• State Not Answered
  • Replies 18 replies
  • Subscribers 73 subscribers
  • Views 7017 views
  • Users 0 members are here
Attachments (0)
Nordic Case Info
  • Case ID: 115473
Options
This post is older than 2 years and might not be relevant anymore
More Info: Consider searching for newer posts

No transport to DfuTarg observed after "Enabling DFU Bootloader..."

Ray

First attempt at implementing buttonless dfu; assistance would be greatly appreciated. Using SDK v11 + s130 + nRF51822.

Please note that iphone screen captures supporting my observations can be seen here: https://goo.gl/VlYdBY

I wrote a bootloader, and successfully installed it with sd + app. It seems to be operating well and I'm able to debug, so I am capable of execution flow trace.

I created an app-only zip with good start packet using nrfutil, and added it to NRF Toolbox iOS app as a user file.

I start up my device, which is advertising for dfu properly.

In NRF Toolbox I select my file, then select my device as the target. I then tap "Upload".

The ios App begins the process. It quickly says "Starting update" followed by "Enabling DFU Bootloader...", and then it just sits there forever.

In debugging on the device, I can see that I get all the way through dfu_transport_update_start just fine, and at this point I'm in the bootloader.c wait_for_events() loop as I should be. (It eventually times out properly.)

However, oddly, while the phone is sitting there "Enabling DFU Bootloader...", the device never reaches ble_evt_dispatch() in the dfu transport - not a single time - indicating to me that the phone doesn't seem to be connecting into my device to initiate the transport.

When I use nRF Connect to see what's going on, I do see DfuTarg being advertised. When I Connect to it, I see "Legacy DFU Service" as the primary service. When I open the service, I see Legacy DFU Packet, Control Point, and Revision. (See photos for details.)

The encouraging thing is that when I do use nRF Connect to examine these things, I DO nicely get events coming into the handler at ble_evt_dispatch() within dfu_transport_ble.c. However, as I said, I get nothing coming into that handler as triggered by nRF Toolbox's DFU process.

(It is a bit odd that these things are called "Legacy DFU" given that I'm using the up-to-date SDK and the up-to-date nRF Toolbox & Connect apps. Perhaps a better version must be coming in sdkv12?)

In any case, as I said, the DFU seems to be starting nicely, but I'm blocked at this point given that the BLE transport doesn't seem to be being kicked off.

Any thoughts about what to try next would sincerely be appreciated; thanks for your time.

  • 0 in reply to Richard

    PROBLEM SOLVED - at least for me.

    Simple description: In my app's ble_evt_dispatch(), I neglected to add a call to dm_ble_evt_handler() when I was inserting the DFU code. Here's the longer explanation:

    void ble_evt_dispatch(ble_evt_t *p_ble_evt) {

    // Make sure that we process DM events, else connections won't be registered with DM.  
// The most significant result of this is that DFU won't work; it won't leave an "Enabling..." state.                                   
// because the DM needs to be looked up.  Call stack:                                                                                   
// dfu_app_on_dfu_evt(), when evt_type == BLE_DFU_START                                                                                 
//  bootloader_start(p_dfu->conn_handle), which is valid                                                                                
//   dfu_app_peer_data_set(conn_handle), which is supposed to set peer_data                                                             
//    dm_handle_get(conn_handle, &m_dm_handle), ...                                                                                     
//      looks up handle in connection table associated with dm_                                                                         
// ...so where does it get put INTO this connection table?                                                                              
//  dm_ble_evt_handler(p_ble_evt) is supposed to be called by your own ble_evt_dispatch                                                 
//   BLE_GAP_EVT_CONNECTED adds it.                                                                                                     
// The bug was that I failed to have this call to dm_ble_evt_handler() in my ble_evt_dispatch.                                          

dm_ble_evt_handler(p_ble_evt);
  • 0 in reply to Richard

    Hi, I was just about to ask a question about this same problem! Looks like it's maybe a recent nuisance??

    I'm using SDK v10 (as my app is part mBed based) and I see the same problem.

    Using nRF Toolbox I start a DFU upload and it hangs at "Enabling DFU bootloader...". I've found that if I then kill & re-launch the nRF Toolbox app and upload to the newly-advertising "DfuTarg" it uploads fine. I guess nRF Toolbox is storing some info on the old DFUService and getting confused when it updates to the DfuTarg version.

    I can also successfully upload after having "manually" started the DFU process by writing a byte to the DFU Control Point (using the iOS app LightBlue Explorer) and then going to nRF Toolbox and uploading to the newly-advertised DFUTarg device...

    @Ray I'll attempt to implement your fix and see if that works if I can

  • 0 in reply to Richard

    So, because of using mbed code to call the DFU-bootloader via the BLE_API (mbed API) it seemed difficult/confusing to use Ray's fix above, but I think it's essentially the same root cause. Something unusual about the way the mbed code starts the Dfu-bootloader and some params are lost/not-communicated and then dfu_ble_peer_data_get() fails etc. (see Ray's comment 2nd from top).

    My bodge that has worked was to change the line 1073 in the DFU boot loader code: addr.addr[0] += 1

    to: addr.addr[0] += 0;

    This allows the boot loader to run through all the same checks, fail to find params, but will not increment the MAC address therefore allowing iOS to find the same "device ID" again (which is assigned by iOS not the firmware).

    It's a bodge, but this is more-or-less done in the mbed-sanctioned modified boot loader you can find on the mbed github.

  • 0

    It has been a long cases and I'm not sure which question has already been solved and which is still pending. But I can provide some information:

    • If the device is not bonded to a central, when it switch to bootloader, we will try to advertise when in bootloader mode with Address + 1. This is explained at question I here.

    • The nRFToolbox app or the nRF Connect should be able to automatically detect this and connect to the +1 address. [UPDATE]This is wrong, nRFToolbox and nRFConnect now only look for same address not the +1 address.

    • the peer_data is the bonding information and central address that we pass from the application to the bootloader so that the phone can rebond when the bootloader is running. This is also explained in the FAQ linked above.

    • We call the current DFU "Legacy DFU" because of the new more secured DFU is coming in SDK v12 very soon. Unfortunately, it's not backward compatible.

  • 0 in reply to Hung Bui

    Hi Hung,

    Thanks for the detailed reply. Two main questions if you can:

    From your advice & link to the FAQ I've reverted my bootloader code so the default "address + 1" behaviour still occurs. Can you confirm that leaving this address incrementing is the best approach to ensure Android compatibility?

    Are you sure the nRF Toolbox app works with this address increase?? It just hangs at "enabling DFU bootloader" at the moment on the iOS app version... I'll try nRF Connect to double check.

Related
Terms of service