Merge pull request 'Use patchelfcrc program for CRC patching.' (#45) from port-to-patchelfcrc into dev

Reviewed-on: #45

stm-firmware/.gitignore

@@ -16,3 +16,10 @@ reflow-controller.includes
 *.files
 *.user.*
 *.user
+
+# VSCODE and CLANGD sepcific excludes
+
+.vscode/
+build/
+.cache/
+compile_commands.json

stm-firmware/CMakeLists.txt

@@ -1,7 +1,7 @@
 set(CMAKE_SYSTEM_NAME Generic)
 set(CMAKE_SYSTEM_PROCESSOR arm)
 set(CMAKE_CROSSCOMPILING 1)
-cmake_minimum_required(VERSION 3.0)
+cmake_minimum_required(VERSION 3.18)
 
 set(CMAKE_TOOLCHAIN_FILE "arm-none-eabi-gcc.cmake")
 
@@ -43,26 +43,12 @@ else (GIT_FOUND)
 	message("Version is set to: ${GIT_DESCRIBE}${ColorReset}")
 endif (GIT_FOUND)
 
-find_program(VIRTUALENV virtualenv)
+find_program(PATCHELFCRC patchelfcrc)
-if (VIRTUALENV)
+if (PATCHELFCRC)
-	message("Python virtual environment found")
+	message("patchelfcrc found: ${PATCHELFCRC}")
-	execute_process(
+else(PATCHELFCRC)
-		COMMAND ${VIRTUALENV} venv
+	message(FATAL_ERROR "${BoldRed}Patchelfcrc not found. Cannot patch CRC checksum into ELF file: patchelfcrc: command not found! See: https://git.shimatta.de/mhu/patchelfcrc${ColorReset}")
-		WORKING_DIRECTORY ${CMAKE_CURRENT_BINARY_DIR}
+endif (PATCHELFCRC)
-		OUTPUT_QUIET
-		COMMAND_ERROR_IS_FATAL ANY
-	)
-	set(VENV_BIN "${CMAKE_CURRENT_BINARY_DIR}/venv/bin")
-	execute_process(
-		COMMAND ./pip install -r "${CMAKE_CURRENT_SOURCE_DIR}/crc-patcher/requirements.txt"
-		WORKING_DIRECTORY ${VENV_BIN}
-		OUTPUT_QUIET
-		COMMAND_ERROR_IS_FATAL ANY
-	)
-	message("${BoldGreen}python virtual environment set up!${ColorReset}")
-else(VIRTUALENV)
-	message(FATAL_ERROR "${BoldRed}Python virtual environment not set up: virtualenv: command not found!${ColorReset}")
-endif (VIRTUALENV)
 
 
 set(ELFFILE ${PROJECT_NAME}.elf)
@@ -71,7 +57,7 @@ set(MAPFILE ${PROJECT_NAME}.map)
 set(LINKER_SCRIPT ${CMAKE_CURRENT_SOURCE_DIR}/stm32f407vet6_flash.ld)
 
 add_compile_options(-Wall -Wextra -Wold-style-declaration -Wuninitialized -Wmaybe-uninitialized -Wunused-parameter)
-add_compile_options(-mlittle-endian -mthumb -mcpu=cortex-m4 -mthumb-interwork -mfloat-abi=hard -mfpu=fpv4-sp-d16 -nostartfiles -Wimplicit-fallthrough=3 -Wsign-compare)
+add_compile_options(-mlittle-endian -mthumb -mcpu=cortex-m4 -mfloat-abi=hard -mfpu=fpv4-sp-d16 -nostartfiles -Wimplicit-fallthrough=3 -Wsign-compare)
 
 
 set(GIT_DESCRIBE "${GIT_DESCRIBE}")
@@ -124,15 +110,15 @@ add_executable(${ELFFILE} ${MAIN_SOURCES} ${CFG_PARSER_SRCS} ${UI_SRCS}
 add_dependencies(${ELFFILE} updater-ram-code-header-blob)		
 
 target_include_directories(${ELFFILE} PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/shellmatta/api ${CMAKE_CURRENT_SOURCE_DIR}/config-parser/include)
-target_link_options(${ELFFILE} PRIVATE -mlittle-endian -mthumb -mcpu=cortex-m4 -mthumb-interwork -mfloat-abi=hard -mfpu=fpv4-sp-d16 --disable-newlib-supplied-syscalls -nostartfiles -T${LINKER_SCRIPT} -Wl,--print-memory-usage)
+target_link_options(${ELFFILE} PRIVATE -mlittle-endian -mthumb -mcpu=cortex-m4 -mfloat-abi=hard -mfpu=fpv4-sp-d16 --disable-newlib-supplied-syscalls -nostartfiles -T${LINKER_SCRIPT} -Wl,--print-memory-usage)
 target_link_libraries(${ELFFILE} base64-lib linklist-lib)
 target_include_directories(${ELFFILE} PRIVATE "${CMAKE_CURRENT_BINARY_DIR}/updater/ram-code/include/")
 
 add_custom_command(
     TARGET ${ELFFILE}
     POST_BUILD
-    COMMAND ./python "${CMAKE_CURRENT_SOURCE_DIR}/crc-patcher/crc-patch-elf.py" "${CMAKE_CURRENT_BINARY_DIR}/${ELFFILE}"
+    COMMAND ${PATCHELFCRC} --little-endian --verbose --granularity word --start-magic 0xa8be53f9 --end-magic 0xffa582ff -O .flashcrc -p crc-32-mpeg -S .text -S .data -S .ccmdata -S .vectors "${CMAKE_CURRENT_BINARY_DIR}/${ELFFILE}"
-    WORKING_DIRECTORY ${VENV_BIN}
+    WORKING_DIRECTORY ${CMAKE_CURRENT_BINARY_DIR}
     COMMENT "Running Flash CRC Patcher"
     )
 

