• State Verified Answer
  • Replies 4 replies
  • Subscribers 62 subscribers
  • Views 1736 views
  • Users 0 members are here
Attachments (0)
Nordic Case Info
  • Case ID: 217879
Options
Beware that this post is related to an SDK in maintenance mode
More Info: Consider nRF Connect SDK for new designs
This post is older than 2 years and might not be relevant anymore
More Info: Consider searching for newer posts

DFU: Require bond to write to Buttonless DFU Service, but allow unbonded updates in bootloader

mrono

Hello.

I'd like to set up my Secure DFU bootloader so that bonding is required to activate the bootloader from a peer device (phone). But at the same time I'd like to make sure that there is a way to update the firmware even if the bond information is lost from the phone or the device itself, or even if the existing firmware is completely non-functional.

To do this I have the buttonless DFU bootloader configured to not require bonds, and the bootloader also activates on a button press. Normally firmware updates are initiated from a phone app, and the button acts as the backup. This all works, except that the buttonless DFU without bonds allows an unbonded peer to activate the bootloader. For doing anything else my device requires bonding, so allowing an unbonded device to do DFU is not ideal.

Basically I'd like to do what Einar Thorsrud suggests here. My question is how to best do that? Should I set NRF_DFU_BLE_BUTTONLESS_SUPPORTS_BONDS in the application, but not set the *_REQUIRES_BONDS in the bootloader? Would that work at all?

Or should I edit the hard-coded security parameters of ble_dfu_buttonless_char_add() in ble_dfu_unbonded.c? That would be easy but requires editing the SDK files, which I'd like to avoid.

  • +1

    Hi Markuu, 

    If you want only bonded devices to be able to write to the DFU Service characteristics, but still allow unbonded devices to perform DFU once the device is in bootlaoder mode, then the easiest solution is as you suggested, modify the .cccd_write_access and .write_access to SEC_JUST_WORKS

    dd_char_params.cccd_write_access = SEC_JUST_WORKS;
    add_char_params.write_access = SEC_JUST_WORKS;
    add_char_params.read_access = SEC_OPEN;

    parameters in ble_dfu_buttonless_char_add in ble_dfu_unbonded.c

    This is one of the things that is done when defining NRF_DFU_BLE_BUTTONLESS_SUPPORTS_BONDS = 1 ( using ble_dfu_bonded.c and not _unbonded.c). However, if you would like to have the bond sharing feature, some more modifications are needed on the bootloader side. 

    Best regards

    Bjørn

  • 0 in reply to bjorn-spockeli

    Thank you.

    Bond sharing would be nice, but not strictly required in my case. So I guess editing ble_dfu_unbonded is the way to go. Or actually I'll make a private copy of it.

    Just to confirm my original question: If I would define NRF_DFU_BLE_BUTTONLESS_SUPPORTS_BONDS, then ble_dfu_bonded.c would be used. Security parameters would then be set correctly without modifications. Would this work with a bootloader that doesn't require bonds?

  • 0 in reply to mrono

    Yes, defining NRF_DFU_BLE_BUTTONLESS_SUPPORTS_BONDS will result in  ble_dfu_bonded.c being used. However, this .c file calls a couple  ASVCI (Asynchronous Supervisor interface ) functions that are only compiled into the bootloader when the _REQUIRES_BONDS define is set. Hence, you will need to modify the bootloader to perform unirected advertising instead of directed advertisement with the shared bond information if you want to go this route. 

  • 0 in reply to bjorn-spockeli

    Thank you again.

    I don't really want to make major modifications to the bootloader. I was just wondering if there was a way to get the functionality I want without any modifications to SDK sources.

    Ideally I would like to have the security offered by the bond sharing combined with the "backup mode" of non-bonded DFU if the bootloader was activated by a button press. Perhaps this use case is something Nordic could consider for a future SDK version?

Related

core_v2_widget.Hide()