When it comes to STM32's FLSAH, our first reaction is that it is used to install programs. In fact, STM32's on-chip FLASH is not only used to install programs, but also to install chip configuration, chip ID, bootloader, etc. Of course, FLASH can also be used to store data. I have read a lot of information and other people's experience, and I would like to share it with you. FLASH classification According to the purpose, the FLASH in the STM32 chip is divided into two parts: main storage block and information block. The main storage block is used to store programs. The programs we write are generally stored here. The information block is divided into two parts: system memory and option bytes. The system memory storage is used to store the startup program (BootLoader) in the system memory boot mode. When the program is loaded using the ISP method, it is executed by this program. This area is written to the BootLoader by the chip manufacturer and then locked. Users cannot change this area. The option byte stores the chip configuration information and the protection information for the main storage block. FLASH pages The FLASH main storage block of STM32 is organized by page. Some products have 1KB per page, and some products have 2KB per page. The typical use of pages is to erase FLASH by page. From this point of view, pages are a bit like sectors of general FLASH. Classification of STM32 products STM32 is divided into four categories of products: small capacity, medium capacity, large capacity, and interconnected according to the capacity and page of the FLASH main storage block and the system memory. The main storage block of small capacity products is 1-32KB, 1KB per page. The system memory is 2KB. The main storage block of medium capacity products is 64-128KB, 1KB per page. The system memory is 2KB. The main storage block of large capacity products is more than 256KB, 2KB per page. The system memory is 2KB. The main memory block of interconnected products is more than 256KB, 2KB per page. The system memory is 18KB. For which category a specific product belongs to, you can check the data sheet, or distinguish it according to the following simple rules: STM32F101xx, STM32F102xx, STM32F103xx products, according to their main memory block capacity, must be one of the small capacity, medium capacity, and large capacity products. STM32F105xx and STM32F107xx are interconnected products. The difference between interconnected products and the other three categories is the difference in BootLoader. The BootLoader of small, medium, and large capacity products is only 2KB, and can only perform ISP through USART1, while the BootLoader of interconnected products is 18KB, and can perform ISP through USAT1, 4, CAN and other methods. The BootLoader of small capacity products and medium capacity products is the same as that of large capacity products. About ISP and IAP ISP (In System Programming) refers to programming the chip directly on the target circuit board, which generally requires a bootloader to execute. ISP is also called ICP (In Circuit Programming), in-circuit programming, and online programming. IAP (In Application Programming) refers to programming the user program part by the end user during use after the final product leaves the factory to achieve online upgrades. IAP requires that the program be divided into two parts: the boot program and the user program. The boot program is always unchanged. IAP is also called in-program programming. The difference between ISP and IAP is that ISP generally reprograms the entire chip, using the boot program of the chip manufacturer. IAP only updates part of the program, using the IAP boot program developed by the electrical appliance manufacturer. Overall, ISP is subject to more restrictions, while IAP is easier to operate when changing programs because it is a self-developed program. FPEC FPEC (FLASH Program/Erase controller), STM32 erases and programs FLASH through FPEC. FPEC uses 7 registers to operate flash memory: FPEC key register (FLASH_KEYR) Write key value to unlock. Option byte key register (FLASH_OPTKEYR) Write key value to unlock option byte operation. Flash control register (FLASH_CR) Select and start flash memory operation. Flash status register (FLASH_SR) Query flash memory operation status. Flash address register (FLASH_AR) Stores flash memory operation address. Option byte register (FLASH_OBR) Image of main data in option byte. Write protection register (FLASH_WRPR) Image of write protection byte in option byte. Key value In order to enhance security, when performing an operation, a specific value needs to be written to a certain location to verify whether it is a safe operation. These values are called key values. STM32's FLASH has three key values: RDPRT key = 0x000000A5 is used to release read protection KEY1 = 0x45670123 is used to release flash lock KEY2 = 0xCDEF89AB is used to release flash lock Flash lock In FLASH_CR, there is a LOCK bit. When this bit is 1, the FLASH_CR register cannot be written, and thus the FLASH cannot be erased and programmed. This is called flash lock. When the LOCK bit is 1, the flash lock is valid. Only after KEY1 and KEY2 are written to FLASH_KEYR in sequence, the LOCK bit will be cleared by hardware to release the flash lock. When the LOCK bit is 1, any erroneous write