<?xml version="1.0" encoding="UTF-8" ?>
<?xml-stylesheet type="text/xsl" href="https://devzone.nordicsemi.com/cfs-file/__key/system/syndication/rss.xsl" media="screen"?><rss version="2.0" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:slash="http://purl.org/rss/1.0/modules/slash/" xmlns:wfw="http://wellformedweb.org/CommentAPI/" xmlns:atom="http://www.w3.org/2005/Atom"><channel><title>DFU over BLE using external Flash TESTING</title><link>https://devzone.nordicsemi.com/f/nordic-q-a/114216/dfu-over-ble-using-external-flash-testing</link><description>Hello Engineer Greetings Of the Day We performed DFU over BLE with secondary slot in External flash that operates using SPI . I needed some clarification on the outcomes . -&amp;gt; My running application of Primary Slot was of 256KB -&amp;gt; To perform DFU I did</description><dc:language>en-US</dc:language><generator>Telligent Community 13</generator><lastBuildDate>Tue, 27 Aug 2024 11:56:40 GMT</lastBuildDate><atom:link rel="self" type="application/rss+xml" href="https://devzone.nordicsemi.com/f/nordic-q-a/114216/dfu-over-ble-using-external-flash-testing" /><item><title>RE: DFU over BLE using external Flash TESTING</title><link>https://devzone.nordicsemi.com/thread/499972?ContentTypeID=1</link><pubDate>Tue, 27 Aug 2024 11:56:40 GMT</pubDate><guid isPermaLink="false">137ad170-7792-4731-bb38-c0d22fbe4515:1ca7f82f-94d0-4245-9e79-b1120333a66c</guid><dc:creator>AHaug</dc:creator><description>&lt;p&gt;Aha, thank for enlightening me&lt;/p&gt;
[quote user="Sanket Rao"]But Andreas there is reason i dont want&amp;nbsp;&lt;span&gt;MCUboot&lt;/span&gt; to do things on its own , therefore having control on &lt;span&gt;MCUboot&lt;/span&gt;&amp;nbsp;or knowing MCUboot better is neccessary.&amp;nbsp;[/quote]
&lt;p&gt;You&amp;#39;re of course free to modify MCUboot and create your own custom solution that fits your project. What I meant with my explanation is what MCUboot does out of the box in our SDK&lt;/p&gt;
[quote user="Sanket Rao"]&lt;strong&gt;Discussion 1:&lt;/strong&gt;&lt;br /&gt;&lt;br /&gt;Listed as follows&amp;nbsp;&amp;nbsp;[/quote]
&lt;p&gt;This makes sense to me w.r.t why you would want to do this.&lt;/p&gt;
[quote user="Sanket Rao"]is there is any way or any example API calls that can&lt;em&gt; &lt;span style="text-decoration:underline;"&gt;decrypt my OTA file/image&lt;/span&gt;&lt;/em&gt; before writing to the secondary slot partition for further DFU process . Please let us know .[/quote]
&lt;p&gt;Unfortunately there are no existing samples that showcases encrypted DFU, and w.r.t the API that which exists is mentioned in the documentation I sent regarding encrypted DFU + the &lt;a href="https://docs.nordicsemi.com/bundle/ncs-latest/page/mcuboot/wrapper.html"&gt;MCUboot documentation&lt;/a&gt;&lt;/p&gt;
[quote user="Sanket Rao"]I believe during DFU OTA thru GSM that data will be recieved in chunks and written to some memory portion in the external flash defined by us ,&lt;em&gt; is it possible for MCUboot to handle these chunks directly or even indirectly &amp;amp; write them to MCUBoot&lt;/em&gt; &lt;em&gt;Seconadry slot&lt;/em&gt; for further stages of DFU .&amp;nbsp;[/quote]
&lt;p&gt;Atleast for indireclty you can do something similar to what is done in this&amp;nbsp;&lt;a href="https://docs.nordicsemi.com/bundle/ncs-latest/page/nrf/samples/cellular/lwm2m_client/fota.html"&gt;lwm2m evaluation&lt;/a&gt;&amp;nbsp;or in this&amp;nbsp;&lt;a href="https://docs.nordicsemi.com/bundle/ncs-latest/page/nrf/samples/cellular/lwm2m_client/fota_external_mcu.html"&gt;variation&lt;/a&gt;&amp;nbsp;and modify where you write the encrypted chunks for temporary storage, for instance in your own secure partition. Then when you&amp;#39;ve done whatever you need to do to the chunks and/or full image, you can move it to mcuboot_secondary and start the DFU process from there.&amp;nbsp;&lt;/p&gt;
