This is the bootloader used by all Kiibohd designed keyboards. It is based on the McHCK dfu bootloader. Much of the code-base has been rewritten, and it supports nearly all of the DFU features. Including some additional extras required by the Kiibohd infrastructure.
Currently only Freescale/NXP Kinetis MCUs are supported. Porting to other MCUs is doable, but likely a lot of work. See each chip for specific details.
From lsusb -d 1c11: -v while the bootloader is active, look for bcdDevice.
For example:
bcdDevice 2.73
This is a 16 bit hex value (627) which corresponds to the git revision number.
Some devices have additional bootloader features. See each device for specific details.
It is not possible to update the bootloader unless you have an external flashing adapter. Depending on the MCU SWD and/or JTAG are supported. JTAG is much faster than SWD, but requires more pins.
You can find supported adapter configurations on the manufacturing wiki.
The Kiibohd Bootloader supports most (if not all) of the DFU Spec, as well as some additional extra features.
Firmware flashing is known as binary download in DFU terminology.
dfu-util -D <firmware image>Firmware upload is also supported (this means downloading the current firmware image from the device). When doing the upload, the device does not actually understand the size of the file, so the exact size will be the same size as the amount of firmware flash.
dfu-util -U <destination image>Not all versions of the bootloader support firmware uploading.
In order to prevent users from bricking their device, the bootloader section is protected. It can only be overwritten if an external flashing tool is used.
This is to prevent both intentional and unintentional behaviour by the user :D
- mk20dx128vlf5 (8 kB - 2 sectors)
- mk20dx256vlh7 (8 kB - 1 sector)
If you don't want to flash a firmware, but find yourself in bootloader mode, you have two options:
- Unplug and re-plug device
- Run
dfu-util -ewhich calls DFU Detach. This forces a device reset. - Press a dedicated key programmed to reset for the specific device.
- This is usually
Esc.
- This is usually
Bus 003 Device 091: ID 1c11:b007
Device Descriptor:
bLength 18
bDescriptorType 1
bcdUSB 2.00
bDeviceClass 0
bDeviceSubClass 0
bDeviceProtocol 0
bMaxPacketSize0 64
idVendor 0x1c11
idProduct 0xb007
bcdDevice 2.70
iManufacturer 1 Kiibohd
iProduct 2 Infinity_Ergodox
iSerial 3 F421F00070E1000B002B401831374E45 - mk20dx256vlh7
bNumConfigurations 1
Configuration Descriptor:
bLength 9
bDescriptorType 2
wTotalLength 27
bNumInterfaces 1
bConfigurationValue 1
iConfiguration 5 qq
bmAttributes 0x80
(Bus Powered)
MaxPower 100mA
Interface Descriptor:
bLength 9
bDescriptorType 4
bInterfaceNumber 0
bAlternateSetting 0
bNumEndpoints 0
bInterfaceClass 254 Application Specific Interface
bInterfaceSubClass 1 Device Firmware Update
bInterfaceProtocol 2
iInterface 4 Kiibohd DFU
Device Firmware Upgrade Interface Descriptor:
bLength 9
bDescriptorType 33
bmAttributes 11
Will Detach
Manifestation Intolerant
Upload Supported
Download Supported
wDetachTimeout 0 milliseconds
wTransferSize 1024 bytes
bcdDFUVersion 1.01
Device Status: 0x0000
(Bus Powered)
In order to protect the device from malicious firmware after putting the device into flashing mode, the Kiibohd Bootloader supports secure keys. The key must be retrieved from the firmware, it cannot be queried from the bootloader. The key is randomly generated each time the device is reset (including after flashing).
If there is no firmware on the device or you use the physical reset switch, the secure mode is disabled. While secure mode is disabled, the binary file does not need to include a prepended key block (i.e. optional, bootloader can distinguish what a key block is as opposed to random data).
Please refer to Secure DFU for details, including how to add a key to your firmware binary image.
The bootloader has a basic debug UART which outputs some useful information while it's running. You'll need to setup your device for external debugging.
- mk20dx128vlf5 - UART0 (Tx0/Rx0)
- mk20dx256vlh7 - UART2 (Tx2/Rx2)
The bootloader has the ability to query and show the MCU serial number. The serial number is available in both the USB descriptor, as well as in the dfu serial field.
Device and MCU descriptions can also be modified to better distinguish the keyboard while in the bootloader.
If there is an immediate problem with the firmware image, the IRQs are setup such that the bootloader will reset the kebyoard and restart in bootloader mode. This is particularily important if garbage is flashed to the keyboard.
The bootloader will be key-disabled as there was no chance to retrieve a key. This only occurs on a Watch Dog reset, which can only occur in the first few cycles of executing the firmware.
If more data than what is available on the flash device is sent via dfu (DFU spec does not send total file size initially, so this has to be determined after flashing), flashing will fail and return a DFU error.