• State Not Answered
  • Replies 18 replies
  • Subscribers 74 subscribers
  • Views 1905 views
  • Users 0 members are here
Attachments (1) Download All
Nordic Case Info
  • Case ID: 321056
Options

Questions about SDFU implentation and security

i_4556

Hello and thanks for reading,

We are developing for the NRF5340 and one of the features we are very excited about is the OTA firmware updates via the SDFU.

I have followed the instructions here :  Add DFU support to your application and things seem to be working in that the correct services appear when I then look using the NRF app.

I have not yet been able to fully test DFU, because every time I try the app crashes to the homescreen. This is unfortunate; it looks to me like a problem with the mobile app, hopefully it gets fixed soon.

In the meantime, I have two questions about SDFU.

Firstly, does the bootloader perform a full chip erase when new firmware is loaded? Like if I use the DFU to upload a new firmware that is substantially smaller in size, is there a bunch of old code in flash waiting to be stolen?

Secondly, is there any way to tell the NRF to only accept firmware images that are signed or otherwise authenticated? I assume there must be, could you provide me a link to a guide or example or something of how to implement that?

Thank you very much!

  • 0

    Hi,

    I have not yet been able to fully test DFU, because every time I try the app crashes to the homescreen. This is unfortunate; it looks to me like a problem with the mobile app, hopefully it gets fixed soon.

    Which phone are you using?

    Are you using the nRF Connect Device Manager app?

    Which NCS version and sample are you using?

    In NCS v2.5.1, you could enable the DFU function with "CONFIG_NCS_SAMPLE_MCUMGR_BT_OTA_DFU=y" in the peripheral_lbs sample.

    Firstly, does the bootloader perform a full chip erase when new firmware is loaded?

    No, it would swap the image with the current and new image. See my colleague's explanation in https://github.com/hellesvik-nordic/samples_for_nrf_connect_sdk/tree/main/bootloader_samples/smp#firmware-update 

    Secondly, is there any way to tell the NRF to only accept firmware images that are signed or otherwise authenticated?

    See my colleague's explanation in https://github.com/hellesvik-nordic/samples_for_nrf_connect_sdk/tree/main/bootloader_samples/keys_and_signatures

    Regards,
    Amanda H.

  • 0 in reply to Amanda Hsieh

    Thank you for your reply. I am using an Iphone 12 running IOS 16.6. I am using the NRF connect app on the phone. I am using SDK 2.5.0, and per the example simply added

    CONFIG_BOOTLOADER_MCUBOOT=y
    CONFIG_NCS_SAMPLE_MCUMGR_BT_OTA_DFU=y

    to my proj.config file for my existing codebase.

    If the firmware just swaps the images, what is to stop a malicious actor uploading firmware that then dumps the old code out the serial port or otherwise bypasses readback protections? I assume the only solution is, as described in your second link, I need to add keys or something to block those uploads in the first place?

    Regarding the second link, is there anything special I need to know because I am using the nrf5340 with its seperate BLE processor, or will I still be able to use the code broadly as shown?

    Thank you!

  • 0 in reply to i_4556

    Hi, 

    i_4556 said:
    Thank you for your reply. I am using an Iphone 12 running IOS 16.6. I am using the NRF connect app on the phone. I am using SDK 2.5.0, and per the example simply added

    Does it work with your iPhone now? Could you test with peripheral_lbs? Does peripheral_lbs also make the app crash or does it only happen with your code? Could you provide the project?

    i_4556 said:
    If the firmware just swaps the images, what is to stop a malicious actor uploading firmware that then dumps the old code out the serial port or otherwise bypasses readback protections? I assume the only solution is, as described in your second link, I need to add keys or something to block those uploads in the first place?

    That's true. 

    i_4556 said:
    Regarding the second link, is there anything special I need to know because I am using the nrf5340 with its seperate BLE processor, or will I still be able to use the code broadly as shown?

    The setting is the same as other chips to set the configs in child_image/mcuboot.conf

    -Amanda H.

  • 0 in reply to Amanda Hsieh

    Hello and thank you for your reply. I have made no real progress in trying to get this to work. As a workaround I have tried installing the DFU app on my iphone. That also doesnt work; when I try to select the .zip package, I get an "invalid manifest" error.

    I figured at this point I might as well try to advance the project on my own, and implemented the code from this example: https://github.com/hellesvik-nordic/samples_for_nrf_connect_sdk/tree/main/bootloader_samples/keys_and_signatures/mcuboot_smp_custom_key this way only our company will be able to push new firmware to our device. I have added the example's .config and CMakeLists changes, and the mcuboot.conf changes.

    I then tried using my coworker's android phone. This also doesnt work; although it doesnt crash immediately like on my iphone, it also doesnt work. It tries to update and gets stuck on the "Connecting" stage.

    I cannot provide my entire project, but I can provide the .config files and other files like that if that helps.

    I will test with the LBS and report back.

    EDIT: tested with the LBS and just adding the two CONFIGs from the first example, and did not work with android or iphone, With iphone I still have the crash to the home-screen, and with android it looks like it worked but nothing actually happens on the device, the firmware is not updated.

    EDIT2: I re-tested with the peripheral hids mouse sample, as I have already gotten this working on my device, and the OTA update in the simplest case worked on android. I will re-test on IOS, and then we just need to get signed keys working, and figure out why it doesnt seem to want to work on my main app.

    EDIT3: Still broken with IOS, app crashes when I try to update.

  • 0 in reply to i_4556

    It's good to know it works with the Android phone now. Please be aware that the mcuboot will not do anything if you upload an unmodified file.  

    I can reproduce the issue with iOS and check with the team now. I will be back if I have any updates from the team. 

Related
Terms of service