-
Diving into JTAG — Security (Part 6)
The JTAG interface is an important tool for debugging and testing embedded systems, providing low-level access to the internal workings of microcontrollers and other integrated circuits. However, this powerful interface also presents significant security threats. In the sixth and final part of this Diving into JTAG article series, we will focus on security issues related to JTAG and the Debug Port.
-
Diving into JTAG — Usage Scenarios (Part 5)
In previous articles, we have considered the primary uses of JTAG, including debugging and testing boards in production. For firmware developers, the first - debugging - is the most common. In this article, I want to look at two uses of JTAG Boundary Scan, which are also common tasks for a firmware developer: board bring-up and reverse engineering.
-
Diving into JTAG — BSDL (Part 4)
In the previous article of this series, we briefly touched on how
.bsd
files written in Boundary Scan Description Language (BSDL) describe the structure of the boundary scan chain and the instruction set. In this article, we will examine this language’s syntax more closely before seeing how.bsd
files are leveraged in JTAG testing in the next article. -
Diving into JTAG — Boundary Scan (Part 3)
In the third installment of this JTAG deep dive series, we will talk in-depth about JTAG Boundary-Scan, a method used to test interconnects on PCBs and internal IC sub-blocks. It is defined in the IEEE 1149.1 standard. I recommend reading Part 1 & Part 2 of the series to get a good background on debugging with JTAG before jumping into this one!
-
Diving into JTAG — Debugging (Part 2)
In this second part of a JTAG deep-dive series, we take an in-depth look at interacting with a microcontroller’s memory and engaging with the processor core and debug registers. While the use of JTAG in testing is fairly standardized when it comes to debugging, each processor architecture has its unique nuances. With that in mind, this article will focus on debugging using JTAG on the ARM Cortex-M architecture, specifically with the STM32F407VG microcontroller.
-
Asynchronous Rust on Cortex-M Microcontrollers
In this article, we explore the inner workings of Futures, cooperative scheduling, and Async Rust executors, highlighting their significance in optimizing resource utilization. Moreover, we introduce the Rust Embassy project, an innovative framework designed to unlock the power of asynchronous programming on microcontrollers.
-
A Guide to Using ARM Stack Limit Registers
by Jon KurtzWe will explore using the MSP Limit and the PSP Limit Registers on the ARM Cortex-M33 architecture to detect stack overflows. We will walk through an implementation on the Renesas DA1469x and look at practical examples of detecting stack overflows. Additionally, we will look at supplementary options for scenarios that the MSPLIM and PSPLIM features fall short.
-
Introduction to ARM Semihosting
This post introduces semihosting and shows how to use it and integrate it into your own embedded projects.
-
ARM Cortex-M33 Instruction Tracing Without a Debugger
In this post we will explore how to perform instruction tracing without a debugger by using the ARM Cortex-M33 Micro Trace Buffer (MTB). We will walk through a few practical examples of how to configure the MTB with Dialog Semiconductor’s DA14695 MCU.
-
MCUboot Walkthrough and Porting Guide
In this article, we will explore the feature set of MCUboot and how it works. We will walk through step-by-step how to port it to a custom platform and test our port out on a Cortex-M based development board.
-
Faster Debugging with Watchpoints
In this post we will explore how to save time debugging by making the most of watchpoints. We will walk through a few classic use cases of watchpoints by debugging an example application with GDB. Then, we will dive into how watchpoints are implemented for ARM Cortex-M based MCUs with the Data Watchpoint & Trace (DWT) unit and explore some advanced features.
-
Step-through debugging with no debugger on Cortex-M
This week we explore how to debug running systems with ARM Cortex-M’s DebugMonitor exception handler. We cover how to configure the MCU to operate in this mode and walk through an example of installing breakpoints and single-stepping on a running device!
-
How do breakpoints even work?
In this article, we will discuss the basic types of breakpoints (hardware and software) and how they are utilized by the GNU Project Debugger, GDB. We will then explore how to configure hardware breakpoints on an ARM Cortex-M MCU using the Flash Patch and Breakpoint Unit (FPB) and examine a real-world configuration with an example application.
