• State Verified Answer
  • Replies 28 replies
  • Answers 1 answer
  • Subscribers 69 subscribers
  • Views 1527 views
  • Users 0 members are here
Attachments (1) Download All
Nordic Case Info
  • Case ID: 330920
Options

Downgrade protection works only for the app_core -image-and not for the net-core -image

Georg

Hallo,

we are using the nrf5340 and the ncs Version 2.6.1.

I activated the software downgrade protection as described here Downgrade protection (nordicsemi.com)

Then I made some simultaneious FOTA updates (App-image + Net-image) by using the nRF Connect app with different versions.

What I see is that the downngrade protection works for the App-image. It is not possible to update an App-image V2.0.0. with an App-image V1.0.0.

But it is possible to downgrade the Net- image V2.0.0 with the Net-image V1.0.0

How can I activate the downgrade protection also for the net-core ?

 

Best regards,

Georg

Parents
  • 0

    Hi, 

    Do you test the MCUBoot version by adjusting CONFIG_MCUBOOT_HW_DOWNGRADE_PREVENTION_COUNTER_VALUE?

    How do you check the version number? You can check the version by 

    imgtool verify build/zephyr/net_core_app_update.bin

    Regards,
    Amanda H.

  • 0 in reply to Amanda Hsieh

    Hi,

    I checked the version information by looking into the header of the net_core_app update.bin file.  

    Here are the configuration switches which I have added to activate the downgrade prevention:

    CONFIG_BOOT_VERSION_CMP_USE_BUILD_NUMBER=y
    CONFIG_MCUBOOT_DOWNGRADE_PREVENTION=y

    In the build configuration I added:

    -DSB_CONFIG_MCUBOOT_MODE_OVERWRITE_ONLY=y

    And  there is also a VERSION file which looks like this:

    Some additional information:

    We are using a serial external flash to store the secondary images of the app-core and the net-core.

    After making an simultaineious update by using dfu_application.zip it seems that the header ifnormation of the net_core_app_update.bin is corrupt when lokking into the memory of the nrf5340-net-core. So there is no version information any more.

    When looking into the memory of the app-core the header information seems to be ok 

    Best regards,

    Georg

  • 0 in reply to Georg

    Add CONFIG_PCD_READ_NETCORE_APP_VERSION=y to nrf\samples\nrf5340\netboot\prj.conf and check whether `CONFIG_PCD_READ_NETCORE_APP_VERSION is set in hci_ipc/b0n/zephyr/.config

  • 0 in reply to Amanda Hsieh

    Hi, 

    there is no subdirectory "/b0n/zephyr" under the directory "/ncs/v2.6.1/zephyr/samples/bluetooth/hci_ipc" in the ncs sdk 2.6.1.

    Best regards

    Georg

  • 0 in reply to Georg

    Hi,

    I set CONFIG_PCD_READ_NETCORE_APP_VERSION=y in nrf\samples\nrf5340\netboot\prj.conf 

    When loooking into MyProject\build\hci_ipc\b0n\zephyr\.config  the CONFIG_PCD_READ_NETCORE_APP_VERSION is commented out.

    The problem (hanging in the do while loop) still exists.

    What to do next ?

    Best regards,

    Georg

  • 0 in reply to Georg

    Hi,

    Ignore my last 2 messages

    After adding CONFIG_PCD_READ_NETCORE_APP_VERSION=y to nrf\samples\nrf5340\netboot\prj.conf I see that `CONFIG_PCD_READ_NETCORE_APP_VERSION is set in hci_ipc/b0n/zephyr/.config 

    Now the application boots and  Mcuboot  doesn't hang in the "do while" loop.

    But downgrade protection doesn't still work for the net core.

    1. APP-Core = V1, NET-Core = V1

    2. Fota Update with V2

    3.  APP-Core = V2, NET-Core = V2

    4. Fota Update with V1 (downgrading)

    5. APP-Core = V2, NET Core= V1

    Best regards,

    Georg

  • +1 in reply to Georg

    Hi, 

    Please try to delete the build folder and build again. It should work. 

    If you don't want to modify anything of the nrf\samples\nrf5340\netboot, you can build the project with this config for netboot(b0n) 

    -Dhci_ipc_b0n_CONFIG_PCD_READ_NETCORE_APP_VERSION=y

    -Amanda H.

Reply Children
  • 0 in reply to Amanda Hsieh

    Hi,

    after deleting the build directory and creating a new V1 zip file and a new V2 zip file I got the same results as described in my last mail.

    1. APP-Core = V1, NET-Core = V1

    2. Fota Update with V2 Zip file

    3.  APP-Core = V2, NET-Core = V2

    4. Fota Update with V1 Zip file (downgrading)

    5. APP-Core = V2, NET Core= V1

    The problem still exists.

    After programming a new Version I always read out the memory of the nrf5340 and checked which version is programmed in the APP-Core and the NET-Core.

    Do you have an example that works ?

    Georg

  • 0 in reply to Georg

    Hi, 

    I add the following code in the main.c of zephyr\samples\bluetooth\hci_ipc\ to get version number:

    	printk("Board config: %s\n", CONFIG_BOARD);
	printk("CONFIG_FW_INFO_FIRMWARE_VERSION: %d\n", CONFIG_FW_INFO_FIRMWARE_VERSION );
	printk("build time: " __DATE__ " " __TIME__ "\n");

    I followed your steps to upgrade & downgrade, and got " insufficient version in secondary slot" and reverted to APP-Core = V2, NET-Core = V2 

    1. APP-Core = V1, NET-Core = V1

    2. Fota Update with V2 Zip file

    3.  APP-Core = V2, NET-Core = V2

    4. Fota Update with V1 dfu_application.zip or net_core_app_update.bin file (for downgrading)

    => Got " insufficient version in secondary slot" and reverted to APP-Core = V2, NET-Core = V2

    Here is my test project peripheral_lbs_downProtect.7z for NCS v2.6.1. specify Kconfig file for B0n with CMakeLists.txt.
    West build and flash Command: 

    west build -p -b nrf5340dk_nrf5340_cpuapp -d build_nrf5340dk_nrf5340_cpuapp && west flash --build-dir build_nrf5340dk_nrf5340_cpuapp --recover


    Beware that this code/configuration is not fully tested or qualified and should be considered provided “as-is”. Please test it with your application and let me know if you find any issues.

    -Amanda H.

  • 0 in reply to Amanda Hsieh

    Hi,

    thank you for your example. The example works as expected.

    Our application is working now, too.

    The problem was that I forgot to update the  

    CONFIG_FW_INFO_FIRMWARE_VERSION in child_image/hci_ipc.conf when creating a new version,
    It would be be nice to add the issues we discussed  here also on your homepage.
     
    Thank your for the support.
    Best Regards,
    Georg
  • 0 in reply to Georg

    Good to know it works, and thanks for the feedback. I will forward it to the internal. 

Related