Downgrade protection works only for the app_core -image-and not for the net-core -image

Hallo,

we are using the nrf5340 and the ncs Version 2.6.1.

I activated the software downgrade protection as described here Downgrade protection (nordicsemi.com)

Then I made some simultaneious FOTA updates (App-image + Net-image) by using the nRF Connect app with different versions.

What I see is that the downngrade protection works for the App-image. It is not possible to update an App-image V2.0.0. with an App-image V1.0.0.

But it is possible to downgrade the Net- image V2.0.0 with the Net-image V1.0.0

How can I activate the downgrade protection also for the net-core ?

 

Best regards,

Georg

Parents Reply Children
  • Hi,

    I set CONFIG_PCD_READ_NETCORE_APP_VERSION=y in nrf\samples\nrf5340\netboot\prj.conf 

    When loooking into MyProject\build\hci_ipc\b0n\zephyr\.config  the CONFIG_PCD_READ_NETCORE_APP_VERSION is commented out.

    The problem (hanging in the do while loop) still exists.

    What to do next ?

    Best regards,

    Georg

  • Hi,

    Ignore my last 2 messages

    After adding CONFIG_PCD_READ_NETCORE_APP_VERSION=y to nrf\samples\nrf5340\netboot\prj.conf I see that `CONFIG_PCD_READ_NETCORE_APP_VERSION is set in hci_ipc/b0n/zephyr/.config 

    Now the application boots and  Mcuboot  doesn't hang in the "do while" loop.

    But downgrade protection doesn't still work for the net core.

    1. APP-Core = V1, NET-Core = V1

    2. Fota Update with V2

    3.  APP-Core = V2, NET-Core = V2

    4. Fota Update with V1 (downgrading)

    5. APP-Core = V2, NET Core= V1

    Best regards,

    Georg

  • Hi, 

    Please try to delete the build folder and build again. It should work. 

    If you don't want to modify anything of the nrf\samples\nrf5340\netboot, you can build the project with this config for netboot(b0n) 

    -Dhci_ipc_b0n_CONFIG_PCD_READ_NETCORE_APP_VERSION=y

    -Amanda H.

  • Hi,

    after deleting the build directory and creating a new V1 zip file and a new V2 zip file I got the same results as described in my last mail.

    1. APP-Core = V1, NET-Core = V1

    2. Fota Update with V2 Zip file

    3.  APP-Core = V2, NET-Core = V2

    4. Fota Update with V1 Zip file (downgrading)

    5. APP-Core = V2, NET Core= V1

    The problem still exists.

    After programming a new Version I always read out the memory of the nrf5340 and checked which version is programmed in the APP-Core and the NET-Core.

    Do you have an example that works ?

    Georg

  • Hi, 

    I add the following code in the main.c of zephyr\samples\bluetooth\hci_ipc\ to get version number:

    	printk("Board config: %s\n", CONFIG_BOARD);
    	printk("CONFIG_FW_INFO_FIRMWARE_VERSION: %d\n", CONFIG_FW_INFO_FIRMWARE_VERSION );
    	printk("build time: " __DATE__ " " __TIME__ "\n");

    I followed your steps to upgrade & downgrade, and got " insufficient version in secondary slot" and reverted to APP-Core = V2, NET-Core = V2 

    1. APP-Core = V1, NET-Core = V1

    2. Fota Update with V2 Zip file

    3.  APP-Core = V2, NET-Core = V2

    4. Fota Update with V1 dfu_application.zip or net_core_app_update.bin file (for downgrading)

    => Got " insufficient version in secondary slot" and reverted to APP-Core = V2, NET-Core = V2

    Here is my test project peripheral_lbs_downProtect.7z for NCS v2.6.1. specify Kconfig file for B0n with CMakeLists.txt.
    West build and flash Command: 

    west build -p -b nrf5340dk_nrf5340_cpuapp -d build_nrf5340dk_nrf5340_cpuapp && west flash --build-dir build_nrf5340dk_nrf5340_cpuapp --recover


    Beware that this code/configuration is not fully tested or qualified and should be considered provided “as-is”. Please test it with your application and let me know if you find any issues.

    -Amanda H.

Related