USB Library
Flash Signature

The flash signature feature is a robustness/recoverability feature, which is particularly useful for applications that are not using an I/O pin for entry into the bootloader mode, and instead rely on entry into the bootloader only by software from the application firmware image. 

Consider the following situation:

  1. User boots up microcontroller and begins running application image.
  2. User runs special PC application (or something similar) that sends command to the application image, to switch into the bootloader mode.
  3. Firmware executes a goto 0x001C jump straight into the bootloader mode (via software entry).
  4. User starts an erase/program/verify sequence using the PC GUI program for bootloading new application firmware images.
  5. The firmware erases some or all of the application flash contents.
  6. Before the flash has been reprogrammed with the new values, the user unplugs the USB cable and/or AC power is lost to the entire system.
At this point, the application would normally be permanently “bricked” (unless the user plugs in a conventional ICSP programmer like the MPLAB ICD3), since the application image would be corrupt or missing, and that may have been the only method for receiving the command to jump into bootloader mode. 

The above scenario can however be made recoverable, through the use of a “flash signature” process. 

The flash signature is a special program memory word that gets programmed (only after the entire erase/program/verify process is completed successfully) with a magic/known value. This value, when present and correctly programmed at the magic address with the proper value, indicates to the bootloader code that the application firmware image is fully intact. 

A typical (successful) bootloading sequence, that uses a flash signature, would be as follows:

  1. User boots up microcontroller, which first checks the flash signature word is intact, with the correct/expected value.
    1. Assuming the value is correct, this implies that the application image is intact, and the code jumps into the application firmware run mode.
  2. User runs special PC application or something that sends command to the application image, to switch into the bootloader mode.
  3. Firmware executes a goto 0x001C jump straight into the bootloader mode.
  4. User starts an erase/program/verify sequence using the PC GUI program for bootloading new firmware images.
  5. The firmware begins erasing pages of flash memory. Special care is taken in the implementation to ensure that the flash signature word is located on the very first flash erase page that gets erased.
  6. After total erasure of the application image is complete, the PC GUI sends commands to reprogram the entire application firmware space with the new image.
  7. The PC GUI performs a full verify read back of the flash contents, and verifies that every address contains exactly the correct values from the hex file.
  8. Assuming the entire “verify” operation is successful, the PC GUI sends a “sign flash” command to the bootloader firmware.
  9. The bootloader firmware programs the special/magic known value into the special/fixed signature address.
At this point the bootloading process is complete. Upon rebooting the microcontroller, the bootup code checks the flash signature address to verify that the contents of that flash memory word contain the correct/expected flash signature value.
  1. If the value matches the correct/expected value, this implies that the previous erase/program/verify sequence was fully successful, and therefore, it is safe to jump into and begin executing the application firmware image.
  2. If the value does not match (ex: the flash signature word contains an invalid or erased value, like 0xFFFF), then the bootup code knows that the previous erase/program/verify sequence failed at some point, and therefore, the bootup code makes sure to stay in bootload mode, allowing the PC GUI application to connect to the firmware and perform another attempt to erase/program/verify/sign flash sequence.

NOTE: In order for the flash signature feature to fully protect the application from bricking in the event of USB cable disconnect and/or lost AC power, it is necessary for the flash signature word to be located on the very first erase page during the erase sequence, and must also be the very last portion of the program memory that gets re-programmed, only after the rest of the program/verify sequence has been fully completed successfully.
In the current implementation, the flash signature word is located within the application program memory space, at a specific fixed address. For PIC18 devices, the default address for the flash signature word is 0x1006 (and 1007 for the MSB). For PIC16 devices, the address for the flash signature word is 0x900. 
MLA - USB Library Help Version : 2.16
http://www.microchip.com/mla