How provision partition is used in net core bootloader ?

Hi, 

Does b0n verify net core image signature before booting ?

Yes, the B0 bootloader does verify the signature of the image before booting. This is part of the image verification process that ensures the integrity of the image. The bootloader checks if the image was signed with a private key that corresponds to the embedded KEYHASH TLV. If the verification is successful, the bootloader boots the new version of the application. Otherwise, the old version is used. See this post. 

2. who uses provision partition here and how  https://github.com/nrfconnect/sdk-nrf/blob/main/samples/nrf5340/netboot/pm.yml#L9 ?

See the description in the comitt https://github.com/nrfconnect/sdk-nrf/commit/c1e274659d0c4998e70e984dbdd6a4d35cd43333 

3. validation_data.py seems to add signature and public key at the end of binary. does b0n read that verify ?

Yes, see my colleague's answer in this post. 

4. If I exclude provision.hex from merged_CPUNET.hex board isn't booting. but If I remove b0n_container.hex and signed_by_b0_app.hex , network core boots OK

Any special reason to exclude provision.hex from merged_CPUNET.hex if you want to sign with the key? See Provisioning doc.

What would you want to achieve?

Regards,
Amanda H.

Hello Amanda,

Thanks for helping on this. Adding more context, We use MCUBoot for appcore and b0n for netcore. We use https://github.com/zephyrproject-rtos/zephyr/tree/main/samples/bluetooth/hci_ipc  sample for our netcore and since MCUBoot and Secure Boot is enabled, It includes b0n ( netboot sample ). We use NCS SDK v2.6.0.

Flash layout of net core

0x1000000 - b0n / netboot 

0x1008580 - provision.hex 

0x1008800 - bt_hci sample

1. Why validation_data.py includes public key in image footer in this code when provision.hex already has the public key ?

2. I am able to boot net core with vanilla zephyr.hex . So It doesn't look like b0n is verifying signature or even HASH. Could you please point me to exact code that verifies the HASH ? Note in following command I excluded signed_by_b0_app.hex.

python3 scripts/build/mergehex.py -o build/hci_ipc/zephyr/merged_CPUNET.hex  \
        --overlap=replace \
        build/hci_ipc/b0n/zephyr/zephyr.hex \
        build/hci_ipc/zephyr/provision.hex \
        build/hci_ipc/zephyr/zephyr.hex	

Thanks,

Darshan 

It doesn't validate on boot, it validates when it's doing a firmware update. See https://github.com/nrfconnect/sdk-nrf/blob/ba9c078075e43bc9e06a64668bd9439f1670c7d1/samples/nrf5340/netboot/src/main.c#L66