stm-firmware/crc-patcher/crc-patch-elf.py

@@ -1,114 +0,0 @@
-#!/bin/python
-
-"""
-This script patches the CRC checksums into an existing ELF file.
-
-For this, it searches the follwoing sections:
-	1) .text
-	2) .data
-	3) .ccmdata
-	4) .vectors
-
-All sections MUST be a multiple of 4 bytes long because the CRC calculation relies on whole 32 bit words.
-The sections are excrated and the CRC is calculated for each section.
-
-In the section .flashcrc, the script expects a single struct with the prototype:
-struct flash_crcs {
-	uint32_t start_magic;
-	uint32_t crc_section_text;
-	uint32_t crc_section_data;
-	uint32_t crc_section_ccm_data;
-	uint32_t crc_section_vectors;
-	uint32_t end_magic;
-};
-
-It checks, if the start magic and end magic are set to the appropriate values and then patches in the CRC values of the sections.
-The magic values checked for are: 0xA8BE53F9 and 0xFFA582FF
-"""
-from elftools.elf.elffile import ELFFile
-from elftools.elf.segments import Segment
-import elftools.elf.constants as elf_const
-import sys
-import crcmod
-import crcmod.predefined
-import struct
-
-crc_calc = crcmod.predefined.mkCrcFun('crc-32-mpeg')
-
-if len(sys.argv) < 2:
-	print("Usage:", sys.argv[0], ' <elf file>')
-	sys.exit(-1)
-
-filename=sys.argv[1]
-
-def section_calculate_crc(section):
-	data = bytearray(section.data())
-	be_data = bytearray([0 for k in range(0, len(data))])
-	# Rearrange data, because the STM controller sees it as 32 bit little endian words
-	for i in range(0, int(len(data)/4)):
-		be_data[i*4+0] = data[i*4+3]
-		be_data[i*4+1] = data[i*4+2]
-		be_data[i*4+2] = data[i*4+1]
-		be_data[i*4+3] = data[i*4+0]
-
-	return crc_calc(be_data)
-
-with open(filename, 'r+b') as f:
-	elf = ELFFile(f)
-	sections = {}
-	sections['.text'] = elf.get_section_by_name('.text')
-	sections['.data'] = elf.get_section_by_name('.data')
-	sections['.ccmdata'] = elf.get_section_by_name('.ccmdata')
-	sections['.vectors'] = elf.get_section_by_name('.vectors')
-
-	for key, sec in sections.items():
-		if sec is None:
-			print("Error! Section", key, "not found in ELF file!")
-			sys.exit(-1)
-		print('Found section', key, 'Size:',
-			  sec.data_size, 'Type:', sec['sh_type'])
-		if sec['sh_type'] != 'SHT_PROGBITS':
-			print('Error! Section must be of type SHT_PROGBITS')
-			sys.exit(-1)
-		if (sec.data_size % 4 != 0):
-			print("Section", key, "has wrong size. Must be a multiple of 4 bytes!")
-			sys.exit(-1)
-
-	text_crc = section_calculate_crc(sections['.text'])
-	print('CRC of .text section:', hex(text_crc))
-	data_crc = section_calculate_crc(sections['.data'])
-	print('CRC of .data section:', hex(data_crc))
-	ccmdata_crc = section_calculate_crc(sections['.ccmdata'])
-	print('CRC of .ccmdata section:', hex(ccmdata_crc))
-	vextors_crc = section_calculate_crc(sections['.vectors'])
-	print('CRC of .vectors section:', hex(vextors_crc))
-
-	# Check the flashcrc section
-	flashcrc_sec = elf.get_section_by_name('.flashcrc')
-	if flashcrc_sec is None:
-		print('Section for flash CRC missing!')
-		sys.exit(-1)
-	if flashcrc_sec.data_size != 6*4:
-		print("Error: .flashcrc section has wrong size:",flashcrc_sec.data_size)
-		sys.exit(-1);
-
-	crc_sec_data = bytearray(flashcrc_sec.data())
-	magic1 = struct.unpack('<I'*1, bytes(crc_sec_data[0:4]))[0]
-	magic2 = struct.unpack('<I'*1, bytes(crc_sec_data[-4:]))[0]
-	print("CRC section magic values:", hex(magic1), hex(magic2))
-	if magic1 != 0xA8BE53F9 or magic2 != 0xFFA582FF:
-		print("Wrong magics in CRC section. Data misalignment?")
-		sys.exit(-2)
-
-	crc_sec_offset = flashcrc_sec['sh_offset']
-	print('CRC section ELF file offset:', hex(crc_sec_offset))
-	
-	crc_sec_data[4:8] = struct.pack('<I',text_crc)
-	crc_sec_data[8:12] = struct.pack('<I',data_crc)
-	crc_sec_data[12:16] = struct.pack('<I',ccmdata_crc)
-	crc_sec_data[16:20] = struct.pack('<I',vextors_crc)
-	f.seek(crc_sec_offset)
-	f.write(crc_sec_data)
-	print('CRCs patched successfully')
-
-	

stm-firmware/crc-patcher/crc_patch_elf.py

@@ -0,0 +1,124 @@
+#!/bin/python
+
+"""
+This script patches the CRC checksums into an existing ELF file.
+
+For this, it searches the follwoing sections:
+	1) .text
+	2) .data
+	3) .ccmdata
+	4) .vectors
+
+All sections MUST be a multiple of 4 bytes long
+because the CRC calculation relies on whole 32 bit words.
+The sections are extracted and the CRC is calculated for each section.
+
+In the section .flashcrc, the script expects a single struct with the prototype:
+struct flash_crcs {
+	uint32_t start_magic;
+	uint32_t crc_section_text;
+	uint32_t crc_section_data;
+	uint32_t crc_section_ccm_data;
+	uint32_t crc_section_vectors;
+	uint32_t end_magic;
+};
+
+It checks, if the start magic and end magic are set to the appropriate values and then
+patches in the CRC values of the sections.
+The magic values checked for are: 0xA8BE53F9 and 0xFFA582FF
+"""
+
+import sys
+import struct
+from elftools.elf.elffile import ELFFile
+import crcmod
+import crcmod.predefined
+
+crc_calc = crcmod.predefined.mkCrcFun('crc-32-mpeg')
+
+if len(sys.argv) < 2:
+	print("Usage:", sys.argv[0], ' <elf file>')
+	sys.exit(-1)
+
+filename=sys.argv[1]
+
+def section_calculate_crc(section):
+	"""
+	Calculate CRC of ELF file section
+	"""
+	data = bytearray(section.data())
+	be_data = bytearray([0 for k in range(0, len(data))])
+	# Rearrange data, because the STM controller sees it as 32 bit little endian words
+	for i in range(0, int(len(data)/4)):
+		be_data[i*4+0] = data[i*4+3]
+		be_data[i*4+1] = data[i*4+2]
+		be_data[i*4+2] = data[i*4+1]
+		be_data[i*4+3] = data[i*4+0]
+
+	return crc_calc(be_data)
+
+def main():
+	"""
+	Main function. Patches CRCs into ELF file
+	"""
+	with open(filename, 'r+b') as elf_file:
+		elf = ELFFile(elf_file)
+		sections = {}
+		sections['.text'] = elf.get_section_by_name('.text')
+		sections['.data'] = elf.get_section_by_name('.data')
+		sections['.ccmdata'] = elf.get_section_by_name('.ccmdata')
+		sections['.vectors'] = elf.get_section_by_name('.vectors')
+
+		for key, sec in sections.items():
+			if sec is None:
+				print("Error! Section", key, "not found in ELF file!")
+				sys.exit(-1)
+			print('Found section', key, 'Size:',
+				sec.data_size, 'Type:', sec['sh_type'])
+			if sec['sh_type'] != 'SHT_PROGBITS':
+				print('Error! Section must be of type SHT_PROGBITS')
+				sys.exit(-1)
+			if sec.data_size % 4 != 0:
+				print("Section", key,
+					"has wrong size. Must be a multiple of 4 bytes!")
+				sys.exit(-1)
+
+		text_crc = section_calculate_crc(sections['.text'])
+		print('CRC of .text section:', hex(text_crc))
+		data_crc = section_calculate_crc(sections['.data'])
+		print('CRC of .data section:', hex(data_crc))
+		ccmdata_crc = section_calculate_crc(sections['.ccmdata'])
+		print('CRC of .ccmdata section:', hex(ccmdata_crc))
+		vextors_crc = section_calculate_crc(sections['.vectors'])
+		print('CRC of .vectors section:', hex(vextors_crc))
+
+		# Check the flashcrc section
+		flashcrc_sec = elf.get_section_by_name('.flashcrc')
+		if flashcrc_sec is None:
+			print('Section for flash CRC missing!')
+			sys.exit(-1)
+		if flashcrc_sec.data_size != 6*4:
+			print("Error: .flashcrc section has wrong size:",flashcrc_sec.data_size)
+			sys.exit(-1)
+
+		crc_sec_data = bytearray(flashcrc_sec.data())
+		magic1 = struct.unpack('<I'*1, bytes(crc_sec_data[0:4]))[0]
+		magic2 = struct.unpack('<I'*1, bytes(crc_sec_data[-4:]))[0]
+		print("CRC section magic values:", hex(magic1), hex(magic2))
+		if magic1 != 0xA8BE53F9 or magic2 != 0xFFA582FF:
+			print("Wrong magics in CRC section. Data misalignment?")
+			sys.exit(-2)
+
+		crc_sec_offset = flashcrc_sec['sh_offset']
+		print('CRC section ELF file offset:', hex(crc_sec_offset))
+
+		crc_sec_data[4:8] = struct.pack('<I',text_crc)
+		crc_sec_data[8:12] = struct.pack('<I',data_crc)
+		crc_sec_data[12:16] = struct.pack('<I',ccmdata_crc)
+		crc_sec_data[16:20] = struct.pack('<I',vextors_crc)
+		elf_file.seek(crc_sec_offset)
+		elf_file.write(crc_sec_data)
+		print('CRCs patched successfully')
+
+if __name__ == '__main__':
+	main()