operation to FLASH_KEYR (the first write is not KEY1, or the second write is not KEY2) will cause the flash lock to be completely locked. Once the flash lock is completely locked, it cannot be unlocked before the next reset. Only after reset, the flash lock will return to the normal locked state. After reset, the LOCK bit defaults to 1, and the flash lock is valid. At this time, it can be unlocked. After unlocking, the FLASH can be erased and programmed. At any time, the software can be locked by setting the LOCK bit to 1. Software locking is the same as reset locking, and both can be unlocked. Erasing the main storage block The main storage block can be erased by page or as a whole. Page erase Any page of the main storage block can be erased by the page erase function of FPEC. It is recommended to use the following steps to erase the page: 1. Check the BSY bit of the FLASH_SR register. 2. Set the PER bit in the FLASH_CR register to 1. Select the page erase operation. 3. Set the FLASH_AR register to the address of the page to be erased and select the page to be erased. The page range in which the FLASH_AR value is located indicates which page to be erased. 4. Set the STRT bit of the FLASH_CR register to 1 to start the erase operation. 5. Wait for the BSY bit of the FLASH_SR register to change to 0, indicating that the operation is complete. 6. Query the EOP bit of the FLASH_SR register. When EOP is 1, it indicates that the operation is successful. 7. Read the erased page and verify it. After erasing, all data bits are 1. Whole chip erase The whole chip erase function erases the entire main storage block. The information block is not affected by this operation. It is recommended to use the following steps to perform a whole chip erase: 1. 1. Check the BSY bit of the FLASH_SR register to confirm that there are no other flash operations in progress. 2. Set the MER bit of the FLASH_CR register to 1. Select the full-chip erase operation. 3. Set the STRT bit of the FLASH_CR register to 1. Start the full-chip erase operation. 4. Wait for the BSY bit of the FLASH_SR register to become 0, indicating that the operation is complete. 5. Query the EOP bit of the FLASH_SR register. When EOP is 1, it indicates that the operation is successful. 6. Read out all pages and verify. After the erase, all data bits are 1. Programming of the main storage block 16 bits can be written at a time when programming the main storage block. When the PG bit of the FLASH_CR register is 1, writing a half word (16 bits) to a flash address will start a programming operation; writing any non-half word data will cause a bus error to occur in the FPEC. During the programming process (when the BSY bit is 1), any operation to read or write the flash memory will cause the CPU to pause until the flash programming is completed. It is recommended to use the following steps to program the main storage block: 1. Check the BSY bit of the FLASH_SR register to confirm that there are no other programming operations in progress. 2. Set the PG bit of the FLASH_CR register to 1. Select the programming operation. 3. Write the half word to be programmed at the specified address. Write directly with a pointer. 4. Wait for the BSY bit of the FLASH_SR register to become 0, indicating that the operation is complete. 5. Query the EOP bit of the FLASH_SR register. When EOP is 1, it indicates that the operation is successful. 6. Read the written address and verify the data. Some questions about the main storage block erase and program operation 1. Why do you need to check whether the BSY bit is 0 every time? Because when the BSY bit is 1, you cannot perform a write operation on any FPEC register, so you must wait until the BSY bit is 0 before you can perform a flash operation. 2. What will happen if you program without erasing? Before performing a programming operation, the STM32 will first check whether the address to be programmed is erased. If not, it will not program and set the PGERR bit of the FLASH_SR register to 1. The only exception is that when the data to be programmed is 0X0000, it will be programmed even if it is not erased, because 0X0000 can be programmed correctly even if it is erased. 3. Why do you need to read the data and verify it after the operation? In some special cases (such as FPEC is locked), STM32 may not perform the required operation at all, and it is impossible to determine whether the operation is successful only through the register. Therefore, to be on the safe side, all data should be read out and checked after the operation. 4. How long is the appropriate time to wait for the BSY bit to be 1? Please refer to the data in the STM32 firmware library. 