-
Profiling Firmware on Cortex-M
In this post, we explore different techniques that can be used to profile firmware applications running on ARM Cortex-M microcontrollers. To profile our Mandelbrot application on STM32, we start with a naive debugger-based sampling method, and eventually discover ITM, DWT cycle counters, and more!
-
Better Firmware with LLVM/Clang
In this article, I hope I can convince you that adding a Clang build target to your project can be a relatively simple and useful endeavor. We will cover how to take advantage of some of the rich features shipped with the toolchain and identify some memory leaks and mutex deadlocks in an example project at compile time! We will also walk through a step-by-step example of updating a GCC based ARM Cortex-M project to cross-compile with LLVM/Clang.
-
Cortex-M MCU Emulation with Renode
In this post, I walk through setting up the Renode emulator and running a firmware in it for STM32. Using that setup, we’ll debug our firmware, run it through integrated tests, and shorten the iteration cycle of development.
-
A Guide to Watchdog Timers for Embedded Systems
In this article we will discuss the last line of defense in embedded systems – watchdogs. We will walk through a step-by-step example of how to implement a watchdog subsystem, incorporating a “hardware” and “software” watchdog, and examine effective strategies for root causing the underlying problems leading to these hangs.
-
How to debug a HardFault on an ARM Cortex-M MCU
In this article, we explain how to debug faults on ARM Cortex-M based devices. In the process, we learn about fault registers, how to automate fault analysis, and figure out ways to recover from some faults without rebooting the MCU. We include practical examples, with a step by step walk-through on how to investigate them.
-
From Zero to main(): Bootstrapping libc with Newlib
In this post, we will add RedHat’s Newlib to our firmware and highlight some of its features. We will implement syscalls, learn about constructors, and finally print out “Hello, World”! We will also learn how to replace parts or all of the standard C library.
-
ARM Cortex-M RTOS Context Switching
In this article we will explore how context switching works on ARM Cortex-M MCUs. We will discuss how the hardware was designed to support this operation, features that impact the context switching implementation such as the Floating Point Unit (FPU), and common pitfalls seen when porting an RTOS to a platform. We will also walk through a practical example of analyzing the FreeRTOS context switcher,
xPortPendSVHandler
, utilizinggdb
to strengthen our understanding. -
A Practical guide to ARM Cortex-M Exception Handling
In this article we will dive into the details of how the ARM Cortex-M exception model supports the handling of asynchronous events. We will walk through different exception types supported, terminology (i.e. NVIC, ISR, Priority), the configuration registers used & common settings, advanced topics to be aware of regarding exceptions and a few examples written in C.
-
From Zero to main(): How to Write a Bootloader from Scratch
In this post, we will explain why you may want a bootloader, how to implement one, and cover a few advanced techniques you may use to make your bootloader more useful.
-
A Deep Dive into ARM Cortex-M Debug Interfaces
In this article we will walk up through the hardware and software stack that enables debugging on
ARM Cortex-M
devices, demystify what is actually happening and go through a step-by-step example, tracing a basic debugger operation end to end using a logic analyzer. -
Fix Bugs and Secure Firmware with the MPU
Many ARM MCUs implement an optional unit, known as the Memory Protection Unit (MPU), which lets you control how regions of memory are accessed. In this article, we will deep dive into the unit and walk through a few practical examples of how it can be used to prevent bad memory accesses and security exploits on Cortex-M devices.
-
From Zero to main(): Bare metal C
Throughout the Zero to main() series of posts, we demystify what happens between when power is applied and your main function is called. In the process, we’ll learn how to bootstrap a C environment, implement a bootloader, relocate code, and more!
-
Programming the ATSAMD21 with IBDAP
In the process of porting a blog post from the retired Arduino M0 Pro to Adafruit’s excellent Metro M0 Express, I ran into a few issues and scant amount of documentation. I’m writing this for the next poor soul wrestling with these systems.