Downgrade protection works only for the app_core -image-and not for the net-core -image

Hallo,

we are using the nrf5340 and the ncs Version 2.6.1.

I activated the software downgrade protection as described here Downgrade protection (nordicsemi.com)

Then I made some simultaneious FOTA updates (App-image + Net-image) by using the nRF Connect app with different versions.

What I see is that the downngrade protection works for the App-image. It is not possible to update an App-image V2.0.0. with an App-image V1.0.0.

But it is possible to downgrade the Net- image V2.0.0 with the Net-image V1.0.0

How can I activate the downgrade protection also for the net-core ?

 

Best regards,

Georg

Parents Reply
  • Hi, 

    To enable the netcore downgrade protection use FW_INFO_FIRMWARE_VERSION and add the following kconfigs:

    mcuboot.conf under child_image folder:

    CONFIG_FW_INFO=y
    CONFIG_PCD_APP=y
    CONFIG_PCD_READ_NETCORE_APP_VERSION=y

    hci_ipc.conf under child_image folder:

    CONFIG_FW_INFO_FIRMWARE_VERSION=2


    b0n.conf under child_image folder:
    CONFIG_PCD_READ_NETCORE_APP_VERSION=y

    -Amanda H.

Children
  • Hi Amanda,

    thank you for your answer and sorry for my late reply.

    Up to now I didn't a have file b0n.conf . So I created this file with only this entry. 

    CONFIG_PCD_READ_NETCORE_APP_VERSION=y

    I tried your solution but get some errors during build.

    -- west build: generating a build system
    Loading Zephyr default modules (Zephyr base).
    -- Application: C:/Projekte/BleCan_CAB11A
    -- CMake version: 3.21.0
    -- Found Python3: C:/ncs/toolchains/cf2149caf2/opt/bin/python.exe (found suitable version "3.9.13", minimum required is "3.8") found components: Interpreter
    -- Cache files will be written to: C:/DevTools/ncs/v2.6.1/zephyr/.cache
    -- Zephyr version: 3.5.99 (C:/DevTools/ncs/v2.6.1/zephyr)
    CMake Error at C:/DevTools/ncs/v2.6.1/zephyr/cmake/modules/version.cmake:76 (math):
    math cannot parse the expression: "(2 << 16) + ( << 8) + (0)": syntax
    error, unexpected exp_SHIFTLEFT (16).
    Call Stack (most recent call first):
    C:/DevTools/ncs/v2.6.1/zephyr/cmake/modules/zephyr_default.cmake:129 (include)
    C:/DevTools/ncs/v2.6.1/zephyr/share/zephyr-package/cmake/ZephyrConfig.cmake:66 (include)
    C:/DevTools/ncs/v2.6.1/zephyr/share/zephyr-package/cmake/ZephyrConfig.cmake:92 (include_boilerplate)
    CMakeLists.txt:14 (find_package)


    CMake Error at C:/DevTools/ncs/v2.6.1/zephyr/cmake/modules/version.cmake:77 (math):
    math cannot parse the expression: "(2 << 24) + ( << 16) + (0 << 8) +
    (2408081002)": syntax error, unexpected exp_SHIFTLEFT (16).
    Call Stack (most recent call first):
    C:/DevTools/ncs/v2.6.1/zephyr/cmake/modules/zephyr_default.cmake:129 (include)
    C:/DevTools/ncs/v2.6.1/zephyr/share/zephyr-package/cmake/ZephyrConfig.cmake:66 (include)
    C:/DevTools/ncs/v2.6.1/zephyr/share/zephyr-package/cmake/ZephyrConfig.cmake:92 (include_boilerplate)
    CMakeLists.txt:14 (find_package)

    Best regards,

    Georg

    • Hi,

      the problem with the error is solved.

      After flashing the software with the additional config switches, our software doesn't boot any more

      It seems that the software hangs in the bootoloader.

       

      Rest regards,

      Georg

  • Hi, 

    the program hangs  in the "do while" loop  of the function: network_core_pcd_cmdset in the file pcd.c

    The command_status is PCD_STATUS_READ_VERSION

    tatic int network_core_pcd_cmdset(uint32_t cmd, const void *src_addr, size_t len, bool wait)
    {
    	int err;
    	enum pcd_status command_status;
    
    	/* Ensure that the network core is turned off */
    	nrf_reset_network_force_off(NRF_RESET, true);
    
    	err = pcd_cmd_write(cmd, src_addr, len, PCD_NET_CORE_APP_OFFSET);
    	if (err != 0) {
    		LOG_INF("Error while writing PCD cmd: %d", err);
    		return err;
    	}
    
    	enum pcd_status initial_command_status = pcd_fw_copy_status_get();
    
    	nrf_reset_network_force_off(NRF_RESET, false);
    	LOG_INF("Turned on network core");
    
    	if (!wait) {
    		return 0;
    	}
    
    	do {
    		/* Wait for 1 second to avoid issue where network core
    		 * is unable to write to shared RAM.
    		 */
    		k_busy_wait(1 * USEC_PER_SEC);
    
    		command_status = pcd_fw_copy_status_get();
    	} while (command_status == initial_command_status);
    

    Best regards,

    Georg

  • Did you add CONFIG_PCD_READ_NETCORE_APP_VERSION for b0n? This option must be enabled in APP, MCUboot, and b0n configuration (when b0n is not configured, than application hangs after reboot).

  • Hi,

    this is what I added to the config files to activate the downgrade protection in complete.

    mcuboot.conf under child_image folder:

    CONFIG_BOOT_VERSION_CMP_USE_BUILD_NUMBER=y

    CONFIG_MCUBOOT_DOWNGRADE_PREVENTION=y

    CONFIG_FW_INFO=y
    CONFIG_PCD_APP=y
    CONFIG_PCD_READ_NETCORE_APP_VERSION=y

    hci_ipc.conf under child_image folder:

    CONFIG_FW_INFO_FIRMWARE_VERSION=2

    b0n.conf under child_image folder:

    CONFIG_PCD_READ_NETCORE_APP_VERSION=y

    prj.conf:

    CONFIG_FW_INFO=y
    CONFIG_PCD_APP=y
    CONFIG_PCD_READ_NETCORE_APP_VERSION=y

    Since my last mail, I added only the 3 config switches in the prj.conf file.

    The application doesn't boot and the mcuboot hangs in the loop as described above.

    Best regards,

    Georg

Related