FMFU segments SHA

Hello, could you please provide more details to your problem. What exactly are you trying to achieve? What are you basing this "custom modem fw update" on? What version of the nRF Connect SDK are you using? 

Thanks.

Kind regards,
Øyvind

We adapted your FMFU over SMP (UART) to work with SPI.
docs.nordicsemi.com/.../README.html

In your example, you provide the mfw_xxxx.zip file to the non-public library at pynrfjprog. To have full control, we reimplemented the functionality in Python by parsing and processing the cbor-file. The update is working. Now, we want to verify the FW update. To do this, we want to compare the SHAs from the segments. This is similar to what you do under the hood in pynrfjprog. To do this, we calculate the SHA of a segment from the cbor-file and read the SHA of the segments from the modem (via SMP). The SHA that we read over SMP is the same as that in the firmware.update.image.digest.txt file. However, the calculated SHA of the segment from the cbor-file/binary does not correlate to it. Therefore, the version of the nRF Connect SDK is not necessary for resolving this issue. You provided a documentation for the cbor-file. The COSE_Sign1_Manifest with the binary blob of the segments. The blob_hash is the SHA for the whole binary-blob, but how can we calculate the SHA for the segments? So that we can get the same result as in your firmware.update.image.digest.txt file?

docs.nordicsemi.com/.../fmfu_fdev.html

We adapted your FMFU over SMP (UART) to work with SPI.
docs.nordicsemi.com/.../README.html

In your example, you provide the mfw_xxxx.zip file to the non-public library at pynrfjprog. To have full control, we reimplemented the functionality in Python by parsing and processing the cbor-file. The update is working. Now, we want to verify the FW update. To do this, we want to compare the SHAs from the segments. This is similar to what you do under the hood in pynrfjprog. To do this, we calculate the SHA of a segment from the cbor-file and read the SHA of the segments from the modem (via SMP). The SHA that we read over SMP is the same as that in the firmware.update.image.digest.txt file. However, the calculated SHA of the segment from the cbor-file/binary does not correlate to it. Therefore, the version of the nRF Connect SDK is not necessary for resolving this issue. You provided a documentation for the cbor-file. The COSE_Sign1_Manifest with the binary blob of the segments. The blob_hash is the SHA for the whole binary-blob, but how can we calculate the SHA for the segments? So that we can get the same result as in your firmware.update.image.digest.txt file?

docs.nordicsemi.com/.../fmfu_fdev.html

Hello, and thanks for the elaborate answer. I don't have a good answer for you right now, but let me forward this internally and discuss with out modem experts. I hope to have an answer by end of tomorrow or Thursday. 

Kind regards,
Øyvind

And just to clarify, you are targeting DECT NR+ modem FW?

Yes we are targeting with the DECT NR+ modem FW. But the SHA calculation of the modem segments should be the same for LTE or DECT. The big question is can we calculate the sha's from the binary blob (cbor-file) or do we need the pre-calculated sha's from the firmware.update.image.digest.txt.

I think the binary bob (in the cbor-file) is encrypted and if the SHA is returned from the modem via the unencrypted content, it would not be possible to calculate from the cbor file.