• State TI Thinks Resolved
  • Locked Locked
  • Replies 3 replies
  • Answers 1 answer
  • Subscribers 102 subscribers
  • Views 332 views
  • Users 0 members are here
Support feedback
Options
Options
Similar topics

This thread has been locked.

If you have a related question, please click the "Ask a related question" button in the top right corner. The newly created question will be automatically linked to this question.

AM5718: Initial Boot Software Image Validation

Kris Ganev
Intellectual 295 points
Part Number: AM5718

In the AM571x Technical Reference Manual Rev. I Section 33.3.3 Overall Booting Sequence there is a check "Initial software image valid?" after Steps 5 and 6 and before step 7.

I couldn't find information on what kind of check the boot ROM performs.

I am interesting in this option because if the image in the permanent eMMC boot memory, for example, becomes corrupted then this check should fail and the boot process executed next device in the list which can be an USB port and allow the user to load new software through the USB port.

There is a boot sequence - eMMC -> USB. This sequence will allow to always boot from the eMMC and automatically switch to the USB only when the norma code in the eMMC has become corrupt. This is the booting schema that would be perfect for us.

There is a USB -> eMMC sequence that will allow the USB to be used any time it is required but it is not practical for normal boot from eMMC because it has to wait for USB timeout, which is 6 seconds.

  • 0
    TI__Guru 50045 points

    Hi,

    The details of that are described in Ch 33.3.8.

    For eMMC boot, there is GP header will read first to find the initial software.

    Regards,
    Stanley

  • 0 in reply to Stanley Liu
    Intellectual 295 points

    Thanks for your reply Stanley,

    It looks like the ROM code does not do any real image validity check, finding the GP is considered valid image.

    My concern is what to do if for some reason the eMMC boot image is corrupt? The 3 min watchdog timer will reset the processor but the boot ROM will attempt to boot from the same corrupt image.

    Is there any way around that?

    For example if there are two boot partition images - one main and one recovery - could the boot ROM switch to the recovery boot image if the reset source is anything other than cold reset (startup)?

    Thanks,

    Kris

  • 0 in reply to Kris Ganev
    TI__Guru 50045 points

    ROM code doesn't validate the sanity of the full image.

    Once it finds valid header and loads the image successfully, ROM code will disable Watchdog and jump to initial software image.

    At this point, ROM code is considered done.

    Typically, the initial software image is in the write-protected area to avoid corruption.

    You can add to your initial software to validate the boot image at the start and replace it with the image from recovery partition if it is corrupted.

    And then you can trigger a reset to reboot with the recovered image.

    In addition, you can also have the exception handler which will do the same thing since the corrupted image will typically lead to exception.

    Regards,

    Stanley