5. The FLASH programming manual says that when performing flash operations (erasing or programming), the internal RC oscillator (HSI) must be turned on. Is it necessary to use HIS for flash erasing and programming operations? Regarding this point, my understanding is that when performing flash operations, it is necessary to ensure that HIS is not turned off, but the system can still use HSE clock during operation. After the STM32 is reset, HIS is turned on by default. As long as you do not actively turn it off for low power consumption, you can use any clock to perform flash operations. The program I wrote also verified this point. Option Bytes Option bytes are used to store chip user configuration information. Currently, all STM32101xx, STM32102xx, STM32103xx, STM32105xx, and STM32107xx products have 16-byte option bytes. However, of these 16 bytes, every two bytes form a positive and negative code, that is, byte 1 is the inverse code of byte 0, byte 3 is the inverse code of byte 2, ..., byte 15 is the inverse code of byte 14, so the chip user only needs to set 8 bytes, and the other 8 bytes are automatically filled with the inverse code by the system. Therefore, sometimes, it is also said that the option bytes of STM32 are 8 bytes, but they occupy 16 bytes of space. The 8-byte positive code of the option bytes is summarized as follows: RDP byte 0. Read protection byte, which stores the read protection settings for the main storage block. USER byte 2. User byte, configures watchdog, shutdown, and standby. Data0 Byte 4. Data byte 0, freely used by chip users. Data1 Byte 6. Data byte 1, freely used by chip users. WRP0 Byte 8. Write protection byte 0, stores the write protection setting for the main storage block. WRP1 Byte 10. Write protection byte 1, stores the write protection setting for the main storage block. WRP2 Byte 12. Write protection byte 2, stores the write protection setting for the main storage block. WRP3 Byte 14. Write protection byte 3, stores the write protection setting for the main storage block. Option Byte Write Enable In FLASH_CR, there is an OPTWRE bit. When this bit is 0, option byte operations (erase, program) are not allowed. This is called option byte write enable. Only when this bit is 1 can option byte operations be performed. This bit cannot be set to 1 by software, but can be cleared by software. Only after writing KEY1 and KEY2 to FLASH_OPTKEYR in sequence, the hardware will automatically set this position to 1, and then option byte operations are allowed. This is called unlocking (opening) option byte write enable. After this bit is 1, it can be cleared by software to turn off write enable. After reset, this bit is 0. Incorrect operation will not turn off write enable forever. As long as the correct key sequence is written, write enable can be turned on again. When write enable is already turned on, it will not make any mistakes and it will still be turned on. Obviously, before performing option byte operations, you must first unlock the flash memory lock and then turn on the option byte write enable. After that, option byte operations can be performed. Option Byte Erase It is recommended to use the following steps to erase the option bytes: 1. Check the BSY bit of the FLASH_SR register to confirm that there are no other flash operations in progress. 2. Unlock the OPTWRE bit of the FLASH_CR register, that is, turn on the write enable. 3. Set the OPTER bit of the FLASH_CR register to 1. Select the option byte erase operation. 4. Set the STRT bit of the FLASH_CR register to 1. 5. Wait for the BSY bit of the FLASH_SR register to change to 0, indicating that the operation is complete. 6. Query the EOP bit of the FLASH_SR register. When EOP is 1, it indicates that the operation is successful. 7. Read out the option byte and verify the data. Since the option byte is only 16 bytes, the entire option byte is erased during erasure. Option Byte Programming It is recommended to use the following steps to program the option byte: 1. Check the BSY bit of the FLASH_SR register to confirm that there is no other programming operation in progress. 2. Unlock the OPTWRE bit of the FLASH_CR register. That is, turn on write enable. 3. Set the OPTPG bit of the FLASH_CR register to 1. Select the programming operation. 4. Write the half word to be programmed to the specified address. Start the programming operation. 5. Wait for the BSY bit of the FLASH_SR register to become 0, indicating that the operation is complete. 6. Query the EOP bit of the FLASH_SR register. When EOP is 1, it means that the operation is successful. 7. Read the written option byte and verify the data. When programming the option byte, FPEC uses the low byte in the half word and automatically calculates the high byte (the high byte is the inverse of the low byte) and starts the programming operation, which will ensure that the option byte and its inverse are always correct. Protection of the main storage block The data in the main storage block can be read protected and write protected. Read protection is used to protect data from being illegally read out. Prevent program leakage. Write protection is used to protect data from being illegally rewritten and enhance the robustness of the program. Read protection After the main storage block starts read protection, it has the following characteristics in short: 1. The program started from the main storage block can perform read operations on the entire main storage block, and the first 4KB of the main storage block is not allowed to be erased and programmed. The area after 4KB can be erased and programmed. 2. The program started from SRAM cannot read, page erase, or program the main storage block, but can perform the whole chip erase operation of the main storage block. 