&lt;p&gt;Kind regards,&lt;br /&gt;Andreas&lt;/p&gt;&lt;div style="clear:both;"&gt;&lt;/div&gt;</description></item><item><title>RE: DFU over BLE using external Flash TESTING</title><link>https://devzone.nordicsemi.com/thread/499946?ContentTypeID=1</link><pubDate>Tue, 27 Aug 2024 10:15:45 GMT</pubDate><guid isPermaLink="false">137ad170-7792-4731-bb38-c0d22fbe4515:bfef9d07-ef91-4e01-bcf5-4a2ae516b75f</guid><dc:creator>Sankton</dc:creator><description>&lt;p&gt;Hello Andreas&amp;nbsp;&lt;br /&gt;&lt;br /&gt;I would like to thank for your prudent opinions on my doubt&lt;br /&gt;&lt;br /&gt;But Andreas there is reason i dont want&amp;nbsp;&lt;span&gt;MCUboot&lt;/span&gt; to do things on its own , therefore having control on &lt;span&gt;MCUboot&lt;/span&gt;&amp;nbsp;or knowing MCUboot better is neccessary.&amp;nbsp;&lt;br /&gt;&lt;br /&gt;I had like to discuss two issues pertaining to it .&lt;br /&gt;&lt;br /&gt;&lt;strong&gt;Discussion 1:&lt;/strong&gt;&lt;br /&gt;&lt;br /&gt;Listed as follows&amp;nbsp;&amp;nbsp;&lt;/p&gt;
&lt;ul&gt;
&lt;li&gt;Suppose , i am giving my client an OTA file that they will have to perform OTA manually over BLE ,&lt;em&gt; but we will be using our local encryption technique&lt;/em&gt; before handing the OTA file to the client .&lt;br /&gt;&lt;br /&gt;&lt;/li&gt;
&lt;li&gt;This may require decryption of the OTA file before &lt;span&gt;MCUboot&lt;/span&gt; can write this to secondary partition , or else &lt;span&gt;MCUboot&lt;/span&gt; &lt;strong&gt;will fail this process and resorces be wasted &lt;/strong&gt;as signature tests will fail.&lt;/li&gt;
&lt;/ul&gt;
[quote userid="107683" url="~/f/nordic-q-a/114216/dfu-over-ble-using-external-flash-testing/499902"]The commands for building and loading MCUboot and the firmware images may vary depending on the specific use case.[/quote]
&lt;p&gt;I can see you wrote , there are different ways how MCUboot is loading and how firmware images are handled , is there is any way or any example API calls that can&lt;em&gt; &lt;span style="text-decoration:underline;"&gt;decrypt my OTA file/image&lt;/span&gt;&lt;/em&gt; before writing to the secondary slot partition for further DFU process . Please let us know .&lt;br /&gt;&lt;br /&gt;&lt;strong&gt;Discussion 2:&lt;/strong&gt;&lt;br /&gt;&lt;br /&gt;Andreas we are looking for further possibilities on our products with GSM capabilities that can perform DFU OTA thru cellular networks .&lt;br /&gt;&lt;br /&gt;I believe during DFU OTA thru GSM that data will be recieved in chunks and written to some memory portion in the external flash defined by us ,&lt;em&gt; is it possible for MCUboot to handle these chunks directly or even indirectly &amp;amp; write them to MCUBoot&lt;/em&gt; &lt;em&gt;Seconadry slot&lt;/em&gt; for further stages of DFU .&amp;nbsp;&lt;br /&gt;And i believe there will be no&amp;nbsp;scope&amp;nbsp;of encryption or decryption in this method of DFU .&lt;br /&gt;&lt;br /&gt;Nordic SDK has very limited&amp;nbsp;ambit&amp;nbsp;on MCUboot , a sample/example regarding discussion 2, if it ever passed by you, please let us know , it be really helpful .&amp;nbsp;&lt;br /&gt;&lt;br /&gt;Regards&amp;nbsp;&lt;br /&gt;S&lt;br /&gt;&lt;br /&gt;&lt;/p&gt;&lt;div style="clear:both;"&gt;&lt;/div&gt;</description></item><item><title>RE: DFU over BLE using external Flash TESTING</title><link>https://devzone.nordicsemi.com/thread/499902?ContentTypeID=1</link><pubDate>Tue, 27 Aug 2024 07:50:15 GMT</pubDate><guid isPermaLink="false">137ad170-7792-4731-bb38-c0d22fbe4515:395c33bc-3a07-4d9c-a506-bbd3beb20d3f</guid><dc:creator>AHaug</dc:creator><description>[quote user="Sanket Rao"]This is because we have our encrypted OTA file to be tested now ,&amp;nbsp; so direct jump to step of&amp;nbsp; confirmation and&amp;nbsp;swap&amp;nbsp;shouldnt take place .[/quote]