stm-firmware/crc-patcher/pylintrc

@@ -0,0 +1,623 @@
+[MASTER]
+
+# A comma-separated list of package or module names from where C extensions may
+# be loaded. Extensions are loading into the active Python interpreter and may
+# run arbitrary code.
+extension-pkg-allow-list=
+
+# A comma-separated list of package or module names from where C extensions may
+# be loaded. Extensions are loading into the active Python interpreter and may
+# run arbitrary code. (This is an alternative name to extension-pkg-allow-list
+# for backward compatibility.)
+extension-pkg-whitelist=
+
+# Return non-zero exit code if any of these messages/categories are detected,
+# even if score is above --fail-under value. Syntax same as enable. Messages
+# specified are enabled, while categories only check already-enabled messages.
+fail-on=
+
+# Specify a score threshold to be exceeded before program exits with error.
+fail-under=10.0
+
+# Files or directories to be skipped. They should be base names, not paths.
+ignore=CVS
+
+# Add files or directories matching the regex patterns to the ignore-list. The
+# regex matches against paths.
+ignore-paths=
+
+# Files or directories matching the regex patterns are skipped. The regex
+# matches against base names, not paths.
+ignore-patterns=
+
+# Python code to execute, usually for sys.path manipulation such as
+# pygtk.require().
+#init-hook=
+
+# Use multiple processes to speed up Pylint. Specifying 0 will auto-detect the
+# number of processors available to use.
+jobs=1
+
+# Control the amount of potential inferred values when inferring a single
+# object. This can help the performance when dealing with large functions or
+# complex, nested conditions.
+limit-inference-results=100
+
+# List of plugins (as comma separated values of python module names) to load,
+# usually to register additional checkers.
+load-plugins=
+
+# Pickle collected data for later comparisons.
+persistent=yes
+
+# When enabled, pylint would attempt to guess common misconfiguration and emit
+# user-friendly hints instead of false-positive error messages.
+suggestion-mode=yes
+
+# Allow loading of arbitrary C extensions. Extensions are imported into the
+# active Python interpreter and may run arbitrary code.
+unsafe-load-any-extension=no
+
+
+[MESSAGES CONTROL]
+
+# Only show warnings with the listed confidence levels. Leave empty to show
+# all. Valid levels: HIGH, INFERENCE, INFERENCE_FAILURE, UNDEFINED.
+confidence=
+
+# Disable the message, report, category or checker with the given id(s). You
+# can either give multiple identifiers separated by comma (,) or put this
+# option multiple times (only on the command line, not in the configuration
+# file where it should appear only once). You can also use "--disable=all" to
+# disable everything first and then reenable specific checks. For example, if
+# you want to run only the similarities checker, you can use "--disable=all
+# --enable=similarities". If you want to run only the classes checker, but have
+# no Warning level messages displayed, use "--disable=all --enable=classes
+# --disable=W".
+disable=print-statement,
+        parameter-unpacking,
+        unpacking-in-except,
+        old-raise-syntax,
+        backtick,
+        long-suffix,
+        old-ne-operator,
+        old-octal-literal,
+        import-star-module-level,
+        non-ascii-bytes-literal,
+        raw-checker-failed,
+        bad-inline-option,
+        locally-disabled,
+        file-ignored,
+        suppressed-message,
+        useless-suppression,
+        deprecated-pragma,
+        use-symbolic-message-instead,
+        apply-builtin,
+        basestring-builtin,
+        buffer-builtin,
+        cmp-builtin,
+        coerce-builtin,
+        execfile-builtin,
+        file-builtin,
+        long-builtin,
+        raw_input-builtin,
+        reduce-builtin,
+        standarderror-builtin,
+        unicode-builtin,
+        xrange-builtin,
+        coerce-method,
+        delslice-method,
+        getslice-method,
+        setslice-method,
+        no-absolute-import,
+        old-division,
+        dict-iter-method,
+        dict-view-method,
+        next-method-called,
+        metaclass-assignment,
+        indexing-exception,
+        raising-string,
+        reload-builtin,
+        oct-method,
+        hex-method,
+        nonzero-method,
+        cmp-method,
+        input-builtin,
+        round-builtin,
+        intern-builtin,
+        unichr-builtin,
+        map-builtin-not-iterating,
+        zip-builtin-not-iterating,
+        range-builtin-not-iterating,
+        filter-builtin-not-iterating,
+        using-cmp-argument,
+        eq-without-hash,
+        div-method,
+        idiv-method,
+        rdiv-method,
+        exception-message-attribute,
+        invalid-str-codec,
+        sys-max-int,
+        bad-python3-import,
+        deprecated-string-function,
+        deprecated-str-translate-call,
+        deprecated-itertools-function,
+        deprecated-types-field,
+        next-method-defined,
+        dict-items-not-iterating,
+        dict-keys-not-iterating,
+        dict-values-not-iterating,
+        deprecated-operator-function,
+        deprecated-urllib-function,
+        xreadlines-attribute,
+        deprecated-sys-function,
+        exception-escape,
+        comprehension-escape
+
+# Enable the message, report, category or checker with the given id(s). You can
+# either give multiple identifier separated by comma (,) or put this option
+# multiple time (only on the command line, not in the configuration file where
+# it should appear only once). See also the "--disable" option for examples.
+enable=c-extension-no-member
+
+
+[REPORTS]
+
+# Python expression which should return a score less than or equal to 10. You
+# have access to the variables 'error', 'warning', 'refactor', and 'convention'
+# which contain the number of messages in each category, as well as 'statement'
+# which is the total number of statements analyzed. This score is used by the
+# global evaluation report (RP0004).
+evaluation=10.0 - ((float(5 * error + warning + refactor + convention) / statement) * 10)
+
+# Template used to display messages. This is a python new-style format string
+# used to format the message information. See doc for all details.
+#msg-template=
+
+# Set the output format. Available formats are text, parseable, colorized, json
+# and msvs (visual studio). You can also give a reporter class, e.g.
+# mypackage.mymodule.MyReporterClass.
+output-format=text
+
+# Tells whether to display a full report or only the messages.
+reports=no
+
+# Activate the evaluation score.
+score=yes
+
+
+[REFACTORING]
+
+# Maximum number of nested blocks for function / method body
+max-nested-blocks=5
+
+# Complete name of functions that never returns. When checking for
+# inconsistent-return-statements if a never returning function is called then
+# it will be considered as an explicit return statement and no message will be
+# printed.
+never-returning-functions=sys.exit,argparse.parse_error
+
+
+[STRING]
+
+# This flag controls whether inconsistent-quotes generates a warning when the
+# character used as a quote delimiter is used inconsistently within a module.
+check-quote-consistency=no
+
+# This flag controls whether the implicit-str-concat should generate a warning
+# on implicit string concatenation in sequences defined over several lines.
+check-str-concat-over-line-jumps=no
+
+
+[SIMILARITIES]
+
+# Ignore comments when computing similarities.
+ignore-comments=yes
+
+# Ignore docstrings when computing similarities.
+ignore-docstrings=yes
+
+# Ignore imports when computing similarities.
+ignore-imports=no
+
+# Ignore function signatures when computing similarities.
+ignore-signatures=no
+
+# Minimum lines number of a similarity.
+min-similarity-lines=4
+
+
+[BASIC]
+
+# Naming style matching correct argument names.
+argument-naming-style=snake_case
+
+# Regular expression matching correct argument names. Overrides argument-
+# naming-style.
+#argument-rgx=
+
+# Naming style matching correct attribute names.
+attr-naming-style=snake_case
+
+# Regular expression matching correct attribute names. Overrides attr-naming-
+# style.
+#attr-rgx=
+
+# Bad variable names which should always be refused, separated by a comma.
+bad-names=foo,
+          bar,
+          baz,
+          toto,
+          tutu,
+          tata
+
+# Bad variable names regexes, separated by a comma. If names match any regex,
+# they will always be refused
+bad-names-rgxs=
+
+# Naming style matching correct class attribute names.
+class-attribute-naming-style=any
+
+# Regular expression matching correct class attribute names. Overrides class-
+# attribute-naming-style.
+#class-attribute-rgx=
+
+# Naming style matching correct class constant names.
+class-const-naming-style=UPPER_CASE
+
+# Regular expression matching correct class constant names. Overrides class-
+# const-naming-style.
+#class-const-rgx=
+
+# Naming style matching correct class names.
+class-naming-style=PascalCase
+
+# Regular expression matching correct class names. Overrides class-naming-
+# style.
+#class-rgx=
+
+# Naming style matching correct constant names.
+const-naming-style=UPPER_CASE
+
+# Regular expression matching correct constant names. Overrides const-naming-
+# style.
+#const-rgx=
+
+# Minimum line length for functions/classes that require docstrings, shorter
+# ones are exempt.
+docstring-min-length=-1
+
+# Naming style matching correct function names.
+function-naming-style=snake_case
+
+# Regular expression matching correct function names. Overrides function-
+# naming-style.
+#function-rgx=
+
+# Good variable names which should always be accepted, separated by a comma.
+good-names=i,
+           j,
+           k,
+           ex,
+           Run,
+           _
+
+# Good variable names regexes, separated by a comma. If names match any regex,
+# they will always be accepted
+good-names-rgxs=
+
+# Include a hint for the correct naming format with invalid-name.
+include-naming-hint=no
+
+# Naming style matching correct inline iteration names.
