tock-bootloader

tock-bootloader copied to clipboard

Although the bootloader can program the kernel and any application over serial, it cannot update its own code, since it is running from flash.

If the bootloader code relocates into RAM, it would be possible to arbitrarily overwrite its flash image. Thus, the bootloader could update itself.

I think the relocation step could be implemented simply by changing the linker script, so that all code sections are between _srelocate and _erelocate. The startup code will take care of the rest.

The only remaining item would be to add a corresponding command to tockloader.

Maybe this is a feature we don't actually want? It would allow a board to be bricked by a bad bootloader image (assuming the developer doesn't have a JLink). For a developer with only serial port access, the choice is either 1. a bad bootloader update could brick them, or 2. they are stuck with whatever version of the bootloader they started with.

Personally, I think 2. is the worse case, but maybe others feel differently. Thoughts?