#DFU PUSH_TO_STORAGE and PUSH_TO_STORAGE_FAST
#Role
Write a part of the firmware in the NVM (external SPI flash).
#Command
#PUSH_TO_STORAGE
| Field |
Value |
| CLA |
5D (DFU) |
| INS |
07 |
| Data |
See below |
#PUSH_TO_STORAGE_FAST
| Field |
Value |
| CLA |
5D (DFU) |
| INS |
17 |
| Data |
See below |
#Data for PUSH_TO_STORAGE and PUSH_TO_STORAGE_FAST
#First packet
| Bytes |
Description |
| 0-1 |
ID of target storage area (see table below) |
| 2-5 |
CRC32 of the following binary content |
| 6-9 |
Length of the following binary content |
#Storage IDs
| Part ID |
Description |
Remark |
0000 |
Firmware for the MCU |
|
0001 |
Firmware for the NFC/RFID HF chipset (PN5180) |
For devices with a NFC/RFID HF interface |
0002 |
Firmware for the BLE chipset (BGM111) |
For devices with a BLE interface |
0003 |
Audio packs |
For devices with an audio output capability |
0004 |
Firmware for the ‘Vegas’ antenna |
For devices with the UI interface delegated to a PIC or RL78/G12 |
0005 |
Firmware for the network chipset |
|
#Next packets
| Bytes |
Description |
| 0-x |
Binary chunk (max 128 bytes per packet) |
#Response
| Byte |
Name |
Description |
| 0 |
STAtus |
00 (SUCCESS) if execution is OK; see List of STAtus for error codes |
#PUSH_TO_STORAGE and PUSH_TO_STORAGE_FAST how-to
The SPI flash (NVM) is technically divided in pages and blocks, but ‘logically’ divided into storage areas (see NVM mapping Appendix for details).
Both the PUSH_TO_STORAGE and PUSH_TO_STORAGE_FAST commands write into a storage area and work in a sequence:
- The first packet of the sequence selects the target storage area (firmware for MCU, firmware for NFC/RFID HF frontend, firmware for BLE interface, etc)
- The next packets convey the content to be written into the selected area; the sequence terminates when the expected length has been received or PUSH_TO_STORAGE_CANCEL is invoked
The commands are different in the way they erase the flash blocks before writing:
-
PUSH_TO_STORAGE erases all the blocks that make up the targetted storage area in the beginning (when receiving the first packet of the sequence). Erasing a complete area takes 2 to 10 seconds (depending on the size of the area), and therefore the calling software must allow a long timeout when waiting for the response to PUSH_TO_STORAGE’s first packet.
-
PUSH_TO_STORAGE_FAST erases the blocks only when they are about to be written (when receiving a binary chunk that goes to a new block). This allow shorter timeouts, and the global process is faster if the storage area is not fully occupied.
To write a new firmware into a device,
- Invoke GET_CONTEXT to retrieve the device’s characteristics,
- Confirm the device is not in rescue mode and features a NVM (otherwise only PUSH_TO_ROM is supported) and check the protocol version: version 1 supports only PUSH_TO_STORAGE, PUSH_TO_STORAGE_FAST has been introduced in version 2,
- Open the firmware file and locate all parts – every part maps to an area in the SPI flash. See Format of Firmware files for details,
- For each part, send the first 10-byte packet with ID of the part, the CRC32 and the length of the following binary content, and then loop sending the actual content by pieces of 128 bytes (last packet could be truncated to a smaller length),
- Reset the device using either DFU CLAss’ RESET or another method such as CONTROL CLAss’ RESET
- Wait until the device’s bootloader performs the firmware upgrade (i.e. copies the new binaries from the external SPI flash to the MCU and to the other chipsets) – this could take up to 60s; do not power down the device while the upgrade is running.