Hi support team,
I'm using nrf52840 and SDK 15.0. I need to add buttonless dfu service to my application so that my device could be able to upgrade firmware OTA.
However,I want to add more limits in the buttonless dfu service. What I want to do is,
(1) If the nrf52840 peripheral was not bonded with any devices before, then any central will have access to read/write the buttonless dfu service and trigger the peripheral go into bootloader mode.
(2) If the nrf52840 peripheral has bonded with at least one device before, then only the bonded devices have access to write the buttonless dfu service. Moreover, I don't want to encrypt the connection for DFU process, since bootloader will check the signature inside the init packet.
The problem is, Nordic has a couple of buttonless dfu service (with bond and without bond), and I could choose one of them by enable it in the config file. But using anyone of them seems not be able to match my requirements. My current workaround is,
(1) Use buttonless dfu service without bond
(2) In SDK/15.0/source/components/ble/ble_services/ble_dfu/ble_dfu.c::on_ctrlpt_write at line 74, I will add check in this method, which means if there has bonded devices, only boned device will be able to continue, otherwise BLE_GATT_STATUS_ATTERR_WRITE_NOT_PERMITTED will be returned to gattwrite status.
My concern was on the security, buttonless dfu service with bond will limit the characteristic write access at a low level in sd_ble_xxxx I guess. However, my plan just put a check inside the
