Skip to content

DFU Firmware Upgrade

robertfisk edited this page Mar 12, 2017 · 6 revisions

Here's how to install new firmware on a USG without using a JTAG adapter, using the built-in DFU (Device Firmware Upgrade) protocol.

Security notice: This upgrade process uses a DFU bootloader built into the USG's microcontrollers by the manufacturer, ST Microelectronics. There is a remote chance that this bootloader (or the DFU upgrade software) is malicious, so do not perform this firmware upgrade on a sensitive computer.

However, do run this upgrade on a clean computer. You don't want any nasties sneaking into your USG!

You will need...

One "USB A male to male" cable. It should look like this, with a plug at both ends. You can find them on Ebay or your favorite local website. This cable is required to program the downstream half of the USG. The upstream side connects through the regular USB A-type plug or cable.

And one of the following DFU programmers:

  1. Recommended: dfu-util. Linux version available from major distribution repositories, Windows version from the releases page, Mac version via Homebrew ("brew install dfu-util") or from MacPorts.

  2. ST's DfuSe programmer. This is a Windows-only application, and free registration is required to download. I have not tested this option!

Download and Verify Firmware

Find the firmware you want on the releases page. Make sure you choose the correct release for your hardware: v0.9 or v1.0. Download the two .bin files (upstream and downstream) attached to the release.

As a minimal check, verify the firmware's sha256sums against the release notes:

sha256sum *.bin

xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx Downstream_X.XrXX.bin yyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyy Upstream_X.XrXX.bin

...where the filenames "X.XrXX" contain the hardware revision and release number.

Ideally, you should verify the sha256sums against the git tag signed by the developer's PGP key!

Enter DFU mode - DIY v0.9 Hardware

Upstream H405 board:

Change the "BOOT0" jumper from low "L" to high "H" with a soldering iron. Connect the H405 board to your computer with the regular USB cable.

Downstream H407 board:

Change the "BOOT0" jumper from "0" to "1". Connect the H407 to your computer with your new male-male USB cable.

However this will not supply power to the board, so also connect the Upstream board with the regular USB cable to provide 5V power.

However (however) if Upstream (the H405) is still in DFU mode (BOOT0 set to "H") you now have two DFU devices and much confusion about which one you should be programming. So either change Upstream's BOOT0 back to "L", or provide power through a 5V cellphone charger instead of your computer.

Don't forget to change BOOT0 back to the "L" or "0" position when you're done!

Enter DFU mode - v1.0 Hardware

Open the case with a blunt knife or other flat instrument:

Hold down the blue "BOOT_USB" button while connecting the USG to your computer, then release the button. To program the Upstream processor, connect the USG directly. To program the Downstream processor, use your new male-male USB cable.

Program the Firmware

Confirm that you have one DFU device attached to your computer:

sudo dfu-util -l

You should see four internal regions of one device:

Found DFU: [0483:df11] ver=2200, devnum=4, cfg=1, intf=0, path="2-1", alt=3, name="@Device Feature/0xFFFF0000/01004 e", serial="xxxxxxxxxxxxxx"
Found DFU: [0483:df11] ver=2200, devnum=4, cfg=1, intf=0, path="2-1", alt=2, name="@OTP Memory /0x1FFF7800/01
512 e,01016 e", serial="xxxxxxxxxxxxxx"
Found DFU: [0483:df11] ver=2200, devnum=4, cfg=1, intf=0, path="2-1", alt=1, name="@Option Bytes /0x1FFFC000/01
016 e", serial="xxxxxxxxxxxxxx"
Found DFU: [0483:df11] ver=2200, devnum=4, cfg=1, intf=0, path="2-1", alt=0, name="@Internal Flash /0x08000000/04016Kg,01064Kg,07*128Kg", serial="xxxxxxxxxxxxxx"

Program the firmware (choose Upstream_X.XrXX.bin or Downstream_X.XrXX.bin as appropriate):

sudo dfu-util -a 0 -s 0x08000000 -D Upstream_X.XrXX.bin

...where "-a 0" means alternate region 0 (internal flash), and 0x0800000 is the start address of flash memory. You should see a successful transfer:

...
DFU mode device DFU version 011a
Device returned transfer size 2048
DfuSe interface name: "Internal Flash "
Downloading to address = 0x08000000, size = 32962
Download [=========================] 100% 32962 bytes
Download done.
File downloaded successfully

Then disconnect the USG, and repeat the operation on the other side. Remember to switch jumpers or press the "BOOT_USB" button as appropriate to enter DFU mode.

When programming DIY v0.9 hardware, don't forget to change BOOT0 back to the "L" or "0" position when you're done!