https://devzone.nordicsemi.com/f/nordic-q-a/33643/erase-the-previous-program-when-secure-ota-with-wrong-keyHi, I am working on secure OTA in my custom Board which is having nrf51822. I had done secure OTA successfully with SDK 12 but when i am trying to update the code using wrong private key at that time my old program erased by itself and my board starten-USTelligent Community 13Fri, 04 May 2018 11:04:28 GMThttps://devzone.nordicsemi.com/thread/130999?ContentTypeID=1Fri, 04 May 2018 11:04:28 GMT137ad170-7792-4731-bb38-c0d22fbe4515:f7c3a712-e18a-43f4-b308-91dd54bec7c7Nilesh Bhavsar<p>Hello Sir,</p> <p>There is silly mistake by me in testing.</p> <p>When i update the program using wrong credential. it is not like erase program but make it in again &quot;DFUtarg&quot; mode or when i restart device its start working normally like my previous application.</p> <p>Thank you.&nbsp;</p><div style="clear:both;"></div>https://devzone.nordicsemi.com/thread/130009?ContentTypeID=1Thu, 26 Apr 2018 15:23:41 GMT137ad170-7792-4731-bb38-c0d22fbe4515:c92722c8-777b-4f52-a3a4-40b50d622e76Rune Holmgren<p>It sounds to me like you are having a different problem. A wrong key shouldn&#39;t invalidate the existing application.&nbsp;I might have to try this out myself since there could be some bug unknown to me. If I can reproduce the issue I can help find a suitable workaround. First I have a few questions:</p> <p>What error code are you getting from the device?</p> <p>Is the failing update you are sending completely identical to the successful one?</p> <p>Have you tried resetting the device after the failed update to ensure that it&#39;s not just the device being ready to receive another update?</p> <p>Best regards,<br />Rune Holmgren</p><div style="clear:both;"></div>https://devzone.nordicsemi.com/thread/129385?ContentTypeID=1Mon, 23 Apr 2018 14:46:10 GMT137ad170-7792-4731-bb38-c0d22fbe4515:bda8ead9-a6e3-4471-b8ff-17e869306192Nilesh Bhavsar<p>Hello sir,</p> <p></p> <p>Thank for your response.</p> <p>But, i tried to change&nbsp;<span>function &quot;nrf_dfu_find_cache&quot; which is called in &quot;dfu_req_handling.c&quot;. By calling this function&nbsp;with &quot;true&quot; instead of &quot;false&quot;. There is no change in behaviour of my chip. It will erase the program if once try to update using wrong key.</span></p><div style="clear:both;"></div>https://devzone.nordicsemi.com/thread/129361?ContentTypeID=1Mon, 23 Apr 2018 13:30:59 GMT137ad170-7792-4731-bb38-c0d22fbe4515:eb4cbce8-6f2a-4141-ae9a-ed84978f9b99Rune Holmgren<p>Hi,</p> <p>When a DFU process is running, there are a few different phases to consider. They are distinctly separated&nbsp;by the prevalidation and post validation operation.</p> <p><strong>Before prevalidation</strong></p> <p>Everything that happens before prevalidation can be done by anyone at any time given that they are able to connect to the BLE device. Because of this, we never perform operations at this point which are not reversible during this period. We will initiate the DFU process and receive the &quot;init packet&quot;.</p> <p><strong>Prevalidation</strong></p> <p>After receiving the init packet, the prevalidation is run. At this point, we will check that this update is to be started. This includes checking compatibility with the SoftDevice, checking hardware version numbers, checking the version number of the new firmware, and finally verifying the ECDSA based signature. Only with a successful prevalidation will we continue the process. Note that the &quot;debug&quot; version of the bootloaders available in the SDK will skip several checks.</p> <p><strong>Between pre- and </strong>postvalidation</p> <p>In this period we will be receiving the new firmware. If there is enough space to perform a dual bank update, the bootloader will not remove the existing application. If such an update fails though power failure, an invalid package or BLE disconnection, the original application will still be present and valid. However, if there is not enough free space for the new update the bootloader will delete the existing application and use the free space. If a single bank update is interrupted the device will only have a bootloader and no app. It can not be used until an application update has been performed.</p> <p>In your case you want to never be in a situation where the application is deleted. This means that you will have to have enough space on the device to perform the update. You may change the value of the &quot;dual_bank_only&quot; parameter in the function &quot;nrf_dfu_find_cache&quot; which is called in &quot;dfu_req_handling.c&quot;. By calling this function&nbsp;with &quot;true&quot; instead of &quot;false&quot; you force the device to reject any updates too large for dual banking. Note that this means you have to have a small enough application to receive&nbsp;whatever updates you are planning to send. On an nRF51 this means a very small application.</p> <p><strong>Post validation and after post validation</strong></p> <p>Not relevant to your problem. If the application has not been removed by this point, you will not have any issues.</p> <p>&nbsp;</p> <p><em><strong>&quot;I had done secure OTA successfully with SDK 12 but when </strong></em>i<em><strong> am trying to update the code using </strong></em>wrong<em><strong> private key at that time my old program erased by itself and my board start to emit &quot;DFUTarg&quot;.&quot;</strong></em></p> <p>This is not something that should happen just because you have used the wrong key. Are you using the debug version of the example or something? I am curious as to how you got into this state. If you reset the device, will it the still not switch to the application?</p> <p>Best regards,<br />Rune Holmgren</p> <p>&nbsp;</p><div style="clear:both;"></div>