Buttonless DFU with bond not working

Hello,

Have you changed the address in the bootloader like you did in the application in file ble_app.c on line 545-548?

If you have, can you send the bootloader project as well, so I can replicate the error?

Edit:

I tried to change the address like you did in the bootloader project (hard coded), and now the DFU worked. Not an elegant fix, but you can do this for testing. In the file nrf_ble_dfu.c in the bootloader_secure_ble project, change the gap_params_init() function to the following:

static uint32_t gap_params_init(void)
{
    uint32_t                err_code;
    ble_gap_conn_params_t   gap_conn_params = {0};
    ble_gap_conn_sec_mode_t sec_mode;
    uint8_t const *         device_name;
    uint32_t                name_len;

    BLE_GAP_CONN_SEC_MODE_SET_OPEN(&sec_mode);

#if !defined(NRF_DFU_BLE_REQUIRES_BONDS) || (NRF_DFU_BLE_REQUIRES_BONDS == 0)

    err_code = gap_address_change();
    VERIFY_SUCCESS(err_code);

    if ((m_flags & DFU_BLE_FLAG_USE_ADV_NAME) != 0)
    {
        NRF_LOG_DEBUG("Setting adv name: %s, length: %d", (uint32_t)m_adv_name.name, m_adv_name.len);
        device_name = m_adv_name.name;
        name_len = m_adv_name.len;
    }
    else
#endif
    {
        NRF_LOG_DEBUG("Regular adv name");
        device_name = (uint8_t const *)DEVICE_NAME;
        name_len = strlen(DEVICE_NAME);
    }
    ble_gap_addr_t addr;
    sd_ble_gap_addr_get(&addr);
    for (int i=0; i<6; i++)
    {
        addr.addr[i] = 0xC0;
    }
    err_code = sd_ble_gap_addr_set(&addr);
    VERIFY_SUCCESS(err_code);

    err_code = sd_ble_gap_device_name_set(&sec_mode, device_name, name_len);
    VERIFY_SUCCESS(err_code);

    gap_conn_params.min_conn_interval = MIN_CONN_INTERVAL;
    gap_conn_params.max_conn_interval = MAX_CONN_INTERVAL;
    gap_conn_params.slave_latency     = SLAVE_LATENCY;
    gap_conn_params.conn_sup_timeout  = CONN_SUP_TIMEOUT;

    err_code = sd_ble_gap_ppcp_set(&gap_conn_params);
    return err_code;
}

If that works, read out the address from the register, as you do in the app that you sent me.

The problem for me was that the bootloader didn't use the custom address, and started advertising as DfuTarg with a random address, so the kit that performed the DFU with nRF Connect couldn't find the bootloader board (because it doesn't expect it to change address if bonding is required).

Best Regards,

Edvin

ble_dfu.rar

Hi,

I did changes as per your suggestion but still I see GATT WRITE ERROR.

V             06:03:45.817      [DFU] Enabling indications for 8ec90004-f315-4f60-9fb8-838830daea50

D            06:03:45.817      [DFU] gatt.setCharacteristicNotification(8ec90004-f315-4f60-9fb8-838830daea50, true)

D            06:03:45.819      [DFU] gatt.writeDescriptor(00002902-0000-1000-8000-00805f9b34fb, value=0x02-00)

E             06:03:45.891      [DFU] Error (0x03): GATT WRITE NOT PERMIT

V             06:03:45.891      [DFU] Disconnecting...

D            06:03:45.913      [DFU] gatt.disconnect()

I              06:03:45.913      [DFU] Disconnected

D            06:03:45.913      [DFU] gatt.close()

My steps(used pca10040_debug of BL):

After building app, bootloader I use "flash_sd_bl_app" command from makefile to flash a fresh chip i.e. SD + BL + APP at one go.

I change the APP_VERSION to 2, re-build app and generate DFU package using "generate_dfu_pkg" command from makefile.

I connect nrfconnect from Android phone to device, pair, click on DFU icon and choose the generted dfu package (from above). I see GATT WRITE ERROR as above(check attached dfu_bond.docx file for more info).

Could you let me the detailed steps using Android phone if you succeed in getting DFU working.

I'm wondering if I'm doing something stupid.

Thank you

It looks like you are not bonded. Are you sure that you are?

Could it be that there are other devices in the same area advertising with the same address (C0:C0:C0:C0:C0:C0)?

Try to change the address to something else, something random that no other device in the area is using. Remember to change to that device in the bootloader as well.

When you get the GATT WRITE NOT PERMIT, what LEDs on the DK is on? (LED1 and LED3) or (LED2 and LED3)? 

If it is LED1 and LED3, this suggests that you are not connected to the correct device, because it should change to LED2 and LED3 when it is connected.

I just ran the DFU process with your application and with the modified bootloader where the address is changed in nRF Connect for iOS, and it works. 

BR,

Edvin

I see the device is connected to Android phone in bootloader mode( Led 2 and 3 are ON). I suspect Android_8.0 phone is not encrypting the link when connecting to device in bootloader mode( will confirm with sniffer). When I try to enable or disable dfu service indication I see GAtt write error  and trying to read char configuration of dfu service gives ""expected 16bit but got 128  bit" error message. Do I need to change the bootloader device name "DfuTarg" to match with application device name? Does having different name makes phone to think different device in bootloader mode even though BD address is same?

Could you share your bootloader sdk_config.h file please?

Regards

Suresh

Did you set the STATIC_RANDOM_FLAG in bootloader mode? I have one more suspicion that phone doesn't not re discover the services in bootloader mode since the BD address are same and I believe bootloader has different gatt database making the handles to mismatch.

I did enable the service change request in bootloader mode which should make phone to re discover. Anyway sniffer should give me all details. Let me search for sniffer.