Additional data present in flash after last loaded

2019-08-30 01:43发布

问题:

I have a STM32 project which involves a bootloader. The bootloader CRCs the entire application region of flash and then compares this value against a firmware header stored just after the application image region in flash.

I wrote a python script which runs after the binary is built. The script takes the elf file resulting from the build, and loads each section into a "virtual flash" image, which represents what should be exactly what is present on the mcu after the elf would be normally loaded. The array starts out being the size of the application region, with initial values of 0xff for every byte, just as flash would be after a full erase. Then, the script takes each section from the elf and overwrites the section of the virtual flash images where that section should reside.

Finally, the script CRCs the application region and injects the resulting value into the original elf.

This all works fine, but I am seeing additional data in the actual flash contents of the mcu that I cannot determine the origin of. The flash is erased fully before programming the elf so this data is coming from the elf loaded onto the device.

I'm guessing that what is going on here is that there are sections in the elf that my script is ignoring but that are still being written to flash when flashed using conventional means.

The following is the result of a readelf on my application image:

Section Headers: [Nr] Name Type Addr Off Size ES Flg Lk Inf Al

[ 0] NULL 00000000 000000 000000 00 0 0 0

[ 1] .isr_vector PROGBITS 08020000 010000 0001f8 00 WA 0 0 4

[ 2] .firmware_header_ PROGBITS 080201f8 0101f8 000004 00 WA 0 0 4

[ 3] .text PROGBITS 08020200 010200 01e11c 00 AX 0 0 64

[ 4] .ARM.extab PROGBITS 0803e31c 033a68 000000 00 W 0 0 1

[ 5] .exidx ARM_EXIDX 0803e31c 02e31c 000008 00 AL 3 0 4

[ 6] .ARM.attributes ARM_ATTRIBUTES 0803e324 033a68 000030 00 0 0 1

[ 7] .init_array INIT_ARRAY 0803e324 02e324 000008 04 WA 0 0 4

[ 8] .fini_array FINI_ARRAY 0803e32c 02e32c 000004 04 WA 0 0 4

[ 9] .firmware_header PROGBITS 0803e330 02e330 000008 00 WA 0 0 4

[10] .data PROGBITS 20000000 030000 0009c8 00 WA 0 0 8

[11] .RxDecripSection PROGBITS 200009c8 0309c8 000080 00 WA 0 0 4

[12] .RxarraySection PROGBITS 20000a48 030a48 0017d0 00 WA 0 0 4

[13] .TxDescripSection PROGBITS 20002218 032218 000080 00 WA 0 0 4

[14] .TxarraySection PROGBITS 20002298 032298 0017d0 00 WA 0 0 4

[15] .bss NOBITS 20003a68 033a68 045bc0 00 WA 0 0 8

[16] .heap PROGBITS 20049628 033a98 000000 00 W 0 0 1

[17] .reserved_for_sta PROGBITS 20049628 033a98 000000 00 W 0 0 1

[18] .battery_backed_s NOBITS 40024000 034000 00000c 00 WA 0 0 4

[19] .comment PROGBITS 00000000 033a98 000075 01 MS 0 0 1

[20] .debug_frame PROGBITS 00000000 033b10 001404 00 0 0 4

[21] .stab PROGBITS 00000000 034f14 000084 0c 22 0 4

[22] .stabstr STRTAB 00000000 034f98 000117 00 0 0 1

[23] .symtab SYMTAB 00000000 0350b0 009010 10 24 1646 4

[24] .strtab STRTAB 00000000 03e0c0 003dc8 00 0 0 1

[25] .shstrtab STRTAB 00000000 041e88 000132 00 0 0 1

I am loading the following sections into my virtual flash image: .isr_vector, .firmware_header_vector, .text, .exidx, .ARM.attributes, .init_array, .fini_array

I do notice that some sections do have addresses of 0. Are some of these perhaps simply appended to flash?

回答1:

The additional sections are most probably initial data for DATA segments. The startup code of most systems copies the contents into the RAM space allocated for those segments. This way static variables initialized with non-zero values are set up.

For example static int x = 23; should give you a segment with "23" in it. The address of this "23" in flash is not the address of x in RAM.