tl;dr: flashed firmware to 0x00000000 instead of 0x08000000, am I lost?
Hello,
my device is based on a STM32F103CBTx which came with a proprietary firmware and had readout protection on.
I connect to it with a ST-Link v2 SWDIO and SWCLK connected to PA13 and PA14 and this command:
sudo openocd -f /usr/share/openocd/scripts/interface/stlink-v2.cfg -f /usr/share/openocd/scripts/target/stm32f1x.cfg
I don't remember how I removed flash protection, but it worked as the original firmware didn't work anymore. Then I created a simple hello world firmware which pulls up and down three gpios and flashed it. The gpios are pulled up and down in 700ms intervals.
After flashing, I can't connect with openocd anymore. I forgot to specify the offset, the manual says the offset defaults to 0 and as it worked, I suppose instead of the boot loader my shitty hello world is pulling up and down some random pins happily… Is this possible? All other threads I found say the boot loader is write protected.
This is the last contact I had:
> halt
halt
target halted due to debug-request, current mode: Handler HardFault
xPSR: 0x01000003 pc: 0xfffffffe msp: 0xffffffdc
> flash write_image erase fw.hex
flash write_image erase fw.hex
auto erase enabled
target halted due to breakpoint, current mode: Handler HardFault
xPSR: 0x61000003 pc: 0x2000003a msp: 0xffffffdc
wrote 4096 bytes from file fw.hex in 0.285697s (14.001 KiB/s)
> reset
reset
jtag status contains invalid mode value - communication failure
Polling target stm32f1x.cpu failed, trying to reexamine
Examination failed, GDB will be halted. Polling again in 100ms
Any directions highly appreciated.
Edit:
What I get now, also tried another st-link:
% sudo openocd -f /usr/share/openocd/scripts/interface/stlink-v2.cfg -f /usr/share/openocd/scripts/target/stm32f1x.cfg
Open On-Chip Debugger 0.10.0
Licensed under GNU GPL v2
For bug reports, read
http://openocd.org/doc/doxygen/bugs.html
Info : auto-selecting first available session transport "hla_swd". To override use 'transport select '.
Info : The selected transport took over low-level target control. The results might differ compared to plain JTAG/SWD
adapter speed: 1000 kHz
adapter_nsrst_delay: 100
none separate
Info : Unable to match requested speed 1000 kHz, using 950 kHz
Info : Unable to match requested speed 1000 kHz, using 950 kHz
Info : clock speed 950 kHz
Info : STLINK v2 JTAG v17 API v2 SWIM v4 VID 0x0483 PID 0x3748
Info : using stlink api v2
Info : Target voltage: 3.244356
Error: init mode failed (unable to connect to the target)
in procedure 'init'
in procedure 'ocd_bouncer'
flashed firmware to 0x00000000 instead of 0x08000000, am I lost?
No, it doesn't matter at all, they are the same.
After reset, the MCU loads the word at address 0 in SP, and the next one at address 4 in PC. The BOOT0 and BOOT1 pins control which memory gets mapped to 0x00000000. Usually, BOOT0 is tied low, and flash memory at 0x08000000 gets mirrored at 0x00000000.
instead of the boot loader my shitty hello world is pulling up and down some random pins happily… Is this possible? All other threads I found say the boot loader is write protected.
The factory bootloader is indeed write protected, openocd can't overwrite it.
However, your application could have reconfigured the SWD pins, by writing a wrong value in GPIOA->CRH or AFIO->MAPR, thereby preventing openocd from working. It's the most common cause of this problem.
Fortunately, there is a way to recover.
Connect under Reset
If the reset pin of the controller is held low for a while when openocd is started, the application is prevented from starting, and messing up the GPIO configuration.
Openocd can do this automatically, when
It's told to do so, the line reset_config srst_only srst_nogate is present somewhere in the configuration script.
The MCU reset pin is connected to the debugger hardware, pin 15 on an official ST-Link/V2.
Or you can do it manually, by whatever means your board provides. If you are lucky, it has a reset button, if not, you must find a way to somehow ground the MCU reset pin.
Pull the reset pin low
Start openocd
Wait until the Info : Target voltage line appears. Maybe a second longer.
Release the reset pin.
It requires a bit of trial and error, you'll get better with practice.
Then you can flash your improved application, which carefully avoids reconfiguring the SWD pins.
Related
I'm having a problem: I can't program and debug my STM32G050F6P6 on my PCB.
I talked to many people in order to solve it, but nothing to do.
If you want you can see the discussions by clicking here.
To make a small summary:
with STM32Programmer I can program the MCU without problems (with the .elf file), but if I try to upload the code via STM32Cube IDE I get many problems (same thing for debugging).
I've already tried to change the debug and upload configurations in all possible ways, but NOTHING.
Now I tried to change the resistors that were located between the pins of the microcontroller and the connectors to which SWDIO and SWCLK of the ST-LINK/V2 are connected, and debugging goes with many problems (I remember that before changing the resistors the debugging).