+inlinevar-naming-style=any
+
+# Regular expression matching correct inline iteration names. Overrides
+# inlinevar-naming-style.
+#inlinevar-rgx=
+
+# Naming style matching correct method names.
+method-naming-style=snake_case
+
+# Regular expression matching correct method names. Overrides method-naming-
+# style.
+#method-rgx=
+
+# Naming style matching correct module names.
+module-naming-style=snake_case
+
+# Regular expression matching correct module names. Overrides module-naming-
+# style.
+#module-rgx=
+
+# Colon-delimited sets of names that determine each other's naming style when
+# the name regexes allow several styles.
+name-group=
+
+# Regular expression which should only match function or class names that do
+# not require a docstring.
+no-docstring-rgx=^_
+
+# List of decorators that produce properties, such as abc.abstractproperty. Add
+# to this list to register other decorators that produce valid properties.
+# These decorators are taken in consideration only for invalid-name.
+property-classes=abc.abstractproperty
+
+# Naming style matching correct variable names.
+variable-naming-style=snake_case
+
+# Regular expression matching correct variable names. Overrides variable-
+# naming-style.
+#variable-rgx=
+
+
+[FORMAT]
+
+# Expected format of line ending, e.g. empty (any line ending), LF or CRLF.
+expected-line-ending-format=
+
+# Regexp for a line that is allowed to be longer than the limit.
+ignore-long-lines=^\s*(# )?<?https?://\S+>?$
+
+# Number of spaces of indent required inside a hanging or continued line.
+indent-after-paren=4
+
+# String used as indentation unit. This is usually "    " (4 spaces) or "\t" (1
+# tab).
+indent-string='\t'
+
+# Maximum number of characters on a single line.
+max-line-length=100
+
+# Maximum number of lines in a module.
+max-module-lines=1000
+
+# Allow the body of a class to be on the same line as the declaration if body
+# contains single statement.
+single-line-class-stmt=no
+
+# Allow the body of an if to be on the same line as the test if there is no
+# else.
+single-line-if-stmt=no
+
+
+[MISCELLANEOUS]
+
+# List of note tags to take in consideration, separated by a comma.
+notes=FIXME,
+      XXX,
+      TODO
+
+# Regular expression of note tags to take in consideration.
+#notes-rgx=
+
+
+[SPELLING]
+
+# Limits count of emitted suggestions for spelling mistakes.
+max-spelling-suggestions=4
+
+# Spelling dictionary name. Available dictionaries: none. To make it work,
+# install the 'python-enchant' package.
+spelling-dict=
+
+# List of comma separated words that should be considered directives if they
+# appear and the beginning of a comment and should not be checked.
+spelling-ignore-comment-directives=fmt: on,fmt: off,noqa:,noqa,nosec,isort:skip,mypy:
+
+# List of comma separated words that should not be checked.
+spelling-ignore-words=
+
+# A path to a file that contains the private dictionary; one word per line.
+spelling-private-dict-file=
+
+# Tells whether to store unknown words to the private dictionary (see the
+# --spelling-private-dict-file option) instead of raising a message.
+spelling-store-unknown-words=no
+
+
+[VARIABLES]
+
+# List of additional names supposed to be defined in builtins. Remember that
+# you should avoid defining new builtins when possible.
+additional-builtins=
+
+# Tells whether unused global variables should be treated as a violation.
+allow-global-unused-variables=yes
+
+# List of names allowed to shadow builtins
+allowed-redefined-builtins=
+
+# List of strings which can identify a callback function by name. A callback
+# name must start or end with one of those strings.
+callbacks=cb_,
+          _cb
+
+# A regular expression matching the name of dummy variables (i.e. expected to
+# not be used).
+dummy-variables-rgx=_+$|(_[a-zA-Z0-9_]*[a-zA-Z0-9]+?$)|dummy|^ignored_|^unused_
+
+# Argument names that match this expression will be ignored. Default to name
+# with leading underscore.
+ignored-argument-names=_.*|^ignored_|^unused_
+
+# Tells whether we should check for unused import in __init__ files.
+init-import=no
+
+# List of qualified module names which can have objects that can redefine
+# builtins.
+redefining-builtins-modules=six.moves,past.builtins,future.builtins,builtins,io
+
+
+[LOGGING]
+
+# The type of string formatting that logging methods do. `old` means using %
+# formatting, `new` is for `{}` formatting.
+logging-format-style=old
+
+# Logging modules to check that the string format arguments are in logging
+# function parameter format.
+logging-modules=logging
+
+
+[TYPECHECK]
+
+# List of decorators that produce context managers, such as
+# contextlib.contextmanager. Add to this list to register other decorators that
+# produce valid context managers.
+contextmanager-decorators=contextlib.contextmanager
+
+# List of members which are set dynamically and missed by pylint inference
+# system, and so shouldn't trigger E1101 when accessed. Python regular
+# expressions are accepted.
+generated-members=
+
+# Tells whether missing members accessed in mixin class should be ignored. A
+# mixin class is detected if its name ends with "mixin" (case insensitive).
+ignore-mixin-members=yes
+
+# Tells whether to warn about missing members when the owner of the attribute
+# is inferred to be None.
+ignore-none=yes
+
+# This flag controls whether pylint should warn about no-member and similar
+# checks whenever an opaque object is returned when inferring. The inference
+# can return multiple potential results while evaluating a Python object, but
+# some branches might not be evaluated, which results in partial inference. In
+# that case, it might be useful to still emit no-member and other checks for
+# the rest of the inferred objects.
+ignore-on-opaque-inference=yes
+
+# List of class names for which member attributes should not be checked (useful
+# for classes with dynamically set attributes). This supports the use of
+# qualified names.
+ignored-classes=optparse.Values,thread._local,_thread._local
+
+# List of module names for which member attributes should not be checked
+# (useful for modules/projects where namespaces are manipulated during runtime
+# and thus existing member attributes cannot be deduced by static analysis). It
+# supports qualified module names, as well as Unix pattern matching.
+ignored-modules=
+
+# Show a hint with possible names when a member name was not found. The aspect
+# of finding the hint is based on edit distance.
+missing-member-hint=yes
+
+# The minimum edit distance a name should have in order to be considered a
+# similar match for a missing member name.
+missing-member-hint-distance=1
+
+# The total number of similar names that should be taken in consideration when
+# showing a hint for a missing member.
+missing-member-max-choices=1
+
+# List of decorators that change the signature of a decorated function.
+signature-mutators=
+
+
+[CLASSES]
+
+# Warn about protected attribute access inside special methods
+check-protected-access-in-special-methods=no
+
+# List of method names used to declare (i.e. assign) instance attributes.
+defining-attr-methods=__init__,
+                      __new__,
+                      setUp,
+                      __post_init__
+
+# List of member names, which should be excluded from the protected access
+# warning.
+exclude-protected=_asdict,
+                  _fields,
+                  _replace,
+                  _source,
+                  _make
+
+# List of valid names for the first argument in a class method.
+valid-classmethod-first-arg=cls
+
+# List of valid names for the first argument in a metaclass class method.
+valid-metaclass-classmethod-first-arg=cls
+
+
+[DESIGN]
+
+# Maximum number of arguments for function / method.
+max-args=5
+
+# Maximum number of attributes for a class (see R0902).
+max-attributes=7
+
+# Maximum number of boolean expressions in an if statement (see R0916).
+max-bool-expr=5
+
+# Maximum number of branch for function / method body.
+max-branches=12
+
+# Maximum number of locals for function / method body.
+max-locals=15
+
+# Maximum number of parents for a class (see R0901).
+max-parents=7
+
+# Maximum number of public methods for a class (see R0904).
+max-public-methods=20
+
+# Maximum number of return / yield for function / method body.
+max-returns=6
+
+# Maximum number of statements in function / method body.
+max-statements=50
+
+# Minimum number of public methods for a class (see R0903).
+min-public-methods=2
+
+
+[IMPORTS]
+
+# List of modules that can be imported at any level, not just the top level
+# one.
+allow-any-import-level=
+
+# Allow wildcard imports from modules that define __all__.
+allow-wildcard-with-all=no
+
+# Analyse import fallback blocks. This can be used to support both Python 2 and
+# 3 compatible code, which means that the block might have code that exists
+# only in one or another interpreter, leading to false positives when analysed.
+analyse-fallback-blocks=no
+
+# Deprecated modules which should not be used, separated by a comma.
+deprecated-modules=
+
+# Output a graph (.gv or any supported image format) of external dependencies
+# to the given file (report RP0402 must not be disabled).
+ext-import-graph=
+
+# Output a graph (.gv or any supported image format) of all (i.e. internal and
+# external) dependencies to the given file (report RP0402 must not be
+# disabled).
+import-graph=
+
+# Output a graph (.gv or any supported image format) of internal dependencies
+# to the given file (report RP0402 must not be disabled).
+int-import-graph=
+
+# Force import order to recognize a module as part of the standard
+# compatibility libraries.
+known-standard-library=
+
+# Force import order to recognize a module as part of a third party library.
+known-third-party=enchant
+
+# Couples of modules and preferred modules, separated by a comma.
+preferred-modules=
+
+
+[EXCEPTIONS]
+
+# Exceptions that will emit a warning when being caught. Defaults to
+# "BaseException, Exception".
+overgeneral-exceptions=BaseException,
+                       Exception

