• State Not Answered
  • Replies 19 replies
  • Subscribers 67 subscribers
  • Views 504 views
  • Users 0 members are here
Attachments (0)
Nordic Case Info
  • Case ID: 330920
Options

Downgrade protection works only for the app_core -image-and not for the net-core -image

Georg

Hallo,

we are using the nrf5340 and the ncs Version 2.6.1.

I activated the software downgrade protection as described here Downgrade protection (nordicsemi.com)

Then I made some simultaneious FOTA updates (App-image + Net-image) by using the nRF Connect app with different versions.

What I see is that the downngrade protection works for the App-image. It is not possible to update an App-image V2.0.0. with an App-image V1.0.0.

But it is possible to downgrade the Net- image V2.0.0 with the Net-image V1.0.0

How can I activate the downgrade protection also for the net-core ?

 

Best regards,

Georg

Parents
  • 0

    Hi, 

    Do you test the MCUBoot version by adjusting CONFIG_MCUBOOT_HW_DOWNGRADE_PREVENTION_COUNTER_VALUE?

    How do you check the version number? You can check the version by 

    imgtool verify build/zephyr/net_core_app_update.bin

    Regards,
    Amanda H.

  • 0 in reply to Amanda Hsieh

    Hi,

    I checked the version information by looking into the header of the net_core_app update.bin file.  

    Here are the configuration switches which I have added to activate the downgrade prevention:

    CONFIG_BOOT_VERSION_CMP_USE_BUILD_NUMBER=y
    CONFIG_MCUBOOT_DOWNGRADE_PREVENTION=y

    In the build configuration I added:

    -DSB_CONFIG_MCUBOOT_MODE_OVERWRITE_ONLY=y

    And  there is also a VERSION file which looks like this:

    Some additional information:

    We are using a serial external flash to store the secondary images of the app-core and the net-core.

    After making an simultaineious update by using dfu_application.zip it seems that the header ifnormation of the net_core_app_update.bin is corrupt when lokking into the memory of the nrf5340-net-core. So there is no version information any more.

    When looking into the memory of the app-core the header information seems to be ok 

    Best regards,

    Georg

Reply
  • 0 in reply to Amanda Hsieh

    Hi,

    I checked the version information by looking into the header of the net_core_app update.bin file.  

    Here are the configuration switches which I have added to activate the downgrade prevention:

    CONFIG_BOOT_VERSION_CMP_USE_BUILD_NUMBER=y
    CONFIG_MCUBOOT_DOWNGRADE_PREVENTION=y

    In the build configuration I added:

    -DSB_CONFIG_MCUBOOT_MODE_OVERWRITE_ONLY=y

    And  there is also a VERSION file which looks like this:

    Some additional information:

    We are using a serial external flash to store the secondary images of the app-core and the net-core.

    After making an simultaineious update by using dfu_application.zip it seems that the header ifnormation of the net_core_app_update.bin is corrupt when lokking into the memory of the nrf5340-net-core. So there is no version information any more.

    When looking into the memory of the app-core the header information seems to be ok 

    Best regards,

    Georg

Children
  • 0 in reply to Georg

    Please use CONFIG_MCUBOOT_HW_DOWNGRADE_PREVENTION_COUNTER_VALUE for the MCUBoot version control, and then check by 

    imgtool verify build/zephyr/net_core_app_update.bin

  • 0 in reply to Amanda Hsieh

    Hi,

    I added the "CONFIG_MCUBOOT_HW_DOWNGRADE_PREVENTION_COUNTER_VALUE =20" in the mcu_boot.conf. But this does not solve the problem.

    I read out the version of the net_core_update bin and I see the correct version.

    Is there a tool to read out the version of the current programmed app-/net-image in the nrf5340 ?

    Now I want to describe what I am doing in detail.

    I have 4 bin files:

    app_update.bin Version V1.0 let's call it appV1

    net_core_app_update.bin Version V1.0 lets call it netV1

    app_update.bin Version V2.0 let's call it appV2

    net_core_app_update.bin Version V2.0 lets call it netV2

    and there are 2 zip files

    dfu_application.zip Version V1.0 let’s call it zipV1 containing appV1 and netV1

    dfu_application.zip Version V2.0 let’s call it zipV2 containing appV2 and netV2

    1.  When starting the nrf 5340 is programmed with the appV1 and the netV1 images.
    2. Then I transferred the zipV2 to my mobile and made a firmware update over bluetooth with the
      nrf connect app.Now the nrf 5340 is programmed with the appV2 and the netV2 images. Everything is ok.
    3. I do step 2 with zipV1
    4. Now the nrf 5340 is programmed with the appV2 and netV1 images. This is the problem, the downgrade prevention works for the app-core but not for the net-core. The net-core was downgraded.
    5. step 2 with zipV2
    6. Now the nrf 5340 is programmed with the appV2 and the netV2 images. Everything is ok.
    7. step 2 with netV1
    8. Now the nrf 5340 is programmed with the appV2 and netV2 images. The downgrade prevention works for the net-core when transferring a single bin-file instead of a zip file.

    What to do to get the downgrade prevention working for net-core in combination with a zip-file firmware update ?

    Best regard,

    Georg

  • 0 in reply to Georg

    Hi, 

    Georg said:
    Is there a tool to read out the version of the current programmed app-/net-image in the nrf5340 ?

    You can read the image version with the nRF Device app or get the version number in the code.  

    Georg said:
    Now the nrf 5340 is programmed with the appV2 and netV1 images. This is the problem, the downgrade prevention works for the app-core but not for the net-core. The net-core was downgraded.

    How do you check the version on the netcore?

    -Amanda H.

  • 0 in reply to Amanda Hsieh

    Hi Amanda,

    thank you for your answer.

    When looking in the google play store I can't find the nRF Device app.

    There is a nRF Device Manager app but here I can't find the option to read out the version.

    Which app do you mean?

    To get different versions for the net-image I added a version string in the main program of the net-core-image like this:

    After updating the device I read out the memory of the nrf5340 (with the Programmer) and check the version string like this:

    What I found out during debugging is that the version of the net image get lost when MCUboot transfers the net-core-image from the secondary slot to the primary slot. The version information which is placed in the header of the net_core_app_update.bin image is not programmed into the net core (primary slot). MCUboot assumes that the version of the net-core-image is 0.0.0, this means that downgrade prevention doesn’t work.

    See the function boot_read_image_header_hook_in the file nrf_hooks.c

    int boot_read_image_header_hook_(int img_index, int slot, struct image_header *img_head)
{
	if (img_index == 1 && slot == 0) {
		img_head->ih_magic = IMAGE_MAGIC;
		img_head->ih_hdr_size = PM_MCUBOOT_PAD_SIZE;
		img_head->ih_load_addr = PM_MCUBOOT_PRIMARY_1_ADDRESS;
		img_head->ih_img_size = PM_CPUNET_APP_SIZE;
		img_head->ih_flags = 0;
		img_head->ih_ver.iv_major = 0;
		img_head->ih_ver.iv_minor = 0;
		img_head->ih_ver.iv_revision = 0;
		img_head->ih_ver.iv_build_num = 0;
		img_head->_pad1 = 0;
		return 0;
	}

	return BOOT_HOOK_REGULAR;
}

    Best regards,

    Georg


  • 0 in reply to Georg

    Hi, 

    Sorry, it's nRF Connect Device Manager

    Thanks for finding the root cause. I will report to the internal. 

    -Amanda H.

Related