Now that I've changed the resistors, from 1k to 20ohm, I can debug (SWD, Connect Under Rest or Software System Reset, 950khz), but the errors I get are these:
and:
Open On-Chip Debugger 0.11.0+dev-00449-g53fa0f7 (2022-06-09-09:42) [https://github.com/STMicroelectronics/OpenOCD]
Licensed under GNU GPL v2
For bug reports, read
http://openocd.org/doc/doxygen/bugs.html
Info : Listening on port 6666 for tcl connections
Info : Listening on port 4444 for telnet connections
Info : STLINK V2J40S7 (API v2) VID:PID 0483:3748
Info : Target voltage: 3.208388
Info : clock speed 950 kHz
Info : stlink_dap_op_connect(connect)
Info : SWD DPIDR 0x0bc11477
Info : STM32G050F6Px.cpu: Cortex-M0+ r0p1 processor detected
Info : STM32G050F6Px.cpu: target has 4 breakpoints, 2 watchpoints
Info : STM32G050F6Px.cpu: external reset detected
Info : starting gdb server for STM32G050F6Px.cpu on 3333
Info : Listening on port 3333 for gdb connections
Info : accepting 'gdb' connection on tcp/3333
target halted due to debug-request, current mode: Thread
xPSR: 0xf1000000 pc: 0x1fff1654 msp: 0x20000e48
Info : device idcode = 0x10006456 (STM32G05/G06xx - Rev A : 0x1000)
Info : RDP level 0 (0xAA)
Info : flash size = 32kbytes
Info : flash mode : single-bank
Error: Failed to read memory at 0xfffffffe
Error: Failed to read memory at 0xfffffffe
Info : accepting 'gdb' connection on tcp/3333
target halted due to debug-request, current mode: Thread
xPSR: 0xf1000000 pc: 0x1fff1654 msp: 0x20000e48
Info : Padding image section 0 at 0x080018c4 with 4 bytes (bank write end alignment)
target halted due to debug-request, current mode: Thread
xPSR: 0xf1000000 pc: 0x1fff1654 msp: 0x20000e48
Info : STM32G050F6Px.cpu: external reset detected
My question now is if I got the wiring diagram wrong.
Below you will find the image of the wiring diagram of the programming part:
wiring diagram (programming part)
Since I changed those two 1k resistors of SWDIO and SWDCLK (R14 - R15) I get the error from the previous post.
Did I miss something in the wiring diagram?
Addresses 0x1F...... are in the closed-source ROM bootloader, you can't debug that. If you want to debug your application then you need to set the boot mode pins correctly so that it starts, not the ROM. See AN2606 for instructions how to do that.
In a wireless project, I'm using en Nucleo STM32WLJC1 in dual core configuration.
I take DualCore Ping Pong ST code example, that I rework to make my own application.
I didn't touch anything of the CMO+ project, I only work on the applicative layer in CM4.
I've some problems about flashing the CM0+ Core.
The first time I flashed the board it works and now I've most of the times the folowing error when I try to flash the CM0+. It sometimes work one time for no reason.
Pop-up Problem Occurred Windows :
Error in final launch sequence:
Failed to start GDB server Failed to start GDB server Error in
initializing ST-LINK device. Reason: (255) Unknown. Please check power
and cabling to target.
Console informations
STMicroelectronics ST-LINK GDB server. Version 6.0.0 Copyright (c)
2021, STMicroelectronics. All rights reserved.
Starting server with the following options:
Persistent Mode : Disabled
Logging Level : 1
Listen Port Number : 61234
Status Refresh Delay : 15s
Verbose Mode : Disabled
SWD Debug : Enabled
Target unknown error 32
Error in initializing ST-LINK device. Reason: Unknown. Please check
power and cabling to target.
It looks like the STlink can't reach the core...
Someone may know what is happening ?
Is there a flashing configuration that has to be done? (to chose which core we want to flash)
trying to program and debug STM32F103 (Bluepill) from Atollic TrueStudio 9.3 I got following message:
STMicroelectronics ST-LINK GDB server. Version 5.1.0 Copyright (c)
2018, STMicroelectronics. All rights reserved.
Starting server with the following options:
Persistent Mode : Disabled
Logging Level : 1
Listen Port Number : 61234
Status Refresh Delay : 15s
Verbose Mode : Disabled
SWD Debug : Enabled
Vendor = 0x55
Error in initializing ST-LINK device. Reason: ST-LINK: Could not
verify ST device! Abort connection.
Trying to do the same thing in St-Link utility works without any problems (also erasing and programming):
What could be the problem with this, why does it have problems with verification ?
Tnx for helping in advance!
The problem is that the ID of the STM32F103 on the BluePill and the ID, defined the debugger config files are different. Often the BluePills have counterfeit ICs on them in order to keep the price low, but these do not have the same ID as genuine ICs.
The Instructions/video below are made for STM32CubeIDE however they should also work for TrueSTUDIO.
Video about a workaround: https://youtu.be/bJYp8o7FoYo
Open the Debug Configuration Window
Select ST-LINK(OpenOCD) in the Debug Probe Dropdown
Search stm32f1x.cfg file the C:\ST\STM32CubeIDE_1.2.0\STM32CubeIDE and open it using notepad.
