Firmware Update and Boot Loader
Modern flash-based micro-controller-based products can have a firmware architecture that allows their firmware to be updated after the product has shipped. This can be done to add features to a product, to address bugs, or to provide some type of special product customization for the end-user.
A Boot Loader is an important part of any Field Firmware Update scheme. While it is possible to have a single running firmware image basically update itself while running, this is rarely safe and, in the event of a power failure or the end-user unplugging the device at the wrong time, can result in a “bricked” device.
In order to provide a reliable scheme, and one that can recover from errors, a Boot Loader is a very good idea.
A Boot Loader is basically a small firmware program that runs on the flash-based device, in addition to the main “production” firmware program. The general idea is that the Boot Loader is installed at the factory and never changes, while the Boot Loader facilitates the field update of the production firmware and, just as important, helps guard against a firmware update failure that could render the device unusable.
Consider what could go wrong in the update process for new device firmware:
- The update process could be interrupted before it is finished, leaving the device with half-updated firmware
- The update image could have been corrupted such that when loaded to the device, it no longer runs.
- A subtle bug might have been introduced into the new firmware such that, even though the update itself isn’t corrupted, it doesn’t run correctly and needs to be replaced, or even reversed so that the original firmware is re-installed.