&lt;p&gt;Ah, my bad. I see I mighte caused some confusion with the ordering of things. Let me know if the explanation under removes your desire to want to stop the erase:&lt;/p&gt;
&lt;div&gt;Here&amp;#39;s the general process of how MCUboot testing, confirming, and swapping work:&lt;/div&gt;
&lt;ol&gt;
&lt;li&gt;
&lt;div&gt;
&lt;div&gt;&lt;strong&gt;Building and Loading Images&lt;/strong&gt;: First, you need to build and load MCUboot and the firmware images for the primary and secondary slots. The commands for building and loading MCUboot and the firmware images may vary depending on the specific use case. For example, you might use the&lt;span&gt;&amp;nbsp;&lt;/span&gt;&lt;code dir="ltr"&gt;newt&lt;/code&gt;&lt;span&gt;&amp;nbsp;&lt;/span&gt;tool to build and load MCUboot and the firmware images (&lt;a href="https://docs.nordicsemi.com/bundle/ncs-latest/page/mcuboot/testplan-mynewt.html#swap_with_random_failures" rel="noopener noreferrer" target="_blank"&gt;source&lt;/a&gt;).&lt;br /&gt;&lt;br /&gt;&lt;/div&gt;
&lt;/div&gt;
&lt;/li&gt;
&lt;li&gt;
&lt;div&gt;
&lt;div&gt;&lt;strong&gt;Testing the Image&lt;/strong&gt;: After uploading the firmware image to the secondary slot, you can test the image by obtaining its SHA and ensuring it boots. This can be done using the&lt;span&gt;&amp;nbsp;&lt;/span&gt;&lt;code dir="ltr"&gt;imgtool verify&lt;/code&gt;&lt;span&gt;&amp;nbsp;&lt;/span&gt;and&lt;span&gt;&amp;nbsp;&lt;/span&gt;&lt;code dir="ltr"&gt;mcumgr image test&lt;/code&gt;&lt;span&gt;&amp;nbsp;&lt;/span&gt;commands (&lt;a href="https://docs.nordicsemi.com/bundle/ncs-latest/page/nrf/samples/nrf5340/extxip_smp_svr/README.html#upload_the_signed_image" rel="noopener noreferrer" target="_blank"&gt;source&lt;/a&gt;,&lt;span&gt;&amp;nbsp;&lt;/span&gt;&lt;a href="https://docs.nordicsemi.com/bundle/ncs-latest/page/zephyr/samples/subsys/mgmt/mcumgr/smp_svr/README.html#test_the_image" rel="noopener noreferrer" target="_blank"&gt;source&lt;/a&gt;).&lt;br /&gt;&lt;br /&gt;&lt;/div&gt;
&lt;/div&gt;
&lt;/li&gt;
&lt;li&gt;
&lt;div&gt;
&lt;div&gt;&lt;strong&gt;Confirming the Image&lt;/strong&gt;: If the image in the secondary slot is tagged as &amp;quot;confirm&amp;quot;, MCUboot will swap it into the primary slot permanently. If the image is tagged as &amp;quot;test&amp;quot;, MCUboot will swap it into the primary slot for one reset cycle. Unless the image is then confirmed while running, MCUboot will swap back the old application to the primary slot on its next reset (&lt;a href="https://academy.nordicsemi.com/courses/nrf-connect-sdk-intermediate/lessons/lesson-8-bootloaders-and-dfu-fota/topic/mcuboot-mcumgr-and-dfu-target/#MCUboot" rel="noopener noreferrer" target="_blank"&gt;source&lt;/a&gt;).&lt;br /&gt;&lt;br /&gt;&lt;/div&gt;
&lt;/div&gt;
&lt;/li&gt;
&lt;li&gt;
&lt;div&gt;
&lt;div&gt;&lt;strong&gt;Swapping the Images&lt;/strong&gt;: If everything works as expected, you can proceed with requests for permanent swap to the image in the secondary slot and do random swaps. When the swap finishes, the previous secondary image should now be in the primary slot and vice-versa (&lt;a href="https://docs.nordicsemi.com/bundle/ncs-latest/page/mcuboot/testplan-mynewt.html#swap_with_random_failures" rel="noopener noreferrer" target="_blank"&gt;source&lt;/a&gt;).&lt;br /&gt;&lt;br /&gt;&lt;/div&gt;
