• State Verified Answer
  • Replies 4 replies
  • Subscribers 74 subscribers
  • Views 858 views
  • Users 0 members are here
Attachments (0)
Nordic Case Info
  • Case ID: 319556
Options
Beware that this post is related to an SDK in maintenance mode
More Info: Consider nRF Connect SDK for new designs

Adding bootloader bonding to existing project.

jbmillard

I'm using nRF52, SDK 17.1.0 on custom hardware.

I am trying to add bonding to the bootloader.  The hardware appears to reboot and immediately restart the application code instead of going into bootloader mode.  

I have followed section five of this post:

https://devzone.nordicsemi.com/guides/short-range-guides/b/software-development-kit/posts/getting-started-with-nordics-secure-dfu-bootloader#h75sjziavjbukzaywg6xlx19np0fm4

I'm able to get the bootloader,settings.hex, application code and soft device installed on our hardware.  

Our application has a command characteristic.  One of the commands we send to our device is to enter the bootloader mode.  It does this with the following code:

sd_power_gpregret_clr(ZRF_DFU_GPREGRET_ID, 0xFFFFFFFF);
sd_power_gpregret_set(ZRF_DFU_GPREGRET_ID, ZRF_DFU_GPREGRET_MASK);
sd_nvic_SystemReset();

(this code is a bit abridged as the error handling is not shown).  This works when not using the bonded bootloader.

I think the bonded bootloader is not working because there is no explicit sharing of the bonding information (e.g. no call to nrf_dfu_set_peer_data()).  

The problem I'm having is trying to add the DFU bonding code (e.g. ble_dfu_bonding.c) to the project.  I consistently get errors of unknown types:

  Compiling ‘ble_dfu.c’
  Compiling ‘ble_dfu_bonded.c’
    nrf_dfu_ble_svci_bond_sharing.h
    ble_dfu_bonded.c
    unknown type name 'nrf_dfu_set_peer_data_svci_async_t'
    in definition of macro 'SVCI_DECL'
    in expansion of macro 'SVCI_1'
    in expansion of macro 'SVCI_IMPLI'
    in expansion of macro 'SVCI_IMPL'
    in expansion of macro 'SVCI'
    in expansion of macro 'NRF_SVCI_ASYNC_FUNC_DEFINE'
    unknown type name 'nrf_dfu_set_peer_data_svci_async_t'
    in definition of macro 'SVCI_1'
    in expansion of macro 'SVCI_IMPLI'
    in expansion of macro 'SVCI_IMPL'
    in expansion of macro 'SVCI'
    in expansion of macro 'NRF_SVCI_ASYNC_FUNC_DEFINE'
    nrf_dfu_ble_svci_bond_sharing.h
    ble_dfu_bonded.c
    unknown type name 'nrf_dfu_set_peer_data_svci_async_t'
    in definition of macro 'NRF_SVCI_ASYNC_FUNC_DEFINE'
    implicit declaration of function 'nrf_dfu_set_peer_data_svci_async_init'; did you mean 'nrf_dfu_set_peer_data_init'? [-Wimplicit-function-declaration]
    in definition of macro 'NRF_SVCI_ASYNC_FUNC_DEFINE'
    request for member 'async_func' in something not a structure or union
    in expansion of macro 'NRF_SVCI_ASYNC_FUNC_DEFINE'
    request for member 'state' in something not a structure or union
    in expansion of macro 'NRF_SVCI_ASYNC_FUNC_DEFINE'
    request for member 'sys_evt_handler' in something not a structure or union
    in expansion of macro 'NRF_SVCI_ASYNC_FUNC_DEFINE'
    request for member 'state' in something not a structure or union
    in expansion of macro 'NRF_SVCI_ASYNC_FUNC_DEFINE'
    request for member 'async_func' in something not a structure or union
    in expansion of macro 'NRF_SVCI_ASYNC_FUNC_DEFINE'
    request for member 'sys_evt_handler' in something not a structure or union
    in expansion of macro 'NRF_SVCI_ASYNC_FUNC_DEFINE'
    'nrf_dfu_peer_data_t' has no member named 'ble_id'
    'nrf_dfu_peer_data_t' has no member named 'enc_key'
    'SYSTEM_SERVICE_ATT_SIZE' undeclared (first use in this function)
    each undeclared identifier is reported only once for each function it appears in
    'nrf_dfu_peer_data_t' has no member named 'sys_serv_attr'
Build failed

