This YouTube video has a great idea for firmware updates over non-trivial protocols:
- Include a reasonably sized amount of memory on a device
- Have the regular application code receive a firmware update using its already present protocol stack, and write it to that memory
- When an update has been successfully received and the time is right, jump into the boot loader section in program memory, and
- have the boot loader program access the intermediate memory through a simple interface, and do the application section update
As I already have specified 64kB of I2C EEPROM on the bus logic board (BLB), this looks like a great solution to my problem of doing firmware updates once the boards are installed.
Because the BLB's microcontroller has 128kB of program memory, however, I will change that specification to include not 64kB, but 512kB of EEPROM, so that there is enough room to store device configuration (which was the reason for integrating external EEPROM in the first place), a firmware upgrade waiting to be written to the microcontroller flash, and a fall-back firwmare image to use in case the upgrade image turns out to be broken.
The risk of a broken update, however, can be minimized: There is hardware support for CRC checking integrated in the microcontroller I use on the BLB (ATxmega128A1U), so if I manage to calculate the same CRC in software on the control computer, and transmit it together with the update image, the BLB should be able to validate updates before trying to apply them.