Downgrade protection works only for the app_core -image-and not for the net-core -image

Hi, 

Do you test the MCUBoot version by adjusting CONFIG_MCUBOOT_HW_DOWNGRADE_PREVENTION_COUNTER_VALUE?

How do you check the version number? You can check the version by 

imgtool verify build/zephyr/net_core_app_update.bin

Regards,
Amanda H.

Hi,

I checked the version information by looking into the header of the net_core_app update.bin file.  

Here are the configuration switches which I have added to activate the downgrade prevention:

CONFIG_BOOT_VERSION_CMP_USE_BUILD_NUMBER=y
CONFIG_MCUBOOT_DOWNGRADE_PREVENTION=y

In the build configuration I added:

-DSB_CONFIG_MCUBOOT_MODE_OVERWRITE_ONLY=y

And  there is also a VERSION file which looks like this:

Some additional information:

We are using a serial external flash to store the secondary images of the app-core and the net-core.

After making an simultaineious update by using dfu_application.zip it seems that the header ifnormation of the net_core_app_update.bin is corrupt when lokking into the memory of the nrf5340-net-core. So there is no version information any more.

When looking into the memory of the app-core the header information seems to be ok 

Best regards,

Georg

Hi,

I added the "CONFIG_MCUBOOT_HW_DOWNGRADE_PREVENTION_COUNTER_VALUE =20" in the mcu_boot.conf. But this does not solve the problem.

I read out the version of the net_core_update bin and I see the correct version.

Is there a tool to read out the version of the current programmed app-/net-image in the nrf5340 ?

Now I want to describe what I am doing in detail.

I have 4 bin files:

app_update.bin Version V1.0 let's call it appV1

net_core_app_update.bin Version V1.0 lets call it netV1

app_update.bin Version V2.0 let's call it appV2

net_core_app_update.bin Version V2.0 lets call it netV2

and there are 2 zip files

dfu_application.zip Version V1.0 let’s call it zipV1 containing appV1 and netV1

dfu_application.zip Version V2.0 let’s call it zipV2 containing appV2 and netV2

1.  When starting the nrf 5340 is programmed with the appV1 and the netV1 images.
2. Then I transferred the zipV2 to my mobile and made a firmware update over bluetooth with the
   nrf connect app.Now the nrf 5340 is programmed with the appV2 and the netV2 images. Everything is ok.
3. I do step 2 with zipV1
4. Now the nrf 5340 is programmed with the appV2 and netV1 images. This is the problem, the downgrade prevention works for the app-core but not for the net-core. The net-core was downgraded.
5. step 2 with zipV2
6. Now the nrf 5340 is programmed with the appV2 and the netV2 images. Everything is ok.
7. step 2 with netV1
8. Now the nrf 5340 is programmed with the appV2 and netV2 images. The downgrade prevention works for the net-core when transferring a single bin-file instead of a zip file.

What to do to get the downgrade prevention working for net-core in combination with a zip-file firmware update ?

Best regard,

Georg

Hi, 

Georg said:

Is there a tool to read out the version of the current programmed app-/net-image in the nrf5340 ?

You can read the image version with the nRF Device app or get the version number in the code.  

Georg said:

Now the nrf 5340 is programmed with the appV2 and netV1 images. This is the problem, the downgrade prevention works for the app-core but not for the net-core. The net-core was downgraded.

How do you check the version on the netcore?

-Amanda H.

Hi Amanda,

thank you for your answer.

When looking in the google play store I can't find the nRF Device app.

There is a nRF Device Manager app but here I can't find the option to read out the version.

Which app do you mean?

To get different versions for the net-image I added a version string in the main program of the net-core-image like this:

After updating the device I read out the memory of the nrf5340 (with the Programmer) and check the version string like this:

What I found out during debugging is that the version of the net image get lost when MCUboot transfers the net-core-image from the secondary slot to the primary slot. The version information which is placed in the header of the net_core_app_update.bin image is not programmed into the net core (primary slot). MCUboot assumes that the version of the net-core-image is 0.0.0, this means that downgrade prevention doesn’t work.

