General Hydrogen Corporation


High Robustness Bootloader for x86 Platform





Progress Report 2

June 26, 2003





Darryl Gamroth 0123949

CEng 499A Project


University of Victoria supervisor:

Dr. Daler Rakhmatov

Industry supervisor:

Henrik Christiensen


1        Introduction


1.1    Purpose

The purpose of this document is to describe the progress that has been made to date for the boot loader.


1.2    Scope

The finished product shall start an embedded controller from the off state and provide the following services:

  • Basic system initialization
  • Method to load new software
  • Validate installed software image
  • Provide a minimal user interface


Is must be able to do this while maintaining the system in a safe state.


1.3    Definitions


Common abbreviation for the Intel 80x86 (such as 80386, 80486) family of processors. The 80x86 is the processor family used in the Windows based personal computer


Acronym for Basic Input/Output System.BIOS is the name for the common firmware present on the PC.


Acronym for Cyclic Redundancy Check, a technique which calculates a sum over a specified region in memory used to check for errors.

FLASH memory

A form of non-volatile memory used to store program information.


Acronym for Joint Test Action Group, a term commonly used to describe the IEEE STD 1149.1 boundary scan test bus.It can be used for in-circuit test of a system.


The MD5 (Message Digest number 5) algorithm generate a unique, 128-bit cryptographic message digest value derived from the contents of input stream.


A program which provides hardware virtualization to be able to run multiple operating systems under a host operating system.


1.4    Overview

Section 2 describes the progress made to date with some background how the project problem is being solved.Section 3 has an updated timeline for the completion of this project.


2        Progress Description

Progress has been made on three technical aspects of the project:


2.1    System Initialization


The system initialization code has not come as far forward as it should have in the month of June.Due to problems with the development platform (a Technologic Systems TS-5400) most of the low level system initialization functions have not been tested.Any portion of the code that could be tested using an off the shelf PC was tested using VMWare.


A site visit to General Hydrogen provided the tools necessary to get the development platform back to a working state and work is being currently being conducted getting the system initialization completed.


2.2    Program Signing

To address security of the software in the system a method has to be devised to ensure the integrity of the software being downloaded onto the board before it is written to FLASH memory.Commonly a 32 bit CRC is used to create a checksum, unfortunately it is possible for CRC to fail, especially for a long data stream where multiple errors together could still generate the same CRC.To alleviate this problem the MD5 message digest is used to protect the data.


A valid program image has the following header attached to it for downloading:

  • magic number
  • header digest
  • size
  • load address
  • entry point address
  • data digest
  • operating system
  • CPU architecture
  • image type
  • compression used
  • name


Both the header and the data are protected by a unique 128 bit MD5 digest; if either is corrupted the program will fail to program into FLASH memory.The magic number is used by the boot loader to detect the type of file being sent (e.g., ELF for an Executable and Linking Format, or S0 for a Motorola S-Record file)


Extra functionality exists in the case of multiple CPU architectures being used in the future to prevent accidental programming of erroneous code.


2.3    JTAG Controller


Initially programming and debugging of the target was to be conducted using a MacRaigor Wiggler JTAG debugger.Although low cost and supported by multiple programs, the Wiggler is not a satisfactory tool for programming the targetís FLASH memory.Benchmarking the Wiggler, it takes approximately 7 minutes to read 128KiB from the targetís FLASH memory.Due to the added overhead of FLASH programming it is expected to take over 30 minutes to write to the FLASH memory.As this is unacceptable, research was conducted into designing a new high speed JTAG controller.


It was decided that a TI SN74LVT8980A IEEE STD 1149.1 (JTAG) TAP master would provide a suitable high speed interface.JTAG works by providing a clocked synchronous serial interface to the input/output registers of the microcontroller.In the case of the Wiggler, software on the PC manually clocks the data which is both time consuming and wasteful use of the PC bus.The SN74LVT8980A frees the PC by providing a parallel to serial/serial to parallel interface up to 20MHz.The result of this will reduce programming time to seconds.


Figure 1 JTAG Controller


3        Timeline


As device signing has been already completed Julyís timeline has been changed:



  • Complete initialization
  • Test JTAG controller
  • Design review
  • Final testing
  • Final report