DFU update with encrypted bin file

Question

Hi, 
 We are currently using SDK 10 experimental boot loader example. We would like to encrypt the firmware before creating the zip file for OTA. The procedure we followed is that we replace the original bin file with an encrypted bin file in OTA package. But when we use this package the nordic app(android) does not allow update. 
 I am wondering if the SHA is verified by the app also before starting OTA, since the SHA is calculated on original bin file. The reason we would like to do this way is that we decrypt firmware stream as soon as it is received and then stored in flash pages. Hence we would like to have SHA of original bin file in the init packet. 
 Could you suggest what we can do instead in order for app to send encrypted bin file. 
 FYI: The app says the following
"[DFU] Opening file failed: The zip file must contain an Application, a Softdevice and/or a Bootloader" 
 Here is the example zip file. I can update this package by selecting .bin and .dat file manually. But if i chose zip file it throws error as described above. 
 Thanks in Advance,
Arjun

bjorn-spockeli · Accepted Answer

Hi Arjun, 
 firstly I strongly recommend that you migrate SDK 12 and use the production-ready Secure DFU bootloader instead of the experimental one from SDK v10. 
 No, I do not think that the app verifies the SHA hash before starting the OTA DFU process, it is checked when the entire image is received on the nRF side. 
 The error displayed by the app 
 
 [DFU] Opening file failed: The zip
file must contain an Application, a
Softdevice and/or a Bootloader 
 
 suggests that the application cannot find the manifest.json file in zip file. If you take a look at the ArchiveInputStream function, here is the GitHub link, that parses the zip, you'll see that the app only throws this exeption when its in compatibility mode. Could you attach the zip-file that generates the error?

DFU update with encrypted bin file

Top Replies