&lt;/div&gt;
&lt;/li&gt;
&lt;li&gt;
&lt;div&gt;
&lt;div&gt;&lt;strong&gt;Reverting the Images&lt;/strong&gt;: If the device crashes immediately upon booting a new (bad) image, MCUboot will revert to the old (working) image at the next device reset, rather than booting the bad image again. This allows device firmware to make test swaps permanent only after performing a self-test routine (&lt;a href="https://docs.nordicsemi.com/bundle/ncs-latest/page/mcuboot/design.html#boot_swap_types" rel="noopener noreferrer" target="_blank"&gt;source&lt;/a&gt;).&lt;/div&gt;
&lt;/div&gt;
&lt;/li&gt;
&lt;/ol&gt;
&lt;p&gt;Kind regards,&lt;br /&gt;Andreas&lt;/p&gt;&lt;div style="clear:both;"&gt;&lt;/div&gt;</description></item><item><title>RE: DFU over BLE using external Flash TESTING</title><link>https://devzone.nordicsemi.com/thread/499783?ContentTypeID=1</link><pubDate>Mon, 26 Aug 2024 13:34:27 GMT</pubDate><guid isPermaLink="false">137ad170-7792-4731-bb38-c0d22fbe4515:d6cc5bde-b949-4fbd-9683-6054ea200371</guid><dc:creator>Sankton</dc:creator><description>[quote userid="107683" url="~/f/nordic-q-a/114216/dfu-over-ble-using-external-flash-testing/499776"]You can modify the MCUboot code for your project and create your own custom procedure where you can manually delete the contents on the secondary partition, but I&amp;#39;m not 100% sure why you would want to do this. Could you expand upon why so that I might see differently?[/quote]
&lt;p&gt;This is because we have our encrypted OTA file to be tested now ,&amp;nbsp; so direct jump to step of&amp;nbsp; confirmation and&amp;nbsp;swap&amp;nbsp;shouldnt take place .&lt;br /&gt;&lt;br /&gt;&lt;br /&gt;Also thanks for the link regarding encrypted images , that will be for my personal educational pursuits , &lt;br /&gt;&lt;br /&gt;Thanks &amp;amp; Regards&amp;nbsp;&lt;br /&gt;S&lt;/p&gt;&lt;div style="clear:both;"&gt;&lt;/div&gt;</description></item><item><title>RE: DFU over BLE using external Flash TESTING</title><link>https://devzone.nordicsemi.com/thread/499776?ContentTypeID=1</link><pubDate>Mon, 26 Aug 2024 13:19:03 GMT</pubDate><guid isPermaLink="false">137ad170-7792-4731-bb38-c0d22fbe4515:a0f63925-8b97-4465-9def-388bd0941b96</guid><dc:creator>AHaug</dc:creator><description>[quote user="Sanket Rao"]1) that i can stop the erase of secondary slot after swap procedure .[/quote]
&lt;p&gt;You can modify the MCUboot code for your project and create your own custom procedure where you can manually delete the contents on the secondary partition, but I&amp;#39;m not 100% sure why you would want to do this. Could you expand upon why so that I might see differently?&lt;/p&gt;
[quote user="Sanket Rao"]2) this is bit off topic , is there any way i can encrypt my app_update.bin file , for better security of our product .[/quote]
&lt;p&gt;Yes, this should be possible according to&amp;nbsp;&lt;a href="https://docs.nordicsemi.com/bundle/ncs-latest/page/mcuboot/encrypted_images.html#rationale"&gt;https://docs.nordicsemi.com/bundle/ncs-latest/page/mcuboot/encrypted_images.html&lt;/a&gt;.&lt;/p&gt;
&lt;p&gt;Kind regards,&lt;br /&gt;Andreas&lt;/p&gt;&lt;div style="clear:both;"&gt;&lt;/div&gt;</description></item><item><title>RE: DFU over BLE using external Flash TESTING</title><link>https://devzone.nordicsemi.com/thread/499764?ContentTypeID=1</link><pubDate>Mon, 26 Aug 2024 12:53:18 GMT</pubDate><guid isPermaLink="false">137ad170-7792-4731-bb38-c0d22fbe4515:759a8f1c-1e7e-4cfb-8942-8174ad908c74</guid><dc:creator>Sankton</dc:creator><description>&lt;p&gt;Hi Andreas&amp;nbsp;&lt;br /&gt;Thank you for your valuable input , i will go thru the link you provided , also is there any way -&lt;/p&gt;
