LPC 2xxx. Secondary boot. The purpose of a secondary bootloader is to rewrite the user program in flash with an input medium other than what is in the primary bootloader- which only the serial port for small LPC chips.
After reading, here’s how I think it is supposed to work:
At reset, the built-in NXP boostrap program runs (assuming P0.14 jumper is in place, JTAG disabled, and default Code protection bits).
It then decides there’s no boot process to do. It validates the existence of a user program in flash using some CRCing of the interrupt vectors or some such that I didn’t read completely. It then jumps to the user program.
For a secondary bootloader, it is the user program.
The secondary bootloader program by some means decides if there is need to reflash the real user program. If so, the secondary bootstrap erases the flash memory sectors (size is chip-dependent) and writes the new code, using the IAP functions in the primary bootloader area. This done, the secondary bootloader jumps to the new program.
I’ve studied the NXP example/app notes, and one C program I found that is a secondary boot using an SD card to hold the new code. The LPC chip I’m using doesn’t have enough unused flash or RAM to hold the to-be-flashed code.
What I don’t know:
Is there a way to lock down the flash sector(s) in which the secondary bootloader is located so they don’t accidentally get overwritten? I didn’t see such. The secondary boot must be, I think, in the lowest flash sector, address 0, so the primary boot will jump to it. If the secondary can fit in one sector, then the user application would start, normally, in the second sector. So sector 0 should not be erased but could be. I’m not worried about evil-doers or code theft.