Hi there,
We have a mass produced product with a modified secure bootloader (from SDK17). This BL has BLE and USB and we bolted on an SPI flash transport for OTA updates over 4G/WIFI and some extra logic to make single bank updates more reliable.
We have cases where our customer wants to "unlock" the unit so they can load their own firmware. In the past, the APP could pass a flag to the BL to go into a mode where we load different pk[] keys during runtime. This allowed for a BL PK1 or PK2 to be loaded by the BL as instructed by the APP, but required updates to the BL every time we wanted to add a new key option.
We want to eventually reach a point where the BL checks the APP's memory for valid keys (the app memory can be altered via OTA, and sits right below the BL region [BOOTLOADER_ADDRESS-1page])
- If a valid key is found verify firmware against that
- If the key is invalid, use the original BL compiled key
- If a special key is found, go into Open Mode
Our biggest issue is changing the secure BL to the open mode during runtime. The only way we see is to modify the SDK to replace NRF_DFU_REQUIRE_SIGNED_APP_UPDATE compile flag to a runtime flag that is set before the nrf_bootloader_init() is called.
Is there any other more elegant way to achieve this? Thanks!
