Reprogramming the PineTime

2020-05-15T22:30:13Z

Jlukanc: /* Raspberry Pi */

= Introduction =

The PineTime Dev Kit comes with the back not glued down to allow it to be easily reprogramed but the kit does not include an hardware programmer. There are a bewildering variaty of different hardware programmers available but whatever programmer you have there are only a few tasks you will have to learn about:

* Unlock the device
* Upload new software
* Run a debugger

Unlocking the device is a one-time action that is needed to enable to debug port and provide full access to the device. Unlocking the device will erase all existing software from the internal flash.

= Black Magic Probe =

BlackMagic Probe is an JTAG/SWD adapter with open-source firmware, allowing for it to be ported to a multitude of different boards. One of it's defining features is lack of need for intermediate software such as OpenOCD - one would just need to connect to the GDB server running on the chip and proceed with debugging. For more information, refer to [https://github.com/blacksphere/blackmagic/wiki wiki].

== Adapters ==

=== Native adapters ===

The native adapters are the official Black Magic family of debug adapters, including the original Black Magic Probe and the Black Magic Probe Mini. By buying the official hardware you are supporting the continued development of the Black Magic Probe software.

Providing your native adapter is running up-to-date firmware then it can be used to program your PineTime.

=== STM32 (Blue Pill) ===

It is possible to flash a popular development board based on STM32F103C8T6 microcontroller, known as Blue Pill, to make a BlackMagic Probe device. For example, one may follow instructions in [https://forum.pine64.org/showthread.php?tid=8816&pid=57095#pid57095 forum post] or [https://gist.github.com/darnel/dac1370d057e176386ca4026418abc2b gist] (mac os). Also, it is possible to use SWD pins on the board to flash other devices, instead using arbitrary pins on the board itself. See [https://buger.dread.cz/black-magic-probe-bmp-on-bluepill-stm32f103c8-minimum-system-development-board.html this link] for more detals.

=== Other hardware ===

The Black Magic Probe firmware can be run on a variety of host devices. See [https://github.com/blacksphere/blackmagic/wiki/Debugger-Hardware BMP Debugger Hardware] for more information.

== Uploading new software ==

Refer to the BMP [https://github.com/blacksphere/blackmagic/wiki/Useful-GDB-commands wiki] for the full description of commands.
Overall, the process on Linux is like following. (/dev/ttyBmpGdb is a symlink created by the udev rule). It's useful to create a gdb script file (or .gdbinit) with following commands:

target extended-remote /dev/ttyBmpGdb
monitor swdp_scan
attach 1
file %firmware file%

Then one may use '''load''' command to flash the firmware, '''compare-sections''' to verify the upload, or '''monitor erase_mass''' to erase the firmware.
Then, proceed with debugging as normal.

= nrfjprog =

The following steps have been tested with the Segger JLink embedded in the [https://www.nordicsemi.com/Software-and-Tools/Development-Kits/nRF52-DK NRF52-DK development board].

== Hookup ==

Connect the Pinetime SWD pins to the debugger (P20 on NRF52-DK)

{| class="wikitable"
!Pintime
!JLink
|-
|GND
|GND
|-
|SWDCLK
|SWDCLK
|-
|SWDIO
|SWDIO
|-
|VCC (3.3V)
|VTG (target detect)
|}

== Unlocking the FLASH ==

Unlocking the device and erase the memory. '''You need to execute this step only once, to remove the read protection on the memory. Note that it will erase the whole
flash memory of the MCU!''' :

nrfjprog -f NRF52 --recover

== Uploading new software ==

1. Program the BLE softdevice (if needed by the firmware). Replace PATH_TO_NRF_SDK by the path where you unzipped the [https://www.nordicsemi.com/Software-and-Tools/Software/nRF5-SDK NRF52 SDK] :

nrfjprog -f NRF52 --program /PATH_TO_NRF_SDK/components/softdevice/s132/hex/s132_nrf52_6.1.1_softdevice.hex --sectorerase

2. Program the firmware (replace firmware.hex by the actual filename of the firmware):

nrfjprog -f NRF52 --program firmware.hex --sectorerase

3. Reset and run the new firmware:

nrfjprog -f NRF52 --reset

= OpenOCD =

== Adapters ==

=== CMSIS-DAP ===

Copied from [https://blog.aegrel.ee/absniffer-cmsis-dap-sniffer.html this article].

Issue this command to initialize a connection to the devkit:

openocd -d2 -c 'source [find interface/cmsis-dap.cfg]; transport select swd; source [find target/nrf52.cfg]'

=== JLink ===

Start OpenOCD:

openocd \
-c 'interface jlink; transport select swd; source [find target/nrf52.cfg]' \
-c 'init'

Now you can connect to `127.0.0.1` (`localhost`) port `4444` using telnet to invoke OpenOCD commands. GDB should be available on port `3333`.

=== Raspberry Pi ===

Instructions in [https://medium.com/@ly.lee/build-and-flash-rust-mynewt-firmware-for-pinetime-smart-watch-5e14259c55 Medium post], subsequently [https://medium.com/@ly.lee/openocd-on-raspberry-pi-better-with-swd-on-spi-7dea9caeb590 updated] with a more reliable method under development, so may be a bit of a moving target.

Additionally, look at [https://github.com/jlukanc1/pinetime-boot-flasher this Github repo] for a script that aims to simplify the bootloader install process by using a modified version of the above scripts.

=== STLink ===

TODO

== Unlocking the device ==

Once you have connected to the device then the OpenOCD command console is accessable via a network socket. If you need to disable access port protection then you can do this using the following commands below.

Note: ''Unlocking the device to remove access port protection will erase the contents of flash.''

telnet localhost 4444
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
Open On-Chip Debugger
> nrf52.dap apreg 1 0x04
0x00000000
> nrf52.dap apreg 1 0x04 0x01
> nrf52.dap apreg 1 0x04
0x00000001

== Uploading new software ==

Just issue this command, replace ''code.hex'' with your own (and cmsis-dap.cfg with an approprate adapter).

openocd -c 'source [find interface/cmsis-dap.cfg]; transport select swd; source [find target/nrf52.cfg]' \
-c init \
-c 'nrf5 mass_erase' \
-c 'program code.hex verify' \
-c reset \
-c exit

PINE64 - User contributions [en]

Reprogramming the PineTime