Vault 7: Projects

This publication series is about specific projects related to the Vault 7 main publication.

updating must also be modified, so as to search for and connect up to the proper USB device with the new VID/PID. In the
“\usb\device\bootloaders\utilities\qt5_src\Bootloader” host/PC GUI source code, the VID/PID values can be changed by
editing the #define VID and #define PID constants (which currently resides in the Comm.h file).
1.6.3.1.2 Safe Boot Loading Considerations
This section discusses some items to consider to avoid common pitfalls when implementing a boot loading solution.
Description
When an application implements self reprogramming capability, it is strongly recommended to also simultaneously
implement provisions to ensure the microcontroller does not execute at voltages that are too low for the configured
frequency (ex: don’t violate the voltage versus frequency graph in the datasheet). Overclocking the microcontroller (ex: by
running a full frequency, but at a voltage below the required minimum from the device datasheet) can result in possible
instruction op-code mis-fetch or mis-execution. This can result in unexpected code flows, allowing normally unreachable
code to get reached. This can potentially result in unintended activation of bootloader/flash memory self programming code,
possibly causing the erasure or corruption of important program memory. This potential problem is best avoided by
implementing provisions in both the bootloader firmware and the application firmware project, to either outright prevent all
code execution during the low/inadequate voltage condition (ex: by enabling and using BOR, and/or putting the
microcontroller to sleep mode), or by clock switching to a low enough frequency at runtime, so as to always meet the
datasheet voltage versus frequency requirements.
Additionally, special consideration is needed if enabling the watchdog timer (WDT) feature of the microcontroller. The WDT
can be used in applications with a bootloader, but the timeout period must always be configured to be longer than the worst
case flash page erase and block programming duration. Failure to do so may result in unexpected timeout/reset occurring
during the erase/program sequence, leading to unintended NVM contents.
1.6.3.1.3 Configuration Bits
Configuration bits and their impact on boot loading applications.
Description
Make certain that all configuration bit settings between the bootloader firmware project, and the application firmware project,
match 100% exactly. If they do not match, modify one or both projects until they do. The microcontroller hardware only
implements one set of configuration bits, and therefore, the configuration bit settings are always shared between the
bootloader firmware and application firmware projects.
Attempting to declare two sets of configuration bits (that are not 100% exactly the same) can prevent the application and
bootloader firmware image .hex files from being successfully merged when using the loadable project feature in MPLAB X
(see the Merging Bootloader and Application Project Output section).
By default, the HID bootloader does not reprogram the microcontroller config bits during an erase/program/verify sequence.
Reprogramming the configuration bits is generally not recommended, since doing so is generally considered much more
“dangerous” to the application, than reprogramming the normal application firmware code. When reprogramming the
configuration bits, it is very easy to leave the application in a permanently broken (“bricked”) condition, if any of the new
configuration bit settings are not 100% compatible with the hardware of the application. Certain config bit settings, such as
the oscillator, BOR, extended instruction set, WDT, etc., are especially hazardous, since changing them can easily leave
both the bootloader firmware and application firmware images in a non-operable (or non-USB operable) state, thereby
preventing further re-programming operations.
However, if absolutely necessary, the HID bootloader firmware and PC GUI applications do support reprogramming of the
configuration bits. Doing so requires a special PC GUI/bootloader firmware “unlock” sequence to be executed. This occurs
when the host/PC GUI program sends the “UNLOCK_CONFIG” bootloader command to the firmware. For applications that
will support config bit reprogramming, it is recommended to hide the option from the PC GUI program, so that it is not
accessible to end consumers, except in special circumstances when truly necessary.
For some USB microcontrollers (namely PIC18FxxJxx USB microcontrollers), the configuration bits are stored in normal
program flash memory, at the end of the application firmware program space. On these microcontrollers, the configuration
1.6 Demos MLA - USB Library Help Device - Boot Loader - HID
241

e-Highlighter

Click to send permalink to address bar, or right-click to copy permalink.

Un-highlight all Un-highlight selectionu Highlight selectionh