I have added the following directories to my project include path:

./components/libraries/bootloader
./components/libraries/bootloader/ble_dfu
./components/libraries/bootloader/dfu

with no luck.  

How do I get this functionality included so I can share the peer data?

Thanks.

Parents
  • 0

    Hi,

    For the specific error, you can refer to this post. Other than that, I suggest you refer to the Buttonless DFU Template Application, as this demonstrate DFU both with and wihtout bonding by just changin the value of NRF_DFU_BLE_REQUIRES_BONDS in sdk_config.h. You could also set NRF_DFU_BLE_REQUIRES_BONDS to 1 in the bootloader's sdk_config.h to prevent any other devices from connecting while in DFU mode.

    I would like to ask why you want to use DFU with bonds? That introduces a few pittfalls (like how to handle a situation where the device is put in DFU mode, then the user delets the bonding information from the phone). Also, using bonding for DFU does not add much to the security. For isntance, you can modify the buttonless DFU service to requier a encrypted connection to put the device in DFU mode (by changing the security of the buttonless DFU characteristic), but still don't requier bonding for performign DFU. That way, an attacker will not be able to enter DFU mode. While in DFU mode an attacker could potentially connect instead of the legitimate user, but the time window is short, and as the firmware is signed, he/she will still not be able to program firmware that was not signed by you.

Reply
  • 0

    Hi,

    For the specific error, you can refer to this post. Other than that, I suggest you refer to the Buttonless DFU Template Application, as this demonstrate DFU both with and wihtout bonding by just changin the value of NRF_DFU_BLE_REQUIRES_BONDS in sdk_config.h. You could also set NRF_DFU_BLE_REQUIRES_BONDS to 1 in the bootloader's sdk_config.h to prevent any other devices from connecting while in DFU mode.

    I would like to ask why you want to use DFU with bonds? That introduces a few pittfalls (like how to handle a situation where the device is put in DFU mode, then the user delets the bonding information from the phone). Also, using bonding for DFU does not add much to the security. For isntance, you can modify the buttonless DFU service to requier a encrypted connection to put the device in DFU mode (by changing the security of the buttonless DFU characteristic), but still don't requier bonding for performign DFU. That way, an attacker will not be able to enter DFU mode. While in DFU mode an attacker could potentially connect instead of the legitimate user, but the time window is short, and as the firmware is signed, he/she will still not be able to program firmware that was not signed by you.

Children
  • 0 in reply to Einar Thorsrud

    The Buttonless DFU Template Application (which I've looked at before) doesn't include the file ble_dfu_bonded.c so it would have to be added which puts in the same place.

    I just wanted to try the bonded DFU update.  I will admit, we're not really worried that much about security.  We're trying to find a way to manage peripherals so we bonded the peripherals to the iOS device and I wanted to see if a bonded DFU update would make it easier to restart the device and stay connected.  I agree with the pitfalls.  I'm almost to the point of skipping bonding altogether (DFU or normal operation) because I keep finding instances where I need to remove bonding information from the flash and no way to do it with the current hardware.

  • 0 in reply to jbmillard

    Hi,

    jbmillard said:
    The Buttonless DFU Template Application (which I've looked at before) doesn't include the file ble_dfu_bonded.c so it would have to be added which puts in the same place.

    That is odd, it should be there in the SDK we distribute, and we generate example hex files of this project with and without bonding with the only difference being the define I mentionned before. Which SDK version are you using and which exact project?

  • +1 in reply to Einar Thorsrud

    We have decided to not use bonding so this issue is OBE.

Related
Terms of service