Hi!
nRF52832, SDK15, SD6.0.0, S132
I try to use secure_bootloader from SDK15 examples. All works.
Now I need encrypt my firmware with AES. I already made it on a SDK13- works fine.
Now after encrypt .bin file in the dfu.zip package, I try to decrypt it in the bootloader project. For that I in a file
nrf_dfu_req_handler.c in a on_data_obj_write_request() function insert my decode function:
static void on_data_obj_write_request(nrf_dfu_request_t * p_req, nrf_dfu_response_t * p_res)
{
NRF_LOG_DEBUG("Handle NRF_DFU_OP_OBJECT_WRITE (data)");
if (!nrf_dfu_validation_init_cmd_present())
{
/* Can't accept data because DFU isn't initialized by init command. */
p_res->result = NRF_DFU_RES_CODE_OPERATION_NOT_PERMITTED;
return;
}
uint32_t const data_object_offset = s_dfu_settings.progress.firmware_image_offset -
s_dfu_settings.progress.firmware_image_offset_last;
if ((p_req->write.len + data_object_offset) > s_dfu_settings.progress.data_object_size)
{
/* Can't accept data because too much data has been received. */
NRF_LOG_ERROR("Write request too long");
p_res->result = NRF_DFU_RES_CODE_INVALID_PARAMETER;
return;
}
uint32_t const write_addr = m_firmware_start_addr + s_dfu_settings.write_offset;
ASSERT(p_req->callback.write);
// az
for (int i = 0; i < p_req->write.len; i+=16)
{
AES128_ECB_decrypt (p_req->write.p_data + i, key, p_req->write.p_data + i);
}
ret_code_t ret =
nrf_dfu_flash_store(write_addr, p_req->write.p_data, p_req->write.len, p_req->callback.write);
if (ret != NRF_SUCCESS)
{
/* When nrf_dfu_flash_store() fails because there is no space in the queue,
* stop processing the request so that the peer can detect a CRC error
* and retransmit this object. Remember to manually free the buffer !
*/
p_req->callback.write((void*)p_req->write.p_data);
return;
}
/* Update the CRC of the firmware image. */
s_dfu_settings.write_offset += p_req->write.len;
s_dfu_settings.progress.firmware_image_offset += p_req->write.len;
s_dfu_settings.progress.firmware_image_crc =
crc32_compute(p_req->write.p_data, p_req->write.len, &s_dfu_settings.progress.firmware_image_crc);
/* This is only used when the PRN is triggered and the 'write' message
* is answered with a CRC message and these field are copied into the response.
*/
p_res->write.crc = s_dfu_settings.progress.firmware_image_crc;
p_res->write.offset = s_dfu_settings.progress.firmware_image_offset;
}
AES128_ECB_decrypt().....
One more- this function works fine with same syntax on the SDK13.
But in the SDK13 after that I write another CRC and it works.
Now on SDK15 when I try to update via smartphone, I see error on the smartphone - ERROC CRC.
Also I have RTT log of it:
0> <debug> nrf_dfu_req_handler: 0> <debug> nrf_dfu_req_handler: Handle NRF_DFU_OP_CRC_GET (data) 0> <debug> nrf_dfu_req_handler: Offset:2928, CRC:0xA907DD27 0> <debug> nrf_dfu_req_handler: Request handling complete. Result: 0x1 0> <debug> app: Shutting down transports (found: 1) 0> <debug> nrf_dfu_req_handler: Handle NRF_DFU_OP_OBJECT_CREATE (data) 0> <debug> nrf_dfu_flash: nrf_fstorage_erase(addr=0x0x00039000, len=1 pages), queue usage: 0 0> <debug> nrf_dfu_req_handler: Creating object with size: 4096. Offset: 0x00000000, CRC: 0x00000000 0> <debug> nrf_dfu_req_handler: Request handling complete. Result: 0x1 0> <debug> nrf_dfu_ble: Buffer 0x20005EB8 acquired, len 244 (244) 0> <debug> nrf_dfu_req_handler: Handle NRF_DFU_OP_OBJECT_WRITE (data) 0> <debug> nrf_dfu_flash: Flash erase