Encrypted FW update with MCUboot fails.

RE: Encrypted FW update with MCUboot fails.

sn0wst0rm — Wed, 11 Jun 2025 22:48:59 GMT

Hello,

I am trying to update my device with an encrypted firmware, using dual stage bootloader configuration. I think that my problem is the same as the one described by OP, but I don't understand if there's actually a way to perform encrypted updates or not. If I try to send the update image via mcumgr, and then reboot the device, MCUBoot never starts the swap process but neither logs any error. If I try to use the only signed version of the update everything works as expected.

Is there any way around this, since encrypted image support is also stated in official ncs sdk documentation?

RE: Encrypted FW update with MCUboot fails.

Vidar Berg — Tue, 22 Oct 2024 12:35:23 GMT

Hi,

The statement I made in the linked thread is still true: "Encrypted DFU is feature we do not officially support in our SDK, even though it is made available through the mcuboot project." But as demonstrated by the sample I provided in Using MCUBoot with nRF5340 it is possible to enable encrypted dfu if you configure the bootloader for simultaneously DFU of app and netcore.

RE: Encrypted FW update with MCUboot fails.

Torsten Robitzki — Tue, 22 Oct 2024 12:31:18 GMT

Hi Vidar,

Is this still the case? https://docs.nordicsemi.com/bundle/ncs-2.7.99-cs2/page/mcuboot/encrypted_images.html somehow suggests, that there should be support. Albei, it does not document, how to enable it to get encrypted images as a build target.

RE: Encrypted FW update with MCUboot fails.

dairup — Fri, 31 May 2024 10:05:02 GMT

Thank you for quick reply. Missed that comment somehow...

Regards

RE: Encrypted FW update with MCUboot fails.

Vidar Berg — Fri, 31 May 2024 09:28:04 GMT

That explains it. The reset vector check is an addition in our MCUBoot fork to help determine where the update image belongs:

/* Patch needed for NCS. Since image 0 (the app) and image 1 (the other

* B1 slot S0 or S1) share the same secondary slot, we need to check

* whether the update candidate in the secondary slot is intended for

* image 0 or image 1 primary by looking at the address of the reset

* vector. Note that there are good reasons for not using img_num from

* the swap info.

The problem is that this patch does not take encryption into account. This would have worked if you had not included the b0 bootloader with the additional s0 and s1 slots.

RE: Encrypted FW update with MCUboot fails.

dairup — Fri, 31 May 2024 09:22:31 GMT

[quote userid="4240" url="~/f/nordic-q-a/111701/encrypted-fw-update-with-mcuboot-fails/486831"]Are you using the MCUBoot as the 2nd stage bootloader in your application?[/quote]

Yes I am.

RE: Encrypted FW update with MCUboot fails.

Vidar Berg — Fri, 31 May 2024 09:17:19 GMT

Hello,

We don't officially support encrypted DFU in our SDK ( RE: nRF52840 + NCS + MCUBoot, CC310-enabled image encryption? ), so we don't have any test coverage for it either. Are you using the MCUBoot as the 2nd stage bootloader in your application?

Best regards,

Vidar