HOW TO PROGRAM THE ATMEGA328(p) MANUALLY THROUGH SPI
Programming the ATmega328(p) manually can easily be achieved using a standard SPI connection.
By connecting the ATmega to a host MCU through SPI, programming the target can be very easy.
- ChipSelect - Enables programming mode on the target ATmega328(p)
- Issue corresponding commands from host to the target.
- Release ChipSelect
CONNECTIONS
HOST - TARGET
SS/CS RESET
MOSI MOSI
MISO MISO
SCK SCK
V+ V+
GND GND
No external crystal connection is needed. Programming speed is determined by SPI SCK.
ATMEGA328(p) ISP COMMANDS
0xAC EXECUTABLE COMMAND PREFIX
0x20 READ LOW BYTE FROM FLASH
0x28 READ HIGH BYTE FROM FLASH
0x30 READ DEVICE ID INFORMATION
0x40 WRITE LOW BYTE TO FLASH BUFFER
0x48 WRITE HIGH BYTE TO FLASH BUFFER
0x4C TRANSFER BYTES FROM BUFFER TO FLASH AT ADDRESS LOADED INTO 0x40 AND 0x48
0xC0 WRITE BYTE TO EEPROM
0xA0 READ BYTE FROM EEPROM
OPCODE USAGE
STEP 1: Issuing the "Programming Enable" command to the target:
This is the only command the target will acknowledge initially when RESET goes low.
You can enter Programming Mode by sending AC 53 00 00 to the target.
STEP 2: Reading the Device ID from the target after initialization:
The next step is to see if init occured correctly, so we have to read the Device ID from the target.
Device ID can be read by issuing 30 00 00 to the target, and then read one byte back from the
target checking for data first then issuing clock in that order on the bit level.
The Device ID byte should read back as 1E signifying Atmel as the manufacturer.
If the Device ID byte reads as 0x1E, the device is set to be reprogrammed.
If the Device ID byte reads as 0xFF, the device did not initialize properly.
If the Device ID byte reads as 0x00, then the Lock Bits are set and the
device has to be erased first before you can properly read the Device ID.
Send three bytes, then read one byte for a total of four bytes in the sequence.
** Note that each command in Programming Mode is ALWAYS 4 bytes long **
** You can also read flash size using 30 00 01 + read one byte **
** You can also read device family using 30 00 02 + read one byte **
STEP 3: Issuing the Chip Erase Command to Erase the entire contents of Flash and EEPROM:
Before programming can occur, the Flash and EEPROM must be erased at the same time.
This resets all bytes in the physical address space to 0xFF so they can be reprogrammed.
Erasing Flash and EEPROM can be accomplished by issuing AC 80 00 00 to the target.
ALL bytes in Flash and EEPROM become 0xFF.
** ATmega328(p) is only capable of setting individual bits to 0's from 1's during programming **
** The unit can not program bits from 0's to 1's, so the bytes default to 0xFF after format **
STEP 4: Checking to see if the device was formatted properly:
Checking Flash to see if it was formatted properly can be done by issuing
the Read Byte From Flash command. Each address location holds 2 bytes,
a High byte and a Low byte.
aa=SEGMENT or MSB highbyte of address
bb=OFFSET or LSB low byte of address
Example: If the Segment=00 and the Offset=01 then the ADDRESS= 0x0001
To read a low byte from an address in Flash, issue: 20 aa bb then read one byte,
or issue: 20 SEGMENT OFFSET then read one byte.
To read a high byte from an address in Flash, issue: 28 aa bb then read one byte
or issue: 28 SEGMENT OFFSET then read one byte.
Send three bytes, then read one byte for a total of four bytes in the sequence.
If the bytes read are 0xFF, then the device has been formated properly.
The Flash address range is 0x0000 - 0x03FFF or 0-16383 for a total of 16384 memory locations.
** Each address in Flash contains 2 bytes, a Low byte and a High byte **
STEP 5: Writing a byte to Flash after proper Format:
Writing bytes to flash occurs by sending a byte to a high or low location per address in flash.
