Update README.md

Adapt code to UHK HW and FW (bl_main.c and shutdown_cleanup.c)
Change vector reset configuration (MK22F51212/src/startup/gcc/startup_MK22F51212.S)
Adapt peripheral configuration and start address of UHK (bootloader_config.h)
Adapt clock configuration to make it compatible with UHK.
Added binaries to test the bootloader.

README.md

@@ -1,3 +1,25 @@
 # Ultimate Hacking Keyboard bootloader
 
 This repository contains the bootloader of the [Ultimate Hacking Keyboard](https://ultimatehackingkeyboard.com/) based on [NXP Kinetis Bootloader](http://www.nxp.com/products/microcontrollers-and-processors/arm-processors/kinetis-cortex-m-mcus/kinetis-symbols-footprints-and-models/kinetis-bootloader:KBOOT) v2.0
+
+The project actually being modified is in KBOOT\targets\MK22F51212\. 
+
+To test the bootloader a binary properly configured has been added to the root folder of this repository. This binary is based on the UHK_Right Firmware project. 
+To understand these modifications and apply them to the current version of the UHK Right firmware, follow the procedure in "Adapting UHK Project to KBOOT.docx" (Work in progress...)
+
+******* FEATURES *******
+
+This bootloader is a fully functional porting of KBOOT 2.0. It supports the full command set from KBOOT 2.0 and the device can be controlled and erased/programmed easily using
+the blhost.exe tool provided by NXP and included in this repository. A GUI with a reduced set of features has also been created for Windows (KinetisFlashTool.exe).
+
+Key features:
+
+ - Communication through HID with any PC without the need of an additional driver.
+ - Automatic timeout and jump to user application without any action from the user.
+ - If no valid application is present, Bootloader will keep waiting for a communication through the HID USB port.
+ - Every command sent to the BL includes a validation process inside the MCU to avoid any error in the communication.
+ - The memory area of the BL is protected, so even if the update fails, user just needs to do a Power on Reset (Plug and Unplug the Keyboard) in order to launch the bootloader again.
+ 
+ Features to be added:
+ - Additional layer of security. Bootloader will not allow any kind of update until a PIN sequence has been introduced.
+ 

src/bootloader/src/bl_main.c

@@ -28,6 +28,8 @@
  * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  */
 
+/* SGF Original KBOOT file modified */
+
 #include <stdbool.h>
 #include "utilities/fsl_assert.h"
 #include "bootloader/bl_context.h"
@@ -65,6 +67,7 @@
 static const char *get_peripheral_name(uint32_t peripheralTypeMask);
 #endif
 
+
 #if !BL_FEATURE_TIMEOUT
 static void get_user_application_entry(uint32_t *appEntry, uint32_t *appStack);
 static void jump_to_application(uint32_t applicationAddress, uint32_t stackPointer);
@@ -196,6 +199,7 @@ static void jump_to_application(uint32_t applicationAddress, uint32_t stackPoint
     __set_MSP(s_stackPointer);
     __set_PSP(s_stackPointer);
 
+   // while (1); /* SGF REMOVE */
     // Jump to the application.
     farewellBootloader();
     // Dummy fcuntion call, should never go to this fcuntion call
@@ -305,10 +309,7 @@ static peripheral_descriptor_t const *get_active_peripheral(void)
 
 #if !BL_FEATURE_TIMEOUT
     uint64_t lastTicks = 0;    // Value of our last recorded ticks second marker
-    uint64_t timeoutTicks = 0; // The number of ticks we will wait for timeout, 0 means no timeout
-#if BL_FEATURE_POWERDOWN
-    bool shortTimeout = false;
-#endif
+    uint64_t timeoutTicks = 120000000; // SGF Add timeout to make the bootloader Jump to application after some time. 0 means no timeout.
     const uint64_t ticksPerMillisecond = microseconds_convert_to_ticks(1000);
 
     // Get the user application entry point and stack pointer.
@@ -320,7 +321,7 @@ static peripheral_descriptor_t const *get_active_peripheral(void)
     {
         if (is_direct_boot())
         {
-            jump_to_application(applicationAddress, stackPointer);
+            //jump_to_application(applicationAddress, stackPointer);
         }
 