See the function boot_read_image_header_hook_in the file nrf_hooks.c

int boot_read_image_header_hook_(int img_index, int slot, struct image_header *img_head)
{
	if (img_index == 1 && slot == 0) {
		img_head->ih_magic = IMAGE_MAGIC;
		img_head->ih_hdr_size = PM_MCUBOOT_PAD_SIZE;
		img_head->ih_load_addr = PM_MCUBOOT_PRIMARY_1_ADDRESS;
		img_head->ih_img_size = PM_CPUNET_APP_SIZE;
		img_head->ih_flags = 0;
		img_head->ih_ver.iv_major = 0;
		img_head->ih_ver.iv_minor = 0;
		img_head->ih_ver.iv_revision = 0;
		img_head->ih_ver.iv_build_num = 0;
		img_head->_pad1 = 0;
		return 0;
	}

	return BOOT_HOOK_REGULAR;
}

Best regards,

Georg

Hi, 

Sorry, it's nRF Connect Device Manager. 

Thanks for finding the root cause. I will report to the internal. 

-Amanda H.

Hi just wanted to add that we just found the same issue so can confirm a reproducible offender. 

Hi just wanted to add that we just found the same issue so can confirm a reproducible offender. 

Hi,

thank you.

I hope you find a solution because we want to use this feature in our product.

Best regards,

Georg

I will update if the team has anything. 

Hi, 

To enable the netcore downgrade protection use FW_INFO_FIRMWARE_VERSION and add the following kconfigs:

mcuboot.conf under child_image folder:

CONFIG_FW_INFO=y
CONFIG_PCD_APP=y
CONFIG_PCD_READ_NETCORE_APP_VERSION=y

hci_ipc.conf under child_image folder:

CONFIG_FW_INFO_FIRMWARE_VERSION=2

b0n.conf under child_image folder:
CONFIG_PCD_READ_NETCORE_APP_VERSION=y

-Amanda H.

Hi Amanda,

thank you for your answer and sorry for my late reply.

Up to now I didn't a have file b0n.conf . So I created this file with only this entry. 

CONFIG_PCD_READ_NETCORE_APP_VERSION=y

I tried your solution but get some errors during build.

-- west build: generating a build system
Loading Zephyr default modules (Zephyr base).
-- Application: C:/Projekte/BleCan_CAB11A
-- CMake version: 3.21.0
-- Found Python3: C:/ncs/toolchains/cf2149caf2/opt/bin/python.exe (found suitable version "3.9.13", minimum required is "3.8") found components: Interpreter
-- Cache files will be written to: C:/DevTools/ncs/v2.6.1/zephyr/.cache
-- Zephyr version: 3.5.99 (C:/DevTools/ncs/v2.6.1/zephyr)
CMake Error at C:/DevTools/ncs/v2.6.1/zephyr/cmake/modules/version.cmake:76 (math):
math cannot parse the expression: "(2 << 16) + ( << 8) + (0)": syntax
error, unexpected exp_SHIFTLEFT (16).
Call Stack (most recent call first):
C:/DevTools/ncs/v2.6.1/zephyr/cmake/modules/zephyr_default.cmake:129 (include)
C:/DevTools/ncs/v2.6.1/zephyr/share/zephyr-package/cmake/ZephyrConfig.cmake:66 (include)
C:/DevTools/ncs/v2.6.1/zephyr/share/zephyr-package/cmake/ZephyrConfig.cmake:92 (include_boilerplate)
CMakeLists.txt:14 (find_package)

CMake Error at C:/DevTools/ncs/v2.6.1/zephyr/cmake/modules/version.cmake:77 (math):
math cannot parse the expression: "(2 << 24) + ( << 16) + (0 << 8) +
(2408081002)": syntax error, unexpected exp_SHIFTLEFT (16).
Call Stack (most recent call first):
C:/DevTools/ncs/v2.6.1/zephyr/cmake/modules/zephyr_default.cmake:129 (include)
C:/DevTools/ncs/v2.6.1/zephyr/share/zephyr-package/cmake/ZephyrConfig.cmake:66 (include)
C:/DevTools/ncs/v2.6.1/zephyr/share/zephyr-package/cmake/ZephyrConfig.cmake:92 (include_boilerplate)
CMakeLists.txt:14 (find_package)

Best regards,

Georg

• Hi,

  the problem with the error is solved.

  After flashing the software with the additional config switches, our software doesn't boot any more

  It seems that the software hangs in the bootoloader.

   

  Rest regards,

  Georg