Writing a low byte to a Flash address is accomplished by issuing 40 SEGMENT OFFSET uint8_t
for a total of four bytes sent to the target from the host.
Writing a high byte to a Flash address is accomplished by issuing 48 SEGMENT OFFSET uint8_t
for a total of four bytes sent to the target from the host.
Physically writing the low and high bytes to the flash from the buffer is done by issuing
the "Write Program Memory Page" command which must be done per address location
after having written the low and high bytes to a single address.
Locking the bytes into Flash memory can be done by issuing 4C SEGMENT OFFSET 00
for a total of four bytes sent to the target MCU.
Simply release the RESET line of the target MCU to end programming mode.
Example 40 00 00 FE 48 00 00 EF 4C 00 00 00 writes EFFE to address 0x0000 in Flash.
Commands are issued one after another without releasing RESET, (which must remain low).
INTERPRETTING INTEL HEX FORMAT
Intel HEX format traditionally looks something like this: :107800000C94343C0C94513C0C94513C0C94513CE1
Understanding the bytes can be done by breaking each line of HEX code into groups like this:
:10 7800 00 0C94343C0C94513C0C94513C0C94513C E1
Each line in this bootloader example begins with a : representing the start of a new line.
The next two chars 0x10 from the example shows how many data bytes are in the line of text.
The next four bytes 0x7800 show the starting address where the code will be written to Flash
with 0x78 as MSB or SEGMENT and 0x00 as LSB or OFFSET for the address.
The next two bytes 0x00 show that the next 16 bytes in the line are plain uint8 data.
This will be written low byte first then high byte in that order until end of file.
Following the data type is a group of 16 bytes beginning with 0x0C ending with 0x3C
0x0C will be written as the low byte using ISP command 0x40 at address 0x7800
0x94 will be written as the high byte using ISP command 0x48 at address 0x7800
Then these bytes are locked into place inside the Flash using ISP command
4C 78 00 00 reflecting the address of the bytes that were issued to the buffer.
0x3C will be written as the high byte using ISP command 0x48 at address 0x7807
This is because the ATmega328(p) holds two bytes per address in Flash unlike
the hex file shows.
The last two chars 0xE1 are the checksum digits for the entire line which can be discarded.
The last two lines in the hex file can be ignored as they will not be written to Flash in any shape, way or form.
The last two lines of code look something like this:
:040000030000780081
:00000001FF
They are not used for AVR, but used for storing instruction and stack pointer addresses in Intel x86 CPU's.
The last line marks the end of file which can be ignored completely.
** Write the low byte, then write the high byte and then lock the bytes into place before writing any bytes to any other address **
** The only address we are interested in is the very first address listed in the hex file, 7800 in this case for bootloader **
** No other address should ever be used as the other addresses do not line up to how the data needs to be written to MCU Flash! **
BOOTLOADERS
ATmega328(p) has four bootloader locations inside it.
They are:
BLS1 - 0x7E00 - 0x7FFF size 0x0200 or 512 bytes
BLS2 - 0x7C00 - 0x7FFF size 0x0400 or 1024 bytes
BLS3 - 0x7800 - 0x7FFF size 0x0800 or 2048 bytes
BLS4 - 0x6FFF - 0x7FFF size 0x1000 or 4096 bytes
Per the example above, this bootloader begins at 0x7800
so we know we'll have to use Bootloader Section 3, BLS3.
This will be the start address where the bootloader code
will reside.
However, all Application Code should be written starting
at address 0x0000 inside the MCU Flash without entering
bootloader space unless the bootloader option is disabled.
Disabling the bootloader can be accomplished by setting [BOOTRST] to 0
which will set the Reset Vector address to 0x0000 during Power-Up.
This way, the bootloader is disabled and your Application Code will still work.
Disabling the bootloader will give your Application Code more space as it
can then fill up the bootloader sections since execution starts at 0x0000.