         // Calculate how many ticks we need to wait based on the bootloader config. Check to see if
@@ -339,17 +340,7 @@ static peripheral_descriptor_t const *get_active_peripheral(void)
 
         // save how many ticks we're currently at before the detection loop starts
         lastTicks = microseconds_get_ticks();
-#if BL_FEATURE_POWERDOWN
-        shortTimeout = true;
-#endif
     }
-#if BL_FEATURE_POWERDOWN
-    else
-    {
-        timeoutTicks = BL_DEFAULT_POWERDOWN_TIMEOUT * ticksPerMillisecond;
-        lastTicks = microseconds_get_ticks();
-    }
-#endif
 #endif // !BL_FEATURE_TIMEOUT
 
     // Wait for a peripheral to become active
@@ -367,28 +358,10 @@ static peripheral_descriptor_t const *get_active_peripheral(void)
             // Check if the elapsed time is longer than the timeout.
             if (elapsedTicks >= timeoutTicks)
             {
-#if BL_FEATURE_POWERDOWN
-                if (shortTimeout)
-                {
-#endif
                     // In the case of the typical peripheral timeout, jump to the user application.
-                    jump_to_application(applicationAddress, stackPointer);
-#if BL_FEATURE_POWERDOWN
-                }
-                else
-                {
-                    // Make sure a timeout value has been defined before shutting down.
-                    if (BL_DEFAULT_POWERDOWN_TIMEOUT)
-                    {
-                        // Shut down the bootloader and return to reset-type state prior to low
-                        // power entry
-                        shutdown_cleanup(kShutdownType_Shutdown);
-
-                        // Enter VLLS1 low power mode
-                        enter_vlls1();
-                    }
-                }
-#endif
+            	if (is_application_ready_for_executing(applicationAddress)) {
+            		jump_to_application(applicationAddress, stackPointer);
+            	}
             }
         }
 #endif // !BL_FEATURE_TIMEOUT

src/bootloader/src/bl_shutdown_cleanup.c

@@ -27,6 +27,9 @@
  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
  * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  */
+
+/* SGF Original KBOOT file modified */
+
 #if !defined(BOOTLOADER_HOST)
 #include "fsl_device_registers.h"
 #include "utilities/fsl_rtos_abstraction.h"
@@ -96,7 +99,7 @@ void shutdown_cleanup(shutdown_type_t shutdown)
         SCB->VTOR = kDefaultVectorTableAddress;
 
         // Restore clock to default before leaving bootloader.
-        configure_clocks(kClockOption_ExitBootloader);
+        //configure_clocks(kClockOption_ExitBootloader); 	// SGF We have disabled this call in order to reach the UHK FW with a valid Clock Config.
 
         // De-initialize hardware such as disabling port clock gate
         deinit_hardware();

targets/MK22F51212/src/bootloader_config.h

@@ -30,6 +30,8 @@
 #ifndef __BOOTLOADER_CONFIG_H__
 #define __BOOTLOADER_CONFIG_H__
 
+/* SGF Original KBOOT file modified */
+
 ////////////////////////////////////////////////////////////////////////////////
 // Definitions
 ////////////////////////////////////////////////////////////////////////////////
@@ -42,21 +44,21 @@
 //@{
 
 #if !defined(BL_CONFIG_SCUART)
-#define BL_CONFIG_SCUART (1)
+#define BL_CONFIG_SCUART (0)
 #endif
 #if !defined(BL_CONFIG_I2C)
-#define BL_CONFIG_I2C (1)
+#define BL_CONFIG_I2C (0)
 #endif
 #if !defined(BL_CONFIG_DSPI)
-#define BL_CONFIG_DSPI (1)
+#define BL_CONFIG_DSPI (0)
 #endif
 #if !defined(BL_CONFIG_USB_HID)
 #define BL_CONFIG_USB_HID (1)
 #endif
 #if !defined(BL_CONFIG_USB_MSC)
-#define BL_CONFIG_USB_MSC (1)
+#define BL_CONFIG_USB_MSC (0)
 #endif
-
+#define BL_TARGET_FLASH (1)
 //@}
 