3. The main storage block cannot be accessed using the debug interface. These characteristics are sufficient to prevent the illegal reading of main memory data and ensure the normal operation of the program. The read protection is turned off only when the value of the RDP option byte is the RDPRT key value, otherwise, the read protection is enabled. Therefore, the operation of erasing the option byte will enable the read protection of the main storage block. If you want to turn off the read protection, you must program the RDP option byte to the RDPRT key value. In addition, if you program the option byte to change the RDP from a non-key value to a key value (that is, from protected to non-protected), the STM32 will first erase the entire main storage block and then program the RDP. When the chip leaves the factory, the RDP will be written with the RDPRT key value in advance to turn off the write protection function. Write protection The STM32 main storage block can be write-protected in different domains. If you try to erase or program a write-protected domain, a write protection error flag will be returned in the flash status register (FLASH_SR). Each domain of the STM32 main storage block is 4KB, and each bit in the WRP0-WRP3 option byte corresponds to a domain. When the bit is 0, the write protection is valid. For products with more than 128KB, WRP3.15 protects domains 31 and beyond. Obviously, erasing the option byte will result in the release of the write protection of the main memory block. Option byte and its register image We know that FPEC has two registers that store the image of the option byte. So, what is the difference between the option byte body (in FLASH) and the image (in the register)? The option byte body is just a FLASH. Its function is only to store the content of the option byte when the power is off. What really works is the image in the register. That is, whether a configuration is valid or not depends not on the body but on the image. The image is loaded with the value of the body after reset. After that, unless reset, the image will not change. Therefore, after changing the data of the body, it will not take effect immediately. It will only take effect after reset and loading into the image. One thing to note is that when changing the value of the body to make the main memory block read protection become unprotected, the entire main memory block will be erased first, and then the body will be changed. This is the only action that will be triggered by changing the body. But even so, the read protection will not be released until after reset and after loading the image. Several errors in the Chinese version of the FLASH programming manual (not necessarily, but inconsistent with my understanding) 1. In the section on option byte programming: After unlocking FPEC, KEY1 and KEY2 must be written separately (see 2.3.1) to the FLASH_OPTKEYR register, and then set the OPTWRE bit of the FLASH_CR register to '1', then the option bytes can be programmed In fact, after writing KEY1 and KEY2 to FLASH_OPTKEYR, the OPTWRE bit will be set to 1 by hardware, rather than by software. This can also be verified in the following register description. 2. In the description of read protection: The value pair for read protection is incomprehensible. The correct statement should be that when RDP is the RDPRT key value, the read protection is released, and when it is other values, the read protection is effective. After reading for a long time, it turns out that it can be solved with just a few sentences. Of course, other functions are not considered, just simple read and write operations. The write operation is as follows: FLASH_Unlock(); //Unlock the FLASH programming and erasing controller FLASH_ClearFlag(FLASH_FLAG_BSY|FLASH_FLAG_EOP|FLASH_FLAG_PGERR|FLASH_FLAG_WRPRTERR);//Clear flag /********************************************************************************* // FLASH_FLAG_BSY FLASH busy flag // FLASH_FLAG_EOP FLASH operation end flag // FLASH_FLAG_PGERR FLASH write error flag // FLASH_FLAG_WRPRTERR FLASH page write protection error flag ******************************************************************************/ FLASH_ErasePage(FLASH_START_ADDR); //Erase the specified address page FLASH_ProgramHalfWord(FLASH_START_ADDR+(addr+i)*2,dat); //Start writing from address addr of the specified page FLASH_ClearFlag(FLASH_FLAG_BSY|FLASH_FLAG_EOP|FLASH_FLAG_PGERR|FLASH_FLAG_WRPRTERR);//Clear flag FLASH_Lock(); //Lock the FLASH programming and erasing controller From the above, we can see that the basic sequence is: unlock -> clear flag (optional) -> erase -> write half word -> clear flag (optional) -> lock. Among them, FLASH_START_ADDR is the macro definition of 0x8000000+2048*255, 0x8000000 is the starting address of Flash, 2048 is because I use a large-capacity chip. According to the Flash address in the previous note, it can be seen that the chip has a capacity of 2K per page, that is, 2048 bytes. 255 represents the last page of the chip, which depends on different chips. The reason for writing from the back page can prevent the stored data from damaging the user program. addr*2 is because each data occupies 2 bytes (half word). Although 1 byte of data is written, the programming is in units of 2 bytes, which means that one byte of data will also occupy two bytes of address. The read operation is as follows: u16 value; value = *(u16*)(FLASH_START_ADDR+(addr*2)); //Start reading from the addr address of the specified page
提升卡
变色卡
千斤顶
京公网安备 11010802033920号
