Hi there,
I'm currently working on the firmware versioning and the downgrade protection for an nRF5340 with NCS 2.6.0.
The firmware consists of:
App Core |-- build |-- McuBoot |-- TFM --- B0 Net Core |-- HCI_IPC --- B0n
I currently have a specific prj.conf file for the main application, the McuBoot and the HCI_IPC.
The version number is set in the "Version" file according to Zephyr.
The main prj.conf file has the following enabled:
# Downgrade Protection CONFIG_SB_MONOTONIC_COUNTER=y CONFIG_SB_NUM_VER_COUNTER_SLOTS=20 CONFIG_MCUBOOT_HARDWARE_DOWNGRADE_PREVENTION=y CONFIG_MCUBOOT_HW_DOWNGRADE_PREVENTION_COUNTER_SLOTS=240 CONFIG_MCUBOOT_HW_DOWNGRADE_PREVENTION_COUNTER_VALUE=1
I far as I understand from here, these are the only settings I have to take, in order that the downgrade prevention is active and they should be passed on to the sub-images like B0 and McuBoot.
However, I can up- and downgrade with the application "Device Manager" and "nRF Connect" for Android as much as I want without any protection.
Is there something else to consider?
Kind regards,
Patrick