RE: Updating MCUBoot with TFM activated

Dax-id — Thu, 03 Oct 2024 13:57:11 GMT

Hi Einar,

Thanks for your reply. It was indeed the solution we started investigating just after writing the post. We now have to see if the partitions/flash size are big enough for our needs, which may not be the case, but that is something we'll look at on our side!

RE: Updating MCUBoot with TFM activated

Einar Thorsrud — Thu, 03 Oct 2024 13:50:25 GMT

Hi,

[quote user=""]Is it possible to upgrade MCUBoot with our current setup?[/quote]

No. The applicion is not allowed to write to the MCUboot slots.

[quote user=""]DFUTarget MCUBoot seems to only use the application secondary slot to write to flash, but who is responsible to swap it to S0/S1 after the flash is done?[/quote]

Yes, that is correct. MCUboot check the secondary applicatino slot to see if there are updates that should be handles. If it is an MCUboot update it will copy the update to the other MCUslot (not the one currently cunning), and reset. Then the first stage immutable bootloader (NSIB) will check which MCUboot slot has the highest version (which in this case is the new one). validate and start that.

[quote user=""]Is there a way to use DFUTarget to update MCUBoot from the app using a NS configuration?[/quote]

You may be able to modify permissions to allow the application to write to the bootlodaer partitions, but that would break the security in the sense that an application could modify itself and also modify the bootloader to start it anyway. If you have a bit space left on your device another approach could be to make a secondary application slot that is not large enough to do applicaiton updates, but is large enough to hold MCUboot, allowing MCUboot updates in the normal way. That is demonstrated by this unofficial sample.