&lt;p&gt;1) that i can stop the erase of secondary slot after swap procedure .&lt;/p&gt;
&lt;p&gt;2) this is bit off topic , is there any way i can encrypt my app_update.bin file , for better security of our product .&lt;br /&gt;&lt;br /&gt;&lt;br /&gt;Regards&amp;nbsp;&lt;br /&gt;&lt;br /&gt;S&amp;nbsp;&lt;/p&gt;&lt;div style="clear:both;"&gt;&lt;/div&gt;</description></item><item><title>RE: DFU over BLE using external Flash TESTING</title><link>https://devzone.nordicsemi.com/thread/499753?ContentTypeID=1</link><pubDate>Mon, 26 Aug 2024 12:28:17 GMT</pubDate><guid isPermaLink="false">137ad170-7792-4731-bb38-c0d22fbe4515:d8389050-3d36-4efa-a7f6-2f74e7a19e7c</guid><dc:creator>AHaug</dc:creator><description>&lt;p&gt;Hi S,&lt;/p&gt;
&lt;p&gt;Good questions, I&amp;#39;ll clarify them for you&lt;/p&gt;
[quote user=""]&lt;strong&gt;My First question is&lt;/strong&gt; , why only 30Bytes were written on my external flash when my new image was of around 256KB ?&lt;br /&gt;Is MCUboot that intelligent that I can see the changes and only write the update that I have made in my application &amp;nbsp;?[/quote]
&lt;p&gt;I assume that you read and observe this after you&amp;#39;ve powercycled/restarted the device after performing DFU. If this is the case, then the reason for why you only see some arbitrary 30 byte on MCUboot secondary is due to how the DFU procedure works:&lt;/p&gt;
&lt;ol&gt;
&lt;li&gt;First you run your original image on MCUboot Primary&lt;/li&gt;
&lt;li&gt;Then you enter the DFU procedure mode and upload the new image to MCUboot secondary&lt;/li&gt;
&lt;li&gt;When the new image in MCUboot secondary has been uploaded it starts the swapping procedure, i.e it swaps around the images in Primary and secondary so that the new image is now in MCUboot primary and the original is in MCUboot secondary,&lt;/li&gt;
&lt;li&gt;If the new image (which is now in MCUboot primary) is tested and approved (i.e that it seems to be a valid firmware), it approves the swap and deletes the original image which is in MCUboot secondary, making room for future images to be uploaded to the MCUboot secondary slot.&lt;/li&gt;
&lt;/ol&gt;
[quote user=""]My &lt;strong&gt;second question&lt;/strong&gt; is , how I can verify that my DFU over BLE is done using External Flash only , not inbuilt SOC flash (this haunts me ) .[/quote]
&lt;p&gt;If you&amp;#39;re using MCUboot, then the procedure is simply that MCUboot is programmed to use MCUboot primary application and MCUboot secondary application slots for DFU. Primary is used for the running image, and secondary is used to temporarily store the update image, and to hold the image that is swapped.&lt;/p&gt;
&lt;p&gt;As you can see in your image, the secondary MCUboot application partition resides in your external flash from 0x0 to 0x71000, meaning that it has to be done through external flash. If you place your secondary partition on the internal flash area, it will only use your internal flash for DFU.&lt;/p&gt;
&lt;p&gt;I recommend that you also have a look at&amp;nbsp;&lt;a href="https://academy.nordicsemi.com/courses/nrf-connect-sdk-intermediate/lessons/lesson-8-bootloaders-and-dfu-fota/"&gt;https://academy.nordicsemi.com/courses/nrf-connect-sdk-intermediate/lessons/lesson-8-bootloaders-and-dfu-fota/&lt;/a&gt;&amp;nbsp;for some more information regarding how this works!&lt;/p&gt;
&lt;p&gt;Kind regards,&lt;br /&gt;Andreas&lt;/p&gt;&lt;div style="clear:both;"&gt;&lt;/div&gt;</description></item></channel></rss>