 #if !defined(BL_TARGET_FLASH) && !defined(BL_TARGET_RAM)
@@ -101,7 +103,7 @@
 
 // The bootloader will check this address for the application vector table upon startup.
 #if !defined(BL_APP_VECTOR_TABLE_ADDRESS)
-#define BL_APP_VECTOR_TABLE_ADDRESS 0xa000
+#define BL_APP_VECTOR_TABLE_ADDRESS 0xc000 /* SGF Change vector table entry point for application*/
 #endif
 
 /* Serial Port Info */

targets/MK22F51212/src/clock_config_K22F512.c

@@ -28,6 +28,8 @@
  * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  */
 
+/* SGF Original KBOOT file modified */
+
 #include "bootloader_common.h"
 #include "bootloader/bl_context.h"
 #include "property/property.h"
@@ -177,6 +179,11 @@ void configure_clocks(bootloader_clock_option_t option)
 
         // Restore clock divider
         SIM->CLKDIV1 = s_defaultClockDivider;
+
+        //SGF fix the issue when jumping to UHK app
+        SIM->SOPT1 = 0x80000000;  // Just restoring the value out of reset.
+        SIM->SOPT2 = 0x00001000; // Just restoring the value out of reset.
+        //end SGF
     }
 
 #endif // BL_TARGET_FLASH

targets/MK22F51212/src/startup/gcc/startup_MK22F51212.S

@@ -37,6 +37,9 @@
 /*****************************************************************************/
 /* Version: GCC for ARM Embedded Processors                                  */
 /*****************************************************************************/
+
+/* SGF Original KBOOT file modified */
+
     .syntax unified
     .arch armv7-m
 
@@ -289,21 +292,26 @@ __isr_vector:
     
 #ifdef BL_HAS_BOOTLOADER_CONFIG
 
+/* SGF  Take into account that this isnt having any effect. The BL config that will be used in runtime is stored in the application that will be programmed
+		by the bootloader. The real BCA (BL config area) will be stored at 0xc3c0. This gives the advantage that we can customize the behavior of the BL in
+		the future by just updating this area in the new binary of UHK_Right that will be programmed via the bootloader.
+*/
 //__bootloaderConfigurationArea ; 0x3c0
 //    .long     'kcfg'        // [00:03] tag - Tag value used to validate the bootloader configuration data. Must be set to 'kcfg'
-        .long     0x6766636b
+        .long     0x6766636b /* Be aware of endianness SGF */
         .long     0xFFFFFFFF    // [04:07] crcStartAddress
         .long     0xFFFFFFFF    // [08:0b] crcByteCount
         .long     0xFFFFFFFF    // [0c:0f] crcExpectedValue
-        .byte     0xFF          // [10:10] enabledPeripherals
+        .byte     0x10          // [10:10] enabledPeripherals /* SGF Bit 4 corresponds to USB HID */
         .byte     0xFF          // [11:11] i2cSlaveAddress
         .short    5000          // [12:13] peripheralDetectionTimeoutMs - Timeout in milliseconds for peripheral detection before jumping to application code
-        .short     0xFFFF       // [14:15] usbVid
-        .short     0xFFFF       // [16:17] usbPid
+        .short    0xFFFF       // [14:15] usbVid
+        .short    0xFFFF       // [16:17] usbPid
         .long     0xFFFFFFFF    // [18:1b] usbStringsPointer
-        .byte     0xFF          // [1c:1c] clockFlags - High Speed and other clock options
+        .byte     0x00          // [1c:1c] clockFlags - High Speed and other clock options /* SGF Set to 0 to enable 48 MHz CLK and USB HID */
         .byte     0xFF          // [1d:1d] clockDivider - One's complement of clock divider, zero divider is divide by 1
-        .short     0xFFFF        // [1e:1f] reserved
+        .byte     0xFF			// [1e] SGF Direct boot in 1's complement. FE means direct boot enabled.
+        .byte 	  0xFF          // [1f] reserved
         // Fill to align with flash configuration field.
         .long     0xFFFFFFFF
         .long     0xFFFFFFFF
@@ -335,7 +343,7 @@ __isr_vector:
 
     .size    __isr_vector, . - __isr_vector
 
-/* Flash Configuration */
+/* Flash Configuration */ /* SGF TODO add Flash protection for the Bootloader sectors. */
     .section .FlashConfig, "a"
     .long 0xFFFFFFFF
     .long 0xFFFFFFFF