Downgrade protection works only for the app_core -image-and not for the net-core -image

Hi, 

Do you test the MCUBoot version by adjusting CONFIG_MCUBOOT_HW_DOWNGRADE_PREVENTION_COUNTER_VALUE?

How do you check the version number? You can check the version by 

imgtool verify build/zephyr/net_core_app_update.bin

Regards,
Amanda H.

Hi,

I checked the version information by looking into the header of the net_core_app update.bin file.  

Here are the configuration switches which I have added to activate the downgrade prevention:

CONFIG_BOOT_VERSION_CMP_USE_BUILD_NUMBER=y
CONFIG_MCUBOOT_DOWNGRADE_PREVENTION=y

In the build configuration I added:

-DSB_CONFIG_MCUBOOT_MODE_OVERWRITE_ONLY=y

And  there is also a VERSION file which looks like this:

Some additional information:

We are using a serial external flash to store the secondary images of the app-core and the net-core.

After making an simultaineious update by using dfu_application.zip it seems that the header ifnormation of the net_core_app_update.bin is corrupt when lokking into the memory of the nrf5340-net-core. So there is no version information any more.

When looking into the memory of the app-core the header information seems to be ok 

Best regards,

Georg

Hi, 

I add the following code in the main.c of zephyr\samples\bluetooth\hci_ipc\ to get version number:

	printk("Board config: %s\n", CONFIG_BOARD);
	printk("CONFIG_FW_INFO_FIRMWARE_VERSION: %d\n", CONFIG_FW_INFO_FIRMWARE_VERSION );
	printk("build time: " __DATE__ " " __TIME__ "\n");

I followed your steps to upgrade & downgrade, and got " insufficient version in secondary slot" and reverted to APP-Core = V2, NET-Core = V2 

1. APP-Core = V1, NET-Core = V1

2. Fota Update with V2 Zip file

3.  APP-Core = V2, NET-Core = V2

4. Fota Update with V1 dfu_application.zip or net_core_app_update.bin file (for downgrading)

=> Got " insufficient version in secondary slot" and reverted to APP-Core = V2, NET-Core = V2

Here is my test project peripheral_lbs_downProtect.7z for NCS v2.6.1. specify Kconfig file for B0n with CMakeLists.txt.
West build and flash Command: 

west build -p -b nrf5340dk_nrf5340_cpuapp -d build_nrf5340dk_nrf5340_cpuapp && west flash --build-dir build_nrf5340dk_nrf5340_cpuapp --recover

Beware that this code/configuration is not fully tested or qualified and should be considered provided “as-is”. Please test it with your application and let me know if you find any issues.

-Amanda H.

Hi,

thank you for your example. The example works as expected.

Our application is working now, too.

The problem was that I forgot to update the  

Good to know it works, and thanks for the feedback. I will forward it to the internal. 

Hi!

I am following this issue because I have the same use case and I am trying to enable this configuration on the b0n image in the Network Core (nRF5340 as well) but I can not make this work. I am using sysbuild on SDK 2.9.0 so I guess it should be handled differently but can not figure out how.

Can you maybe explain to me where exactly should I add this configuration?

My NetCore image is "ipc_radio". I have tried adding

set(ipc_radio_b0n_CONFIG_PCD_READ_NETCORE_APP_VERSION y)

in sysbuild.cmake and CMakeLists.txt but nothing seems to work,

Thanks!

Hi, 

This discussion is not suitable for SDK 2.9.0. Please create a new support case for your issue. 

-Amanda H.

Hi, 

This discussion is not suitable for SDK 2.9.0. Please create a new support case for your issue. 

-Amanda H.