• State Not Answered
  • Replies 7 replies
  • Subscribers 74 subscribers
  • Views 814 views
  • Users 0 members are here
Attachments (0)
Nordic Case Info
  • Case ID: 329603
Options

BLE DFU with encrypted images in MCUBoot

Simen Eilevstjonn

We are trying to setup image encryption in our nRF build, for use with BLE DFU.

I see that this is not supported by Nordic, but that there is support for it in MCUBoot. There exists an example from Hellevik that we followed: https://github.com/hellesvik-nordic/samples_for_nrf_connect_sdk/tree/main/bootloader_samples/keys_and_signatures/mcuboot_smp_encryption

Using this example, we get encryption to work, with the compiler reporting the correct key file, but when attempting DFU, it just reports as failed.

From my understanding, the encryption is done using an ephemeral AES key, which is encrypted with a public key. The bootloader should hence have the private key.

I could not find that key in merged.hex, so I suspect it is not included.

The example used UART DFU, is there a difference here that requires other configuration?

I also saw another question regarding using encrypted images with a two stage bootloader, which we are using. It was said that it is not supported, but is there a difference between that and using only MCUBoot?

Parents
  • 0

    Hello,

    I wanted to let you know that I have been assigned to this case and have started looking into it. Could you please share which SDK version and Nordic chip you are using? You mentioned it is reporting as failed; could you share the entire log with the error message you are receiving?

    I could not find that key in merged.hex, so I suspect it is not included.

    The private key is not included in the merged.hex file that contains the firmware image and other application data to prevent it from being exposed or accidentally included in the production firmware image.

    I recommend looking at the section on signature_keys for further insights.

    Kind Regards,

    Abhijith

Reply
  • 0

    Hello,

    I wanted to let you know that I have been assigned to this case and have started looking into it. Could you please share which SDK version and Nordic chip you are using? You mentioned it is reporting as failed; could you share the entire log with the error message you are receiving?

    I could not find that key in merged.hex, so I suspect it is not included.

    The private key is not included in the merged.hex file that contains the firmware image and other application data to prevent it from being exposed or accidentally included in the production firmware image.

    I recommend looking at the section on signature_keys for further insights.

    Kind Regards,

    Abhijith

Children
Related
Terms of service