stm-firmware/create-c-file-with-header.py

@@ -6,7 +6,7 @@ import pathlib
 
 license_header = """/* Reflow Oven Controller
 *
-* Copyright (C) 2020  Mario Hüttel <mario.huettel@gmx.net>
+* Copyright (C) 2022  Mario Hüttel <mario.huettel@gmx.net>
 *
 * This file is part of the Reflow Oven Controller Project.
 *
@@ -37,7 +37,7 @@ cpath = os.path.join(project_dir, sys.argv[1]+'.c')
 hfile = sys.argv[1]+'.h'
 hpath = os.path.join(module_include_dir, hfile)
 
-h_define = '__'+hfile.replace('.', '_').replace('-', '_').replace('/', '_').upper()+'__'
+h_define = '_'+hfile.replace('.', '_').replace('-', '_').replace('/', '_').upper()+'_'
 
 if os.path.exists(cpath) or os.path.exists(hpath):
 	print("File already exists! Abort!")

stm-firmware/hw-version-detect.c

@@ -27,10 +27,15 @@
 #include <stm-periph/rcc-manager.h>
 #include <stm32/stm32f4xx.h>
 
+#if HW_REV_DETECT_PIN_LOW > HW_REV_DETECT_PIN_HIGH
+#error Configuration error for Hardware derection pins. Lowest position must be less than the highest pin position.
+#endif
+
 enum hw_revision get_pcb_hardware_version(void)
 {
 	uint8_t current_pin;
-	uint16_t port_bitmask = 0U;
+	uint16_t port_bitmask = 0U; /* Use uint16_t because a port can have 16 IOs max. */
+	const uint16_t highest_bit_mask = (1 << (HW_REV_DETECT_PIN_HIGH - HW_REV_DETECT_PIN_LOW));
 	static enum hw_revision revision = HW_REV_NOT_DETECTED;
 
 	/* If the revision has been previously detected,
@@ -53,7 +58,7 @@ enum hw_revision get_pcb_hardware_version(void)
 	 */
 	for (current_pin = HW_REV_DETECT_PIN_LOW; current_pin <= HW_REV_DETECT_PIN_HIGH; current_pin++) {
 		port_bitmask >>= 1;
-		port_bitmask |= (HW_REV_DETECT_GPIO->IDR & (1 << current_pin)) ? 0x0 : 0x80;
+		port_bitmask |= (HW_REV_DETECT_GPIO->IDR & (1 << current_pin)) ? 0x0 : highest_bit_mask;
 	}
 
 	/* Resolve the read in bitmask to a hardware version */

stm-firmware/include/reflow-controller/hw-version-detect.h

@@ -48,7 +48,6 @@
  */
 #define HW_REV_DETECT_PIN_HIGH (15U)
 
-
 /**
  * @brief PCB/Hardware Revision Type
  */

stm-firmware/include/reflow-controller/safety/flash-crc-struct.h

@@ -0,0 +1,37 @@
+/* Reflow Oven Controller
+*
+* Copyright (C) 2022  Mario Hüttel <mario.huettel@gmx.net>
+*
+* This file is part of the Reflow Oven Controller Project.
+*
+* The reflow oven controller is free software: you can redistribute it and/or modify
+* it under the terms of the GNU General Public License version 2 as
+* published by the Free Software Foundation.
+*
+* The Reflow Oven Control Firmware is distributed in the hope that it will be useful,
+* but WITHOUT ANY WARRANTY; without even the implied warranty of
+* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+* GNU General Public License for more details.
+*
+* You should have received a copy of the GNU General Public License
+* along with the reflow oven controller project.
+* If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#ifndef _SAFETY_FLASH_CRC_STRUCT_H_
+#define _SAFETY_FLASH_CRC_STRUCT_H_
+
+#include <stdint.h>
+
+struct flash_crcs {
+    uint32_t start_magic;
+    uint32_t crc_section_text;
+    uint32_t crc_section_data;
+    uint32_t crc_section_ccm_data;
+    uint32_t crc_section_vectors;
+    uint32_t end_magic;
+};
+
+extern const struct flash_crcs crcs_in_flash;
+
+#endif /* _SAFETY_FLASH_CRC_STRUCT_H_ */

stm-firmware/include/reflow-controller/safety/flash-crc.h

@@ -0,0 +1,56 @@
+/* Reflow Oven Controller
+*
+* Copyright (C) 2022  Mario Hüttel <mario.huettel@gmx.net>
+*
+* This file is part of the Reflow Oven Controller Project.
+*
+* The reflow oven controller is free software: you can redistribute it and/or modify
+* it under the terms of the GNU General Public License version 2 as
+* published by the Free Software Foundation.
+*
+* The Reflow Oven Control Firmware is distributed in the hope that it will be useful,
+* but WITHOUT ANY WARRANTY; without even the implied warranty of
+* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+* GNU General Public License for more details.
+*
+* You should have received a copy of the GNU General Public License
+* along with the reflow oven controller project.
+* If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#ifndef _SAFETY_FLASH_CRC_H_
+#define _SAFETY_FLASH_CRC_H_
+
+#include <stdint.h>
+
+enum flash_crc_section {
+    FLASH_CRC_VECTOR = 0,
+    FLASH_CRC_TEXT,
+    FLASH_CRC_DATA,
+    FLASH_CRC_CCMDATA,
+    N_FLASH_CRC,
+};
+
+/**
+ * @brief Perform a CRC check of the flash memory and set appropriate flags
+ * @return negative if internal error occured. Otherwise (independent from CRC check result) 0.
+ * @note This function requires the safety controller (and CRC unit) to be set up before calling!
+ */
+int flash_crc_trigger_check(void);
+
+/**
+ * @brief Calculate CRC over flash section
+ * @param sec Section to calculate CRC over
+ * @param[out] crc_result Calculated CRC
+ * @return negative if internal error occured. Otherwise (independent from CRC check result) 0.
+ */
+int flash_crc_calc_section(enum flash_crc_section sec, uint32_t *crc_result);
+
+/**
+ * @brief Get expected CRC value of a section
+ * @param sec Section
+ * @return Expected CRC
+ */
+uint32_t flash_crc_get_expected_crc(enum flash_crc_section sec);
+
+#endif /* _SAFETY_FLASH_CRC_H_ */

