CC3200 over the air bootloader

For every incremental development process, an update function for products in the field is absolutely necessary.

To deliver new features and bug fixes to our customers, we developed our own over the air boot loader. If you like to play around with your hardware, our boot loader is the easiest way to program your device with our customized firmware.


The WyLight boot loader is stored in the external flash with the filename /sys/mcuimg.bin. CC3200's internal ROM boot loader loads this file during a startup from flash to SRAM at address 0x20004000. This means for us, we have to link our boot loader code static against this address. We defined our boot loader area in our SRAM from 0x20004000 to 0x20011FFF. Our firmware starts at address 0x20012000.

How a normal start process looks like:

  • ROM boot loader transfers our boot loader from flash to SRAM
  • ROM boot loader jumps to 0x20004000
  • Over the air (OTA) boot loader transfers /temp/firmware.bin into SRAM and checks the appended SHA256 checksum.
  • If everything is correct, OTA boot loader jumps to 0x20012000
  • CC3200 executes the normal firmware now.
  • If OTA boot loader detects an error in the SHA256 hash, or an external button is pressed, it will start an access point and a TCP server at port 2000.

Now we can connect to the access point and transfer any file we want to the OTA boot loader.


We tried to keep our protocol as simple as possible.
One file transfer looks like this:

All this data has to be transferred in one single operation. As soon as the OTA boot loader detects a not complete full packet, he will check the filename and the SHA256 and store the file from SRAM into the FLASH. After a successful operation, the client receives 1 and the server close this connection.
If the OTA detects the a firmware by their filename, he will start this firmware afterwards.

comments powered by Disqus