• State Verified Answer
  • Replies 7 replies
  • Subscribers 87 subscribers
  • Views 683 views
  • Users 0 members are here
Attachments (0)
Nordic Case Info
  • Case ID: 349010
Options

(NCS 2.5.0) Unable to OTA if the device is previously bonded.

PuffinEgg

Hi,

We are running into a serious issue with OTA. Specifically, we have observed that nRF52832 will not be able to perform OTA to a newer firmware given that it is previously bonded with a device . The problem arises when the newer firmware modifies a previously static defined user service (via BT_GATT_SERVICE_DEFINE) where a couple of new characteristics are added. Attempting to perform an OTA update using the NRF device manager app results in a "Writing is not permitted" error after the image swap on IOS. We are only able to OTA given that the device bonding is forgotten prior to the OTA process. However, this is not acceptable for our use case, as we don't expect our customers to forget the bonding before each OTA update. 

According to this post ( RE: Force GATT client to sync database with Zephyr) , it looks like the code will need to enable the service changed characteristic to notify the connected client to force a new service discovery after OTA. However, after enabling CONFIG_BT_GATT_SERVICE_CHANGED=y on both the older and newer firmware version, we are still not able to successfully OTA without having to remove the bonding info. Nevertheless, it looks like this use case should be really common and I am wondering if there is anything we can do to fix this. Any help or guidance are greatly appreciated.

Parents
  • 0

    Hi Taspon, 
    Could you describe what exactly happen when the "Writing is not permitted" occurs ? Did it happen after the new image has been sent, the new firmware has been booted for the first time ? 

    When did the attribute table change ? Was it change in the new image you are OTA to or it already changed in the current firmware ?

    Regarding your update, did that mean  you can do OTA update correctly from the Android device ? 

    On iOS the service changed will not show up in nRF Connect app as it's handled by the OS. 

    You may want to use the sniffer to check if the Service changed indication is sent or not. 

Reply
  • 0

    Hi Taspon, 
    Could you describe what exactly happen when the "Writing is not permitted" occurs ? Did it happen after the new image has been sent, the new firmware has been booted for the first time ? 

    When did the attribute table change ? Was it change in the new image you are OTA to or it already changed in the current firmware ?

    Regarding your update, did that mean  you can do OTA update correctly from the Android device ? 

    On iOS the service changed will not show up in nRF Connect app as it's handled by the OS. 

    You may want to use the sniffer to check if the Service changed indication is sent or not. 

Children
  • 0 in reply to Hung Bui

    1. The "Writing is not permitted" occurs right after the new image has been sent and after the test flag is set. The new image has to be booted up to send the confirm flag again.

    2. The attribute table changed in the new image that we are doing OTA on.

    3. Unfortunately, I looks like I still wasn't able to the OTA correctly on the Andriod device using "Test and Confirm", since after reboot the device does not get connected by the nRF APP. However, doing "Confirm Only" seems to work.

  • 0 in reply to PuffinEgg

    Hi Taspon, 

    Do you have the service changed characteristic on the old firmware ? 
    If you don't it's not possible for the phone to update the attribute table because it's not expecting that the attribute table may change.

    The solution I can think of is to do Confirm only. Meaning you will not do test then confirm. This way the phone doesn't need to write to the device to confirm the image. 

    Another option is to do auto confirm from the firmware meaning that after the new firmware is writing confirm on it own and doesn't have to wait for the phone to write confirm. If the firmware is faulty (can not boot for example) and can not confirm itself it will be reverted in the next boot. 

  • 0 in reply to Hung Bui

    Hi,

    We have tried confirm only and it only seems to be working on the Andriod side. On the IOS side, I am getting a "Writing is not permitted" error as soon as I press the start button in the nRF Connect app, and this time I am getting the error prior to starting the image swap. This is only fixed by either forgetting the bonding information or turning the bluetooth in the OS off and back on.

  • 0 in reply to PuffinEgg

    Hi Taspon, 


    I would suggest to try testing with the nRF Connect app to see if you can write to the SMP service. 

    Before you do the test please try to remove any bonding . Then bond with the original firmware and try DFU. There could be a chance that the attribute table is mixing up between new and old firmware. 


    Please try look for the log and see which exact characteristic is being written. You may need to use a sniffer trace to see which handle id used. 

  • +1 in reply to Hung Bui

    We were finally able to fix this issue after digging through zephyr's GATT codebase.

    For the service changed indication to get sent, it looks like GATT data have to be cached in the device flash for it to compare the GATT attribute table hash after OTA. Zephyr checks for the DB hash after boot and sends a service change indication work item to the queue if it doesn't match.

    It looks like CONFIG_BLE_GATT_CACHING needs to be set for the app to properly clear the attribute cache, which fixed our connection issue after OTA given the device is previously bonded.

Related
Terms of service