Search for this Line
Now change the ID from 0x1ba01477 to 0x2ba01477 as shown here
Save the file, now debugging should work
this solution also works for clone chips like CH32F103 which is in some cases on BluePill
the other solution is to change a parameter in "stm32f1x.cfg"
open it with a text editor and find this line:
swj_newdap $_CHIPNAME cpu -irlen 4 -ircapture 0x1 -irmask 0xf -expected-id $_CPUTAPID
change "$_CPUTAPID" to zero at the end of line it should be like this:
swj_newdap $_CHIPNAME cpu -irlen 4 -ircapture 0x1 -irmask 0xf -expected-id 0
after that :Open the Debug Configuration Window like picture above and choose "Select ST-LINK(OpenOCD)" in the Debug Probe Dropdown
then click "Show generator options…” and in Mode setup change"Reset Mode”For“Software system reset”.
both of ways works and i've tested them with CubeIDE and CH32f103c8t6.
remember to change jumper on board
jumpers : up = 0 ; down = 1
I am trying to setup a eclipse development environment to work with stm32f303 nucleo 32 board.
http://www.st.com/en/evaluation-tools/nucleo-f303k8.html
So far, the all the tools seems to be correctly installed and working: I have succefully compiled and started openocd debugger for stm32f4 discovery and when I connect stm32f303 nucleo 32 board and start openocd, the led on the board indicates that it is connected. (I have flashed the board.)
The thing is openocd get lost when I do step by step debugging and this seems related to the message openocd gives me when started (look for bold line):
Open On-Chip Debugger 0.9.0 (2015-05-19-12:09)
Licensed under GNU GPL v2
For bug reports, read
http://openocd.org/doc/doxygen/bugs.html
adapter speed: 1000 kHz
adapter_nsrst_delay: 100
Info : The selected transport took over low-level target control. The results might differ compared to plain JTAG/SWD
none separate
srst_only separate srst_nogate srst_open_drain connect_deassert_srst
Info : Unable to match requested speed 1000 kHz, using 950 kHz
Info : Unable to match requested speed 1000 kHz, using 950 kHz
Info : clock speed 950 kHz
**Error: libusb_open() failed with LIBUSB_ERROR_NOT_SUPPORTED**
Info : STLINK v2 JTAG v27 API v2 SWIM v15 VID 0x0483 PID 0x374B
Info : using stlink api v2
Info : Target voltage: 3.239293
Info : stm32f3x.cpu: hardware has 6 breakpoints, 4 watchpoints
Does someone know how to fix usb driver in that case, or it is possible that something else cause the problem?
In case you experience this issue on Linux, you have to configure udev rules to work with the device. Find the 99-openocd.rules included with the source distribution of openOCD under Contributions. Connect your ST-Link USB-device and run 'lsusb' from a terminal, it will list something like this:
Bus 004 Device 009: ID 0483:3748 STMicroelectronics ST-LINK/V2
Notice the value behind ID, you want to check the 99-openocd.rules to see if there is a matching entry supporting the device, in the above case it's this one:
# STLink v2
ATTRS{idVendor}=="0483", ATTRS{idProduct}=="3748", MODE="664", GROUP="plugdev"
Copy this file to your /etc/udev/rules.d configuration directory and reboot your machine. Then try debugging again.
The OpenOCD distribution includes some libusb drivers, and recommends to run the zadig.exe tool to activate them. This will solve your problem.
http://zadig.akeo.ie/
As #silverdr mentioned in the comments, disconnecting the device and reconnecting it worked for me.
I closed SWD and JTAG by acident so that I can't download new program into developboard by j-Link.Then I try using j-flash ARM to erase chip, and error comes like this:
Connecting ...
- Connecting via USB to J-Link device 0
- J-Link firmware: V1.20 (J-Link ARM V8 compiled Dec 1 2009 11:42:48)
- JTAG speed: 2000 kHz (Auto)
- Initializing CPU core (Init sequence) ...
- Executing Reset (0, 0 ms)
- Initialized successfully
- JTAG speed: 2000 kHz (Auto)
- Connected successfully
Reading entire flash chip ...
- 64 sectors, 1 range, 0x8000000 - 0x800FFFF
- ERROR: RAM check failed # address 0x20000000.
- ERROR: Write: 0x03020100 07060504
- ERROR: Read: 0xAAAAAAAA AAAAAAAA
- ERROR: (0 bytes of RAM have been checked successfully)
- ERROR: Failed to read back target memory
Disconnecting ...
- Disconnected
I don't know how to use BOOT0 and BOOT1 to get into ISP mode. BOOT0 is connected to GND.
Post some information about your environment.
Are you using IAR EWARM? If you're not, you should download the size-limited trial version. Then, load one of the basic program examples, and try to flash it to your board.
What board are you using? And what do you mean you "closed" SWD and JTAG? I'm not sure what that refers to...jumpers? options window?
Help us out here.