Single-bank DFU bare metal - image verification

Question

Hello 
 I played with the mcuboot_recovery_entry bare metal dfu sample. I noticed that if I sign an application image with an invalid key (invalid on purpose), the firmware loader still downloads the application and overwrites the old one. Then after a reboot, the MCUBoot verifies the image, rejects it and start the firmware loader again. Is there a possibility for firmware loader to verify the image signature before overwriting the current image? If no, isn't there a possibility that anyone could start dfu with an invalid image which would remove the current image? 
 Regards, Filip

Hung Bui · Accepted Answer

Hi Filip, Sorry for not getting back earlier. So on NCS baremetal the signature checking is done on the Bootloader/MCUboot side not on the FW loader . This explain why the original image is erased before signature is checked. 
 But the device will not be bricked as the image will not be activated due to wrong signature when MCUBoot check that. It will stay in DFU mode and wait for a valid image. As mentioned earlier, it doesn't matter much if you check the signature before or after receiving the image, one can get a valid hash and signature combine with an invalid image to get the same effect.

Single-bank DFU bare metal - image verification

Top Replies