Downgrade protection works only for the app_core -image-and not for the net-core -image

Hi, 

Do you test the MCUBoot version by adjusting CONFIG_MCUBOOT_HW_DOWNGRADE_PREVENTION_COUNTER_VALUE?

How do you check the version number? You can check the version by 

imgtool verify build/zephyr/net_core_app_update.bin

Regards,
Amanda H.

Hi,

I checked the version information by looking into the header of the net_core_app update.bin file.  

Here are the configuration switches which I have added to activate the downgrade prevention:

CONFIG_BOOT_VERSION_CMP_USE_BUILD_NUMBER=y
CONFIG_MCUBOOT_DOWNGRADE_PREVENTION=y

In the build configuration I added:

-DSB_CONFIG_MCUBOOT_MODE_OVERWRITE_ONLY=y

And  there is also a VERSION file which looks like this:

Some additional information:

We are using a serial external flash to store the secondary images of the app-core and the net-core.

After making an simultaineious update by using dfu_application.zip it seems that the header ifnormation of the net_core_app_update.bin is corrupt when lokking into the memory of the nrf5340-net-core. So there is no version information any more.

When looking into the memory of the app-core the header information seems to be ok 

Best regards,

Georg

Hi, 

Please try to delete the build folder and build again. It should work. 

If you don't want to modify anything of the nrf\samples\nrf5340\netboot, you can build the project with this config for netboot(b0n) 

-Dhci_ipc_b0n_CONFIG_PCD_READ_NETCORE_APP_VERSION=y

-Amanda H.

Hi,

after deleting the build directory and creating a new V1 zip file and a new V2 zip file I got the same results as described in my last mail.

1. APP-Core = V1, NET-Core = V1

2. Fota Update with V2 Zip file

3.  APP-Core = V2, NET-Core = V2

4. Fota Update with V1 Zip file (downgrading)

5. APP-Core = V2, NET Core= V1

The problem still exists.

After programming a new Version I always read out the memory of the nrf5340 and checked which version is programmed in the APP-Core and the NET-Core.

Do you have an example that works ?

Georg

Hi, 

I add the following code in the main.c of zephyr\samples\bluetooth\hci_ipc\ to get version number:

	printk("Board config: %s\n", CONFIG_BOARD);
	printk("CONFIG_FW_INFO_FIRMWARE_VERSION: %d\n", CONFIG_FW_INFO_FIRMWARE_VERSION );
	printk("build time: " __DATE__ " " __TIME__ "\n");

I followed your steps to upgrade & downgrade, and got " insufficient version in secondary slot" and reverted to APP-Core = V2, NET-Core = V2 

1. APP-Core = V1, NET-Core = V1

2. Fota Update with V2 Zip file

3.  APP-Core = V2, NET-Core = V2

4. Fota Update with V1 dfu_application.zip or net_core_app_update.bin file (for downgrading)

=> Got " insufficient version in secondary slot" and reverted to APP-Core = V2, NET-Core = V2

Here is my test project peripheral_lbs_downProtect.7z for NCS v2.6.1. specify Kconfig file for B0n with CMakeLists.txt.
West build and flash Command: 

west build -p -b nrf5340dk_nrf5340_cpuapp -d build_nrf5340dk_nrf5340_cpuapp && west flash --build-dir build_nrf5340dk_nrf5340_cpuapp --recover

Beware that this code/configuration is not fully tested or qualified and should be considered provided “as-is”. Please test it with your application and let me know if you find any issues.

-Amanda H.

Hi,

thank you for your example. The example works as expected.

Our application is working now, too.

The problem was that I forgot to update the  

Good to know it works, and thanks for the feedback. I will forward it to the internal. 

Good to know it works, and thanks for the feedback. I will forward it to the internal.