• State Not Answered
  • Replies 18 replies
  • Subscribers 74 subscribers
  • Views 1924 views
  • Users 0 members are here
Attachments (1) Download All
Nordic Case Info
  • Case ID: 321056
Options

Questions about SDFU implentation and security

i_4556

Hello and thanks for reading,

We are developing for the NRF5340 and one of the features we are very excited about is the OTA firmware updates via the SDFU.

I have followed the instructions here :  Add DFU support to your application and things seem to be working in that the correct services appear when I then look using the NRF app.

I have not yet been able to fully test DFU, because every time I try the app crashes to the homescreen. This is unfortunate; it looks to me like a problem with the mobile app, hopefully it gets fixed soon.

In the meantime, I have two questions about SDFU.

Firstly, does the bootloader perform a full chip erase when new firmware is loaded? Like if I use the DFU to upload a new firmware that is substantially smaller in size, is there a bunch of old code in flash waiting to be stolen?

Secondly, is there any way to tell the NRF to only accept firmware images that are signed or otherwise authenticated? I assume there must be, could you provide me a link to a guide or example or something of how to implement that?

Thank you very much!

  • 0 in reply to i_4556

    Interesting but mixed results.

    I started by making the changes in the sandbox, basically the nrf mouse example we have been playing around with. I change the CMakeLists to include

    if (EXISTS "K/path_to_key/key_priv.pem")
    set(mcuboot_CONFIG_BOOT_SIGNATURE_KEY_FILE \"K/path_to_key/key_priv.pem\")
    set(mcuboot_CONFIG_BOOT_ENCRYPTION_KEY_FILE \"K/path_to_key/key_priv.pem\")
    else()
    add_compile_definitions(USING_DEV_KEY)
    set(mcuboot_CONFIG_BOOT_SIGNATURE_KEY_FILE \"${CMAKE_CURRENT_SOURCE_DIR}/keys/dev_ec256_priv.pem\")
    set(mcuboot_CONFIG_BOOT_ENCRYPTION_KEY_FILE \"${CMAKE_CURRENT_SOURCE_DIR}/keys/dev_ec256_priv.pem\")
    endif()

    And in the nrf mouse example that worked fine.

    I then tried moving everything to my main project with all the real code, and its not working.

    Here is my entire CmakeList from the main project:

    cmake_minimum_required(VERSION 3.20.0)
find_package(Zephyr REQUIRED HINTS $ENV{ZEPHYR_BASE})
project(none)

#check for key file
if (EXISTS "K/release_key/key.pem")
set(mcuboot_CONFIG_BOOT_SIGNATURE_KEY_FILE \"K/release_key/key.pem\")
set(mcuboot_CONFIG_BOOT_ENCRYPTION_KEY_FILE \"K/release_key/key.pem\")
else()
add_compile_definitions(USING_DEV_KEY)
set(mcuboot_CONFIG_BOOT_SIGNATURE_KEY_FILE \"${CMAKE_CURRENT_SOURCE_DIR}/keys/dev_ec256_priv.pem\")
set(mcuboot_CONFIG_BOOT_ENCRYPTION_KEY_FILE \"${CMAKE_CURRENT_SOURCE_DIR}/keys/dev_ec256_priv.pem\")
endif()

ADD_CUSTOM_COMMAND(TARGET app
   PRE_BUILD
   COMMAND python ${CMAKE_CURRENT_SOURCE_DIR}/version_control_hook.py
)

FILE(GLOB app_sources src/*.c*)

target_sources(app PRIVATE ${app_sources})

    Instead, it reverts to the keys in the NRF folder.

    Do you have any suggestions for what im doing wrong?

  • 0 in reply to i_4556
    i_4556 said:
    And in the nrf mouse example that worked fine.

    Good. Seems the CmakeList works as expected. 

    i_4556 said:
    Instead, it reverts to the keys in the NRF folder.

    That means it cannot find the key as the path in the CmakeList. 

    Please check if the key file exists or if the key path is correct. 

  • 0 in reply to Amanda Hsieh

    And just like that its working! Thanks for all your help!

Related
Terms of service