/STe2ecommunities/mcu/Lists/cortex_mx_stm32/Attachments/18225/AN2606.pdf

http://dangerousprototypes.com/docs/STM32_ARM_quick_start

(I totally just stumbled onto this by accident!)

1 Like

Hey Timb & BDub, thanks so much for the replies.

Ok so I have a few follow up questions before I go purchasing something. I’ll also include a set of doubts that I need clearing up in my quest for the Wizard Title!!! I hope thats okay.

  1. @timb mentioned that the STM32 on the Spark comes packaged with a custom Spark Bootloader. I’ve read on their page that they are going to release this Custom Bootloader to open source soon.
  • I would assume that flashing the Custom Bootloader (when it releases) onto a new STM32 would require a JTAG Programmer?
  1. Ok so according to Timb’s second post, the STM32 (bought separately) comes pre-loaded with a factory Bootloader which actually allows UART Flashing!!! Does that mean I can Flash the spark:core-firmware onto the newly bought STM32 over the USB (i.e. I would solder the new chip in place of the old one retaining all previous USB/UART connections and hence use the Spark’s USB port itself to flash/program)?
  • In other words does the Factory Bootloader of a new STM32 Chip support DFU_Utils?
  • Or is there an alternate way to upload the firmware over USB onto a new STM32 other than the DFU_Utils process?
  1. It seems highly unlikely the USB solution (easier) will work out, so I might just be stuck with the JTAG solution Timb and @BDub mentioned. So if I’m not wrong the flashing process is just uploading the one “.bin” file onto the STM32.
  • So basically I solder the new STM32 Chip onto the Spark Core
  • Connect one end of the JTAG Programmer to my computer
  • Connect the other end to the STM32 via the DIY solution or the JTAG Shield
  • Flash Away and I’m good to go???

Also I’ve never used a JTAG Connector before so I guess I’ll have to figure the “Flash Away” part myself. Any chance you guys can point me in the right direction?

Yes, thats all you would need to do and its the only way. You’ll need a copy of the .bin file of the custom bootloader, since its not released yet. Drop us an email when you get there!

@nitnut
**Update: ** The bootloader is now open sourced! You can find it on the spark github repo: https://github.com/spark/bootloader

3 Likes

@mohit Woot!!! Thanks so much! I just cloned the repo and had a smooth build and have my own .bin file.

I’m about to order the JTAG Programmer mentioned earlier.
So this is what I’m going to do and I’m fairly confident this will work:

  • Flash the Bootloader using the JTAG Programmer
  • Flash the Firmware using the USB

However, annoyingly I have one final doubt. Please correct me if my assumptions are wrong:

  1. If I want to flash the Bootloader & Firmware only using the JTAG Programmer:
  • I first Flash the Bootloader using the JTAG
  • I then Flash the Firmware using the JTAG (and magically they are flashed on different parts of the MCU’s memory)
  • Or is this not recommended?
  1. If I want to flash the Firmware ONLY not wanting the Bootloader or the USB functionality:
  • I do-not Flash the Bootloader
  • I only Flash the Firmware using JTAG (and the Spark core works fine without USB flashing capabilities)
  • Now I’m scared the Bootloader is used for more than just the USB Flashing?

Will update on the progress soon!

@nitnut I don’t know if you got an email from the Spark Team yet with files & instructions… but when I did it this is how it went.

  1. Flash the USB Bootloader via JTAG at the lowest address (0x08000000)
  2. Flash the Core Firmware (with any application.cpp Firmware) via JTAG or USB at an address slightly higher than the USB Bootloader. (0x08005000)
    You can alternatively load in application.cpp firmware now over the air from the Sparkulator.

You should be able to erase your STM32 at any point over JTAG if you mess up. Hopefully all of the pins are soldered well… double check that if you can’t get your JTAG connected at first.

1 Like

@BDub I think they’ve released the files needed already or at least given instructions on building them ourselves on their github page. As per my understanding they are ‘core-firmware.bin’ & ‘bootloader.bin’.

My lack of experience with JTAG programmers is clearly apparent with that stupid question, but thanks so much for clearing it up.

Will keep the points in mind. I’m sure I’ll run into issues. Thanks so for the help so far, will keep you posted!

You are correct, and the way they are naming things is a little different than I remember… I edited my post to reflect this :wink:

Hi @nitnut,

Each stm32 has a unique hardware ID, and each core has a unique private keypair and a copy of the server public key. These bits of information allow the core access to the cloud and secure communications between the two. I’ve been working on a command line tool, and will try to integrate a “write everything from scratch” process that will save you some headaches. I’ll try to post details on that tool when it’s ready here. :smile:

Thanks,
David

I have built the core firmware and the bootloader and it will not run because I am on virgin hardware and it does not have the keys loaded. I managed to generate the private/public key for the device and will email that along. But I need the public key image. Is there a .der file that can be downloaded?

Nice!

You can grab that public key here:
https://s3.amazonaws.com/spark-website/cloud_public.der

dfu-util -d 1d50:607f -a 1 -s 0x00001000 -v -D cloud_public.der

You’ll also need someone at Spark to add your new spark core ID and key to the database. Can you email david@spark.io with your old core id, and your new core id and public key? Or if you don’t have the original core id, can you email me from the email account you used on the build site?

Thanks,
David

Still no joy!

I have programmed the public key as instructed above. I have installed the private key and sent it’s public key. Dave Thank you for installing it in the DB.

I have verified in the debugger that the keys are valid.
but I do not get a responce in SparkProtocol::handshake(void)

err = blocking_receive(queue, 384);
if (0 > err) return err;

It Times out end returns -1

What is the best way to debug this?