stm-firmware/include/reflow-controller/safety/safety-config.h

@@ -27,6 +27,15 @@
 #ifndef __SAFETY_CONFIG_H__
 #define __SAFETY_CONFIG_H__
 
+/**
+ * @brief Weights of error flags.
+ */
+enum config_weight {
+    SAFETY_FLAG_CONFIG_WEIGHT_NONE = 0, /**< @brief This flag has no global error consequence, but might be respected by certain software modules. */
+    SAFETY_FLAG_CONFIG_WEIGHT_PID = 1, /**< @brief This flag will force a stop of the temperature PID controller */
+    SAFETY_FLAG_CONFIG_WEIGHT_PANIC = 2, /**< @brief This flag will trigger the panic mode */
+};
+
 /**
  * @brief Enum type representing safety flags.
  *

stm-firmware/include/reflow-controller/safety/safety-controller.h

@@ -75,9 +75,9 @@ void safety_controller_init(void);
 /**
  * @brief Handle the safety controller.
  * @note This function must be executed periodically in order to prevent the watchdog from resetting the firmware
- * @return 0 if successful
+ * @returns Worst flag weigth that is currently set.
  */
-int safety_controller_handle(void);
+enum config_weight safety_controller_handle(void);
 
 /**
  * @brief Report one or multiple errors to the safety controller
@@ -267,13 +267,6 @@ int safety_controller_set_overtemp_limit(float over_temperature);
  */
 float safety_controller_get_overtemp_limit(void);
 
-/**
- * @brief Perform a CRC check of the flash memory and set appropriate flags
- * @return negative if internal error occured. Otherwise (independent from CRC check result) 0.
- * @note This function requires the safety controller to be set up before!
- */
-int safety_controller_trigger_flash_crc_check(void);
-
 /**
  * @brief Recalculate the CRC of a given CRC Monitor. This has to be done once the supervised registers update
  * @param mon Monitor to recalculate

stm-firmware/include/reflow-controller/safety/safety-memory.h

@@ -24,6 +24,7 @@
 #include <stdint.h>
 #include <stddef.h>
 #include <stdbool.h>
+#include <reflow-controller/safety/safety-config.h>
 
 /** @addtogroup safety-memory
  * @{
@@ -131,15 +132,6 @@ enum config_override_entry_type {
 	SAFETY_MEMORY_CONFIG_OVERRIDE_PERSISTENCE = 2,
 };
 
-/**
- * @brief Weights of error flags.
- */
-enum config_weight {
-	SAFETY_FLAG_CONFIG_WEIGHT_NONE = 0, /**< @brief This flag has no global error consequence, but might be respected by certain software modules. */
-	SAFETY_FLAG_CONFIG_WEIGHT_PID = 1, /**< @brief This flag will force a stop of the temperature PID controller */
-	SAFETY_FLAG_CONFIG_WEIGHT_PANIC = 2, /**< @brief This flag will trigger the panic mode */
-};
-
 /**
  * @brief representation of a config override memory entry
  */

stm-firmware/main.c

@@ -286,6 +286,7 @@ int main(void)
 	shellmatta_handle_t shell_handle;
 	int menu_wait_request;
 	uint64_t quarter_sec_timestamp = 0ULL;
+	enum config_weight worst_safety_flag = SAFETY_FLAG_CONFIG_WEIGHT_NONE;
 
 	/** - Setup all the peripherals and external componets like LCD, EEPROM etc. and the safety controller */
 	setup_system();
@@ -312,7 +313,7 @@ int main(void)
 		 *  it is tried to load it from SD card.
 		 */
 		if (systick_ticks_have_passed(quarter_sec_timestamp, 250)) {
-			led_set(1, 0);
+			led_set(1u, 0);
 			sd_old = sd_card_mounted;
 			sd_card_mounted = mount_sd_card_if_avail(sd_card_mounted);
 
@@ -325,6 +326,14 @@ int main(void)
 				}
 			}
 
+			/* Check if any flags are present, that disable the PID controller. Blink
+			 * LED 0 in this case
+			 */
+			if (worst_safety_flag >= SAFETY_FLAG_CONFIG_WEIGHT_PID)
+				led_set(0u, led_get(0u) ? 0 : 1);
+			else
+				led_set(0u, 0);
+
 			quarter_sec_timestamp = systick_get_global_tick();
 		}
 
@@ -338,7 +347,7 @@ int main(void)
 		temp_profile_executer_handle();
 
 		/** - Handle the safety controller. This must be called! Otherwise a watchdog reset will occur */
-		safety_controller_handle();
+		worst_safety_flag = safety_controller_handle();
 
 		/** - If the Oven PID controller is running, we handle its sample function */
 		if (oven_pid_get_status() == OVEN_PID_RUNNING)

stm-firmware/safety/flash-crc-struct.c

@@ -0,0 +1,31 @@
+/* Reflow Oven Controller
+*
+* Copyright (C) 2022  Mario Hüttel <mario.huettel@gmx.net>
+*
+* This file is part of the Reflow Oven Controller Project.
+*
+* The reflow oven controller is free software: you can redistribute it and/or modify
+* it under the terms of the GNU General Public License version 2 as
+* published by the Free Software Foundation.
+*
+* The Reflow Oven Control Firmware is distributed in the hope that it will be useful,
+* but WITHOUT ANY WARRANTY; without even the implied warranty of
+* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+* GNU General Public License for more details.
+*
+* You should have received a copy of the GNU General Public License
+* along with the reflow oven controller project.
+* If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include <reflow-controller/safety/flash-crc-struct.h>
+#include <helper-macros/helper-macros.h>
+
+const struct flash_crcs IN_SECTION(.flashcrc) crcs_in_flash = {
+	.start_magic = 0xA8BE53F9UL,
+	.crc_section_ccm_data = 0UL,
+	.crc_section_text = 0UL,
+	.crc_section_data = 0UL,
+	.crc_section_vectors = 0UL,
+	.end_magic = 0xFFA582FFUL,
+};

