nRF Cloud FOTA over Wi‑Fi on nRF54H20 + nRF7002 — supported today, and roadmap/timeline?

Hi Nordic Support,

We are currently evaluating nRF Cloud FOTA over Wi-Fi on the nRF54H20 + nRF7002 combination and would like to confirm the current support status and intended roadmap.

Context

  • Hardware: nRF54H20 host + nRF7002 companion for Wi-Fi, with BLE used for sensor connectivity.
  • Wi-Fi is our primary link for device communication and control, and is also the transport we intend to use for firmware updates.
  • SDK: nRF Connect SDK v3.4.0.
  • Crypto backend: IronSide SE.
  • We understand that FOTA over BLE is supported. Our question is specifically about FOTA over Wi-Fi via nRF Cloud on this exact SoC + companion combination.

Problem we are seeing

We want devices to retrieve firmware updates from nRF Cloud over Wi-Fi. However, on nRF54H20, we have not been able to complete the TLS connection to nRF Cloud.

Our current investigation points to a certificate-signature verification limitation on the nRF54H20 crypto path.

RSA signature verification does not appear to be available through the supported IronSide SE / PSA crypto path on nRF54H20. IronSide SE exposes a fixed cryptographic algorithm set, with ECDSA/EdDSA support but no RSA support or software fallback. The PSA TLS support table also marks nrf54h20/cpuapp as "RSA not supported" and TLS 1.2 only.

Based on our inspection, the nRF Cloud MQTT/REST endpoints appear to present RSA-2048-signed server certificates. Our current conclusion is therefore that the nRF54H20 cannot validate the nRF Cloud server certificate chain over these transports using the supported crypto path.

Could you please confirm or correct our understanding on the following points?

  1. Is nRF Cloud FOTA over Wi-Fi currently supported on nRF54H20 + nRF7002 using any transport: MQTT, CoAP, or REST?

    If yes, is there a reference application or sample that has been validated specifically on nRF54H20?

  2. If this combination is not currently supported, is support on the roadmap?

    If so, which NCS release is it currently expected to land in?

  3. Given the RSA limitation described above, is nRF Cloud CoAP FOTA over Wi-Fi a viable path for nRF54H20?

    Specifically, does the nRF Cloud CoAP/DTLS endpoint use a certificate chain and signature algorithms that can be verified by the IronSide SE crypto implementation on nRF54H20?

    If yes, has the nRF54H20 + nRF7002 combination been tested or validated with nRF Cloud CoAP FOTA?

  4. What is Nordic's intended long-term Wi-Fi direction for nRF54H20 + nRF7002?

    Should we expect a supported nRF54H20 + nRF7002 pairing to reach production maturity, including nRF Cloud integration and FOTA? Or is Nordic steering Wi-Fi + nRF Cloud designs toward other host platforms such as nRF54LM20 or nRF7120?


Best Regards,

Kittitouch Lelapiyamit

Related