• State Not Answered
  • Replies 1 reply
  • Subscribers 86 subscribers
  • Views 114 views
  • Users 0 members are here
Attachments (0)
Nordic Case Info
  • Case ID: 356511
Options

Secure FW updates via BLE or USB

DX_HK

I am currently developing a HID device that supports BLE and USB.
I have tested the firmware update function via both BLE and USB (USB CDC ACM).
However, I am experiencing the following issues:

BLE connection
The firmware update service is available to anyone.
When using smpmgr, it seems the only way to update is by specifying the advertised name when not connected to a PC.
The firmware should only be updated from a PC with a secure connection. Are there any tools or methods that can achieve this?

USB connection
It is defined as a USB composite device. The problem is that the virtual COM port is visible to users even when the firmware update is not being used.
Is there a way to hide this?

If possible, I would like to use existing tools,

but if I have to develop something myself (or if I can get better results that way), I will do so.

Any advice would be appreciated.

Parents
  • 0

    The lib requires a COM port to work over USB. And while you could move that USB support into MCUBOOT itself, it increases the bootloader size in flash by a lot. Not really recommended on the NRF52840.

    BLE needs to be in disconnected (advertising) state for bleak python BTLE lib to be able to connect. This limitation might be windows only - BTLE APIs  in Windows are dog ***. The smpmgr stuff uses bleak internally.

    It should establish BTLE secure connection as long as there is bonding information in windows OS available.

Reply
  • 0

    The lib requires a COM port to work over USB. And while you could move that USB support into MCUBOOT itself, it increases the bootloader size in flash by a lot. Not really recommended on the NRF52840.

    BLE needs to be in disconnected (advertising) state for bleak python BTLE lib to be able to connect. This limitation might be windows only - BTLE APIs  in Windows are dog ***. The smpmgr stuff uses bleak internally.

    It should establish BTLE secure connection as long as there is bonding information in windows OS available.

Children
No Data
Related
Terms of service