stm-firmware/safety/flash-crc.c

@@ -0,0 +1,152 @@
+/* Reflow Oven Controller
+*
+* Copyright (C) 2022  Mario Hüttel <mario.huettel@gmx.net>
+*
+* This file is part of the Reflow Oven Controller Project.
+*
+* The reflow oven controller is free software: you can redistribute it and/or modify
+* it under the terms of the GNU General Public License version 2 as
+* published by the Free Software Foundation.
+*
+* The Reflow Oven Control Firmware is distributed in the hope that it will be useful,
+* but WITHOUT ANY WARRANTY; without even the implied warranty of
+* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+* GNU General Public License for more details.
+*
+* You should have received a copy of the GNU General Public License
+* along with the reflow oven controller project.
+* If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include <reflow-controller/safety/flash-crc.h>
+#include <reflow-controller/safety/flash-crc-struct.h>
+#include <reflow-controller/safety/safety-controller.h>
+#include <stm-periph/crc-unit.h>
+
+extern const uint32_t __ld_vectors_start;
+extern const uint32_t __ld_vectors_end;
+extern const uint32_t __ld_text_start;
+extern const uint32_t __ld_text_end;
+
+extern const uint32_t __ld_sdata_ccm;
+extern const uint32_t __ld_edata_ccm;
+extern const uint32_t __ld_load_ccm_data;
+
+extern const uint32_t __ld_sdata;
+extern const uint32_t __ld_edata;
+extern const uint32_t __ld_load_data;
+
+
+int flash_crc_trigger_check(void)
+{
+	int ret = -1;
+	int res;
+	int any_err = 0;
+	uint32_t crc;
+
+	/* Perform CRC check over vector table */
+	res = flash_crc_calc_section(FLASH_CRC_VECTOR, &crc);
+	if (res || crc != flash_crc_get_expected_crc(FLASH_CRC_VECTOR))
+		safety_controller_report_error(ERR_FLAG_FLASH_CRC_CODE);
+	any_err |= res;
+
+	/* Perform CRC check over text section */
+	res = flash_crc_calc_section(FLASH_CRC_TEXT, &crc);
+	if (res || crc != flash_crc_get_expected_crc(FLASH_CRC_TEXT))
+		safety_controller_report_error(ERR_FLAG_FLASH_CRC_CODE);
+	any_err |= res;
+
+	/* Perform CRC check over data section */
+	res = flash_crc_calc_section(FLASH_CRC_DATA, &crc);
+	if (res || crc != flash_crc_get_expected_crc(FLASH_CRC_DATA))
+		safety_controller_report_error(ERR_FLAG_FLASH_CRC_DATA);
+	any_err |= res;
+
+	/* Perform CRC check over ccm data section */
+	res = flash_crc_calc_section(FLASH_CRC_CCMDATA, &crc);
+	if (res || crc != flash_crc_get_expected_crc(FLASH_CRC_CCMDATA))
+		safety_controller_report_error(ERR_FLAG_FLASH_CRC_DATA);
+	any_err |= res;
+
+	if (!any_err)
+		ret = 0;
+
+	return ret;
+}
+
+int flash_crc_calc_section(enum flash_crc_section sec, uint32_t *crc_result)
+{
+	uint32_t len;
+	const uint32_t *startptr;
+	const uint32_t *endptr;
+	const uint32_t *load_addr = NULL;
+
+	if (!crc_result)
+		return -1002;
+
+	switch (sec) {
+	case FLASH_CRC_VECTOR:
+		startptr = &__ld_vectors_start;
+		endptr = &__ld_vectors_end;
+		break;
+	case FLASH_CRC_TEXT:
+		startptr = &__ld_text_start;
+		endptr = &__ld_text_end;
+		break;
+	case FLASH_CRC_DATA:
+		startptr = &__ld_sdata;
+		endptr = &__ld_edata;
+		load_addr = &__ld_load_data;
+		break;
+	case FLASH_CRC_CCMDATA:
+		startptr = &__ld_sdata_ccm;
+		endptr = &__ld_edata_ccm;
+		load_addr = &__ld_load_ccm_data;
+		break;
+	default:
+		return -1001;
+	}
+
+	len = (uint32_t)((void *)endptr - (void *)startptr);
+	if (!load_addr)
+		load_addr = startptr;
+
+	/* Not a multiple of 32bit words long. Cannot calculate CRC in this case! */
+	if (len % 4)
+		return -1;
+
+	/* Calculate word count */
+	len /= 4;
+
+	/* Reset CRC and calculate over data range */
+	crc_unit_reset();
+	crc_unit_input_array(load_addr, len);
+	*crc_result = crc_unit_get_crc();
+
+	return 0;
+}
+
+uint32_t flash_crc_get_expected_crc(enum flash_crc_section sec)
+{
+	uint32_t crc;
+
+	switch (sec) {
+	case FLASH_CRC_VECTOR:
+		crc = crcs_in_flash.crc_section_vectors;
+		break;
+	case FLASH_CRC_TEXT:
+		crc = crcs_in_flash.crc_section_text;
+		break;
+	case FLASH_CRC_DATA:
+		crc = crcs_in_flash.crc_section_data;
+		break;
+	case FLASH_CRC_CCMDATA:
+		crc = crcs_in_flash.crc_section_ccm_data;
+		break;
+	default:
+		crc = 0xFFFFFFFFul;
+		break;
+	}
+
+	return crc;
+}

stm-firmware/safety/safety-controller.c

@@ -43,6 +43,7 @@
 #include <stm-periph/rcc-manager.h>
 #include <reflow-controller/temp-converter.h>
 #include <reflow-controller/adc-meas.h>
+#include <reflow-controller/safety/flash-crc.h>
 #include <reflow-controller/periph-config/safety-adc-hwcfg.h>
 
 /**
@@ -154,15 +155,6 @@ struct overtemp_config {
 	uint32_t crc;
 };
 
-struct flash_crcs {
-	uint32_t start_magic;
-	uint32_t crc_section_text;
-	uint32_t crc_section_data;
-	uint32_t crc_section_ccm_data;
-	uint32_t crc_section_vectors;
-	uint32_t end_magic;
-};
-
 struct crc_monitor_register {
 	const volatile void *reg_addr;
 	uint32_t mask;
@@ -364,6 +356,10 @@ static void set_overtemp_config(float over_temperature)
 	safety_controller_overtemp_config.crc = crc_unit_get_crc();
 }
 
+/**
+ * @brief Check the overtemperature config structure's CRC
+ * @return true if check failed. false if CRC check successful
+ */
 static bool over_temperature_config_check(void)
 {
 	if (safety_controller_overtemp_config.crc_dummy_seed != 0xA4F5C7E6UL)
@@ -910,7 +906,7 @@ void safety_controller_init(void)
 	/* This is usually done by the safety memory already. But, since this module also uses the CRC... */
 	crc_unit_init();
 
-	safety_controller_trigger_flash_crc_check();
+	flash_crc_trigger_check();
 	stack_check_init_corruption_detect_area();
 
 	hw_rev = get_pcb_hardware_version();
@@ -1113,12 +1109,15 @@ static void safety_controller_do_systick_checking(void)
  * is set, the appropriate action defined by the flag weight is executed.
  * @note If no flag weigth is present for a given error flag, it is treated as the most critical category
  * (@ref SAFETY_FLAG_CONFIG_WEIGHT_PANIC)
+ *
+ * @returns Worst config weight set
  */
-static void safety_controller_handle_weighted_flags(void)
+static enum config_weight safety_controller_handle_weighted_flags(void)
 {
 	uint32_t flag_index;
 	volatile struct error_flag *current_flag;
 	enum config_weight flag_weigth;
+	enum config_weight worst = SAFETY_FLAG_CONFIG_WEIGHT_NONE;
 
 	for (flag_index = 0u; flag_index < COUNT_OF(flags); flag_index++) {
 		current_flag = &flags[flag_index];
@@ -1128,6 +1127,11 @@ static void safety_controller_handle_weighted_flags(void)
 			continue;
 
 		flag_weigth = get_flag_weight(current_flag);
+
+		/* Override the worst flag weigt set, if it is worse than the previous ones */
+		if (flag_weigth > worst)
+			worst = flag_weigth;
+
 		switch (flag_weigth) {
 		case SAFETY_FLAG_CONFIG_WEIGHT_NONE:
 			break;
@@ -1143,6 +1147,8 @@ static void safety_controller_handle_weighted_flags(void)
 		}
 
 	}
+
+	return worst;
 }
 
 #ifndef DEBUGBUILD
@@ -1152,9 +1158,9 @@ static void external_watchdog_toggle(void)
 }
 #endif
 
-int safety_controller_handle(void)
+enum config_weight safety_controller_handle(void)
 {
-	int ret = 0;
+	enum config_weight worst_weight_set;
 #ifndef DEBUGBUILD
 	static uint32_t watchdog_counter = 0UL;
 #endif
@@ -1164,9 +1170,10 @@ int safety_controller_handle(void)
 	safety_controller_handle_memory_checks();
 	safety_controller_do_systick_checking();
 	safety_controller_process_monitor_checks();
-	safety_controller_handle_weighted_flags();
+	worst_weight_set = safety_controller_handle_weighted_flags();
 
-	ret |= watchdog_ack(WATCHDOG_MAGIC_KEY);
+	/* Ignore error here. Will trigger restart anyway */
+	(void)watchdog_ack(WATCHDOG_MAGIC_KEY);
 
