This post is older than 2 years and might not be relevant anymore
More Info: Consider searching for newer posts

Combined bootloader(BLE + Serial USB) without security

Hi.,

I would like to develop custom boot loader(Combined USB serial and BLE- bootloder) for nrf52580 device., without security feature.,

Environment:

- nrf52580

- Eclipse IDE

- GNU arm gcc compiler

 Does there exists a solution for a combined boot loader without security?


 Is it possible to integrate a combined boot loader into the limited Boot Flash area?

Parents
  • Hello,

    Bootloader without security is supported since SDK15.0.0 with configurable security. 

    “ - Configurable security: New configuration parameters to turn on and off version checking and signature checking of application transfers. Added a new example using the new configurations (open_bootloader).”, i.e. NRF_DFU_REQUIRE_SIGNED_APP_UPDATE in sdk_config.h.

    There is an open bootloader sample in SDK that runs on USB transport.

    You first need to create two open bootloaders on USB and BLE respectively, then merge them properly. This should be possible, but we don't have any example.

    The latest is SDK15.2.0.

    There is no support for Eclipse, I recommend to check out Segger Embedded Studio, free commercial license is available when developing with nordic IC.

    Best regards,
    Kenneth

Reply
  • Hello,

    Bootloader without security is supported since SDK15.0.0 with configurable security. 

    “ - Configurable security: New configuration parameters to turn on and off version checking and signature checking of application transfers. Added a new example using the new configurations (open_bootloader).”, i.e. NRF_DFU_REQUIRE_SIGNED_APP_UPDATE in sdk_config.h.

    There is an open bootloader sample in SDK that runs on USB transport.

    You first need to create two open bootloaders on USB and BLE respectively, then merge them properly. This should be possible, but we don't have any example.

    The latest is SDK15.2.0.

    There is no support for Eclipse, I recommend to check out Segger Embedded Studio, free commercial license is available when developing with nordic IC.

    Best regards,
    Kenneth

Children
  • Hi .,

    Thanks for the input ,

    Which means if I disabled the NRF_DFU_REQUIRE_SIGNED_APP_UPDATE macro will disable the security feature ?

    Also Just i want to know why do we need crypto libraries for open boot loader., is it possible to generate the bootloader without crypto functionalities .,

    if so can I build the application firmware without encryption using nrfutil

  • Hi,

    Kenneth asked me to have a look at your questions.

    Yes, disabling NRF_DFU_REQUIRE_SIGNED_APP_UPDATE should disable the requirement in the bootloader that the update be signed.

    Good question! The bootloader was initially written with signing in mind, and the unsigned version of the bootloader is fairly new. From what I can tell the crypto part of the bootloader is so tightly weaved into the bootloader source code that it is hard to remove. That means unfortunately there is a dependence on a crypto library even though it may in some cases be unnecessary.

    The DFU packet is never encrypted, but it is normally signed (for "Secure DFU"). You can generate a DFU package without signing, i.e. for use with an "open bootloader", simply by omitting the "--key-file" argument to "nrfutil pkg generate (...)". When doing so nrfutil will print a quite noticeable warning in addition to the usual "Zip created at <zip filename>".

    Regards,
    Terje

  • Hi Terje.,

    Thanks for the input I understood., does this libraries will consume more memory space.,

    1 .Now I could able to create the combined (BLE+USB serial bootloader) , able to see the ble advertising data and usb com port is also detected .,

    2. I have an issue when I try to download the blinky_mbr.zip test image via usb serial (with combined bootloader) using nrf utill tool some how the application is not working (meaning led's are not blinking ) , but when I press the IF BOOT/RESET button will switch to the boot loader mode .,

               nrfutil.exe dfu usb_serial -pkg blinky_mbr.zip -p COM77

    But the same image I have tried with open usb boot loader alone it works .,

    3. Then I tried  hrs_application_s140.zip -p  it works for me .,

              nrfutil.exe dfu usb_serial -pkg hrs_application_s140.zip -p COM77

             may I know the reason , is there any dependency on softdevice ., ?

    4 How to build the application firmware without signature ., is there any document available ?

    5. Also how to upload the firmware using nrf connect app via Bluetooth.,

    6. What is the use of public key in creating the bootloader, do i need to use the same public key while creating the application firmware image ?

  • Hi,

    Yes, there is a dependency on SoftDevice. For instance the hrs applicaiton (with s140 in the name of the zip file) requires the S140 SoftDevice.

    All applications are built for a specific location in flash, and that location depends on what SoftDevice is present. (Application is placed directly after SoftDevice in flash and also uses RAM separate from the RAM used by SoftDevice (although stack is shared.)) See also the Memory layout section of the Bootloader documentation.

    Further, some applications require a SoftDevice to function, and they are built for one specific version of that SoftDevice. This also holds for bootloaders. (The OTA DFU bootloaders using BLE all needs a SoftDevice. The open bootloader example is written for USB and only requires the MBR, which is a minimal bootloader responsible for the initial boot sequence.)

    You only need to sign the application when you make a DFU zip package of it, which is done with nrfutil. As stated in my previous answer you do not need to provide a private key to nrfutil when  generating the DFU zip package. If you do not, then the package will not be signed (and can be used for DFU using an open bootloader.)

    I highly recommend before you continue with this work, that you read all of the documentation for Bootloader and DFU modules on Infocenter, as well as the BLE Secure DFU Bootloader example.

    Regards,
    Terje

  • Is this gonna be addressed? The size of the bootloader grew out of control. We reserved enough headspace for the bootloader (almost 4k), but you guys blew past it with almost doubling it size. Configurability is then key. We should be able to remove the features we don't want, e.g. the encryption libs, etc. Is someone working on that?

Related