diff options
| author | Keith Packard <keithp@keithp.com> | 2013-03-23 02:18:55 -0700 |
|---|---|---|
| committer | Keith Packard <keithp@keithp.com> | 2013-05-07 20:16:52 -0700 |
| commit | 35ef1f17e3efaa6d586ab7bb301f8133d52023b6 (patch) | |
| tree | 031414fc3f9714a8e9dcdbd97e8db66b7a63ad03 | |
| parent | db7f17980c303e442f88c8a4168351dbc2c0b1a0 (diff) | |
altos: Validate boot chain start address
If the first block of boot memory has been smashed, and the start
address is bogus, don't bother trying to jump to the
application. This makes the system more resiliant to flash failures,
presuming the loader erases the first block, programs the other blocks
and then finally comes back to program the first block.
Signed-off-by: Keith Packard <keithp@keithp.com>
| -rw-r--r-- | src/stm/ao_boot_chain.c | 8 |
1 files changed, 5 insertions, 3 deletions
diff --git a/src/stm/ao_boot_chain.c b/src/stm/ao_boot_chain.c index 9c63272b..668f6e6d 100644 --- a/src/stm/ao_boot_chain.c +++ b/src/stm/ao_boot_chain.c @@ -26,9 +26,11 @@ ao_boot_chain(uint32_t *base) sp = base[0]; pc = base[1]; - asm ("mov sp, %0" : : "r" (sp)); - asm ("mov lr, %0" : : "r" (pc)); - asm ("bx lr"); + if (0x08000100 <= pc && pc <= 0x08200000) { + asm ("mov sp, %0" : : "r" (sp)); + asm ("mov lr, %0" : : "r" (pc)); + asm ("bx lr"); + } } #define AO_BOOT_SIGNAL 0x5a5aa5a5 |