 #ifndef DEBUGBUILD
 	if (get_pcb_hardware_version() != HW_REV_V1_2) {
@@ -1177,7 +1184,8 @@ int safety_controller_handle(void)
 		}
 	}
 #endif
-	return (ret ? -1 : 0);
+
+	return worst_weight_set;
 }
 
 int safety_controller_enable_timing_mon(enum timing_monitor monitor, bool enable)
@@ -1438,94 +1446,6 @@ float safety_controller_get_overtemp_limit(void)
 	return safety_controller_overtemp_config.overtemp_deg_celsius;
 }
 
-extern const uint32_t __ld_vectors_start;
-extern const uint32_t __ld_vectors_end;
-extern const uint32_t __ld_text_start;
-extern const uint32_t __ld_text_end;
-
-extern const uint32_t __ld_sdata_ccm;
-extern const uint32_t __ld_edata_ccm;
-extern const uint32_t __ld_load_ccm_data;
-
-extern const uint32_t __ld_sdata;
-extern const uint32_t __ld_edata;
-extern const uint32_t __ld_load_data;
-
-int safety_controller_trigger_flash_crc_check(void)
-{
-	/* This structs needs to be volatile!!
-	 * This prevents the compiler form optimizing out the reads to the crcs which will be patched in later by
-	 * a separate python script!
-	 */
-	static volatile const struct flash_crcs IN_SECTION(.flashcrc) crcs_in_flash = {
-		.start_magic = 0xA8BE53F9UL,
-		.crc_section_ccm_data = 0UL,
-		.crc_section_text = 0UL,
-		.crc_section_data = 0UL,
-		.crc_section_vectors = 0UL,
-		.end_magic = 0xFFA582FFUL,
-	};
-
-	int ret = -1;
-	uint32_t len;
-	uint32_t crc;
-
-	/* Perform CRC check over vector table */
-	len = (uint32_t)((void *)&__ld_vectors_end - (void *)&__ld_vectors_start);
-	if (len % 4) {
-		safety_controller_report_error(ERR_FLAG_FLASH_CRC_CODE);
-	} else {
-		len /= 4;
-		crc_unit_reset();
-		crc_unit_input_array(&__ld_vectors_start, len);
-		crc = crc_unit_get_crc();
-		if (crc != crcs_in_flash.crc_section_vectors)
-			safety_controller_report_error(ERR_FLAG_FLASH_CRC_CODE);
-	}
-
-	/* Perform CRC check over text section */
-	len = (uint32_t)((void *)&__ld_text_end - (void *)&__ld_text_start);
-	if (len % 4) {
-		safety_controller_report_error(ERR_FLAG_FLASH_CRC_CODE);
-	} else {
-		len /= 4;
-		crc_unit_reset();
-		crc_unit_input_array(&__ld_text_start, len);
-		crc = crc_unit_get_crc();
-		if (crc != crcs_in_flash.crc_section_text)
-			safety_controller_report_error(ERR_FLAG_FLASH_CRC_CODE);
-	}
-
-	/* Perform CRC check over data section */
-	len = (uint32_t)((void *)&__ld_edata - (void *)&__ld_sdata);
-	if (len % 4) {
-		safety_controller_report_error(ERR_FLAG_FLASH_CRC_DATA);
-	} else {
-		len /= 4;
-		crc_unit_reset();
-		crc_unit_input_array(&__ld_load_data, len);
-		crc = crc_unit_get_crc();
-		if (crc != crcs_in_flash.crc_section_data)
-			safety_controller_report_error(ERR_FLAG_FLASH_CRC_DATA);
-	}
-
-	/* Perform CRC check over ccm data section */
-	len = (uint32_t)((void *)&__ld_edata_ccm - (void *)&__ld_sdata_ccm);
-	if (len % 4) {
-		safety_controller_report_error(ERR_FLAG_FLASH_CRC_DATA);
-	} else {
-		len /= 4;
-		crc_unit_reset();
-		crc_unit_input_array(&__ld_load_ccm_data, len);
-		crc = crc_unit_get_crc();
-		if (crc != crcs_in_flash.crc_section_ccm_data)
-			safety_controller_report_error(ERR_FLAG_FLASH_CRC_DATA);
-	}
-
-	ret = 0;
-	return ret;
-}
-
 int safety_controller_set_crc_monitor(enum crc_monitor mon, uint32_t password)
 {
 	uint32_t i;

stm-firmware/ui/shell.c

@@ -48,6 +48,7 @@
 #include <stm-periph/option-bytes.h>
 #include <reflow-controller/ui/gui.h>
 #include <reflow-controller/ui/shell-uart.h>
+#include <reflow-controller/safety/flash-crc.h>
 
 #include <stdio.h>
 
@@ -1020,6 +1021,53 @@ shellmatta_retCode_t shell_cmd_set_baud(const shellmatta_handle_t handle, const
 	return SHELLMATTA_OK;
 }
 
+static void shell_print_crc_line(const shellmatta_handle_t handle, const char *name,
+				 uint32_t crc, uint32_t crc_expected)
+{
+	shellmatta_printf(handle, "%-15s0x%08x    0x%08x  [%s]\r\n",
+			  name,
+			  crc,
+			  crc_expected,
+			  crc != crc_expected ? "\e[1;31mERR\e[m" : "\e[32mOK\e[m");
+}
+
+shellmatta_retCode_t shell_cmd_flash_crc(const shellmatta_handle_t handle, const char *args, uint32_t len)
+{
+	(void)args;
+	(void)len;
+	uint32_t crc = 0;
+	uint32_t crc_expected = 0;
+	int res;
+
+	shellmatta_printf(handle, "               Calculated    Expected    State\r\n\r\n");
+
+	res = flash_crc_calc_section(FLASH_CRC_VECTOR, &crc);
+	crc_expected = flash_crc_get_expected_crc(FLASH_CRC_VECTOR);
+	if (res)
+		shellmatta_printf(handle, "Error during calculation!\r\n");
+	shell_print_crc_line(handle, "Vector CRC:", crc, crc_expected);
+
+	res = flash_crc_calc_section(FLASH_CRC_TEXT, &crc);
+	crc_expected = flash_crc_get_expected_crc(FLASH_CRC_TEXT);
+	if (res)
+		shellmatta_printf(handle, "Error during calculation!\r\n");
+	shell_print_crc_line(handle, "Code CRC:", crc, crc_expected);
+
+	res = flash_crc_calc_section(FLASH_CRC_DATA, &crc);
+	crc_expected = flash_crc_get_expected_crc(FLASH_CRC_DATA);
+	if (res)
+		shellmatta_printf(handle, "Error during calculation!\r\n");
+	shell_print_crc_line(handle, "Data CRC:", crc, crc_expected);
+
+	res = flash_crc_calc_section(FLASH_CRC_CCMDATA, &crc);
+	crc_expected = flash_crc_get_expected_crc(FLASH_CRC_CCMDATA);
+	if (res)
+		shellmatta_printf(handle, "Error during calculation!\r\n");
+	shell_print_crc_line(handle, "CCM Data CRC:", crc, crc_expected);
+
+	return SHELLMATTA_OK;
+}
+
 //typedef struct shellmatta_cmd
 //{
 //    char                    *cmd;       /**< command name                           */
@@ -1029,7 +1077,7 @@ shellmatta_retCode_t shell_cmd_set_baud(const shellmatta_handle_t handle, const
 //    shellmatta_cmdFct_t     cmdFct;     /**< pointer to the cmd callack function    */
 //    struct shellmatta_cmd   *next;      /**< pointer to next command or NULL        */
 //} shellmatta_cmd_t;
-static shellmatta_cmd_t cmd[25] = {
+static shellmatta_cmd_t cmd[26] = {
 	{
 		.cmd = "version",
 		.cmdAlias = "ver",
@@ -1229,6 +1277,14 @@ static shellmatta_cmd_t cmd[25] = {
 		.helpText = "Set a new temporary baudrate for the UART",
 		.usageText = "baudrate <new baud>",
 		.cmdFct = shell_cmd_set_baud,
+		.next = &cmd[25],
+	},
+	{
+		.cmd = "flashcrc",
+		.cmdAlias = "fcrc",
+		.helpText = "Calculate the Flash CRCs",
+		.usageText = "flashcrc",
+		.cmdFct = shell_cmd_flash_crc,
 		.next = NULL,
 	},