Global Watchdog with bootloader and application

Tip / Sign in to post questions, reply, level up, and achieve exciting badges. Know more

cross mob
OmSa_4786791
Level 3
Level 3
25 sign-ins 10 replies posted 10 sign-ins

Hello,

I am using PSoC 4, and have a project in which I have a bootlaoder and an application.

I want to create a global watchdog that will work both for the bootloader and the application.

I want to start the watchdog inside the bootloader and continue feeding it from the application after it boots.

I want to start the watchdog from the bootloader in order to make sure that the application boots correctly, and in case of any error during the boot of the application I want there to be a reset (from the watchdog) that will garauntee that my system won't get stuck in an invalid state.

I tried creating such a watchdog, but every watchdog that I have created was local to its project (if I created it in the applicaiton it worked only there, and if I created it in the bootloader it stopped working once the application started).

Is there any way to create such a watchdog? If not, is there any other way to gaurantee that the application booted as expected (other than the static analysis of the application that the bootloader does)?

Any help will be greatly appreciated,

Omri

0 Likes
1 Solution
VenkataD_41
Moderator
Moderator
Moderator
750 replies posted 500 replies posted 250 solutions authored

Hello Omri,

I want to start the watchdog from the bootloader in order to make sure that the application boots correctly, and in case of any error during the boot of the application I want there to be a reset (from the watchdog) that will garauntee that my system won't get stuck in an invalid state.

Yes. You can implement watchdog timer for this. But it will be local to Bootloader project only.

Is there any way to create such a watchdog?

No. The implementation of Bootloader-Bootloadable in PSOC is such that both Bootloader and Bootloadable are treated as separate projects. So it is not possible to share peripheral resources between Bootloader and Bootloadable. Only metadata part of the Flash can be accessed by both the Bootloader and Application.

If not, is there any other way to gaurantee that the application booted as expected (other than the static analysis of the application that the bootloader does)?

If the Bootloader execution got stuck, you will get to know from the host side. In this case you will be receiving the NACKs for every command the host sends or atleast some error response/invalid data. Then the watchdog timer will anyway reset the device after timeout. Otherwise the Bootloader code is guaranteed to work properly without any issues.

Can you please tell us scenarios that the above check point is not useful?

Thanks

Ganesh

View solution in original post

2 Replies
VenkataD_41
Moderator
Moderator
Moderator
750 replies posted 500 replies posted 250 solutions authored

Hello Omri,

I want to start the watchdog from the bootloader in order to make sure that the application boots correctly, and in case of any error during the boot of the application I want there to be a reset (from the watchdog) that will garauntee that my system won't get stuck in an invalid state.

Yes. You can implement watchdog timer for this. But it will be local to Bootloader project only.

Is there any way to create such a watchdog?

No. The implementation of Bootloader-Bootloadable in PSOC is such that both Bootloader and Bootloadable are treated as separate projects. So it is not possible to share peripheral resources between Bootloader and Bootloadable. Only metadata part of the Flash can be accessed by both the Bootloader and Application.

If not, is there any other way to gaurantee that the application booted as expected (other than the static analysis of the application that the bootloader does)?

If the Bootloader execution got stuck, you will get to know from the host side. In this case you will be receiving the NACKs for every command the host sends or atleast some error response/invalid data. Then the watchdog timer will anyway reset the device after timeout. Otherwise the Bootloader code is guaranteed to work properly without any issues.

Can you please tell us scenarios that the above check point is not useful?

Thanks

Ganesh

Hi Ganesh,

First of all, thank you very much for your informative answer. It clears a lot of things for me.

Can you please tell us scenarios that the above check point is not useful?

The scenario that I am still not sure about is the case that I have a valid bootloader, but an invalid application. In this case, the code might get stuck when running the application itself.

The case that I am thinking about is that the bootloader got a new (invalid) application, and wrote it to the flash of the device. After the bootloader will the update, it will run the application, which will get stuck. If the application already sets up the watchdog this is not a problem, since the watchdog will the device. However, if the application that I got from the network can't even set up the watchdog, I am afraid that my system will get stuck and won't be able to reset itself back to the bootloader.

Thanks,

Omri

0 Likes