success: addr=0x00039000, pending 0 0> <debug> nrf_dfu_flash: nrf_fstorage_write(addr=0x00039000, src=0x20005EB8, len=244 bytes), queue usage: 0 0> <debug> nrf_dfu_req_handler: Request handling complete. Result: 0x1 0> <debug> nrf_dfu_flash: Flash write success: addr=0x00039000, pending 0 0> <debug> nrf_dfu_ble: Freeing buffer 0x20005EB8 0> <debug> nrf_dfu_ble: Buffer 0x20005EB8 acquired, len 244 (244) 0> <debug> nrf_dfu_req_handler: Handle NRF_DFU_OP_OBJECT_WRITE (data) 0> <debug> nrf_dfu_ble: Buffer 0x20005FAC acquired, len 244 (244) 0> <debug> nrf_dfu_flash: nrf_fstorage_write(addr=0x000390F4, src=0x20005EB8, len=244 bytes), queue usage: 0 0> <debug> nrf_dfu_req_handler: Request handling complete. Result: 0x1 0> <debug> nrf_dfu_req_handler: Handle NRF_DFU_OP_OBJECT_WRITE (data) 0> <debug> nrf_dfu_ble: Buffer 0x20006194 acquired, len 244 (244) 0> <debug> nrf_dfu_flash: Flash write success: addr=0x000390F4, pending 0 0> <debug> nrf_dfu_ble: Freeing buffer 0x20005EB8 0> <debug> nrf_dfu_flash: nrf_fstorage_write(addr=0x000391E8, src=0x20005FAC, len=244 bytes), queue usage: 0 0> <debug> nrf_dfu_req_handler: Request handling complete. Result: 0x1 0> <debug> nrf_dfu_req_handler: Handle NRF_DFU_OP_OBJECT_WRITE (data) 0> <debug> nrf_dfu_ble: Buffer 0x20005EB8 acquired, len 244 (244) 0> <debug> nrf_dfu_flash: Flash write success: addr=0x000391E8, pending 0 0> <debug> nrf_dfu_ble: Freeing buffer 0x20005FAC 0> <debug> nrf_dfu_flash: nrf_fstorage_write(addr=0x000392DC, src=0x20006194, len=244 bytes), queue usage: 0 0> <debug> nrf_dfu_req_handler: Request handling complete. Result: 0x1 0> <debug> nrf_dfu_req_handler: Handle NRF_DFU_OP_OBJECT_WRITE (data) 0> <debug> nrf_dfu_ble: Buffer 0x20005FAC acquired, len 244 (244) 0> <debug> nrf_dfu_ble: Buffer 0x20006288 acquired, len 244 (244) 0> <debug> nrf_dfu_flash: nrf_fstorage_write(addr=0x000393D0, src=0x20005EB8, len=244 bytes), queue usage: 1 0> <debug> nrf_dfu_req_handler: Request handling complete. Result: 0x1 0> <debug> nrf_dfu_req_handler: Handle NRF_DFU_OP_OBJECT_WRITE (data) 0> <debug> nrf_dfu_flash: Flash write success: addr=0x000392DC, pending 1 0> <debug> nrf_dfu_ble: Freeing buffer 0x20006194 0> <debug> nrf_dfu_ble: Buffer 0x20006194 acquired, len 244 (244) 0> <debug> nrf_dfu_flash: Flash write success: addr=0x000393D0, pending 0 0> <debug> nrf_dfu_ble: Freeing buffer 0x20005EB8 0> <debug> nrf_dfu_ble: Buffer 0x20005EB8 acquired, len 244 (244) 0> <debug> nrf_dfu_flash: nrf_fstorage_write(addr=0x000394C4, src=0x20005FAC, len=244 bytes), queue usage: 0 0> <debug> nrf_dfu_req_handler: Request handling complete. Result: 0x1 0> <debug> nrf_dfu_req_handler: Handle NRF_DFU_OP_OBJECT_WRITE (data) 0> <debug> nrf_dfu_flash: Flash write success: addr=0x000394C4, pending 0 0> <debug> nrf_dfu_ble: Freeing buffer 0x20005FAC 0> <debug> nrf_dfu_ble: Buffer 0x20005FAC acquired, len 244 (244) 0> <debug> nrf_dfu_flash: nrf_fstorage_write(addr=0x000395B8, src=0x20006288, len=244 bytes), queue usage: 0 0> <debug> nrf_dfu_req_handler: Request handling complete. Result: 0x1 0> <debug> nrf_dfu_req_handler: Handle NRF_DFU_OP_OBJECT_WRITE (data) 0> <debug> nrf_dfu_ble: Buffer 0x200060A0 acquired, len 244 (244) 0> <debug> nrf_dfu_flash: Flash write success: addr=0x000395B8, pending 0 0> <debug> nrf_dfu_ble: Freeing buffer 0x20006288 0> <debug> nrf_dfu_flash: nrf_fstorage_write(addr=0x000396AC, src=0x20006194, len=244 bytes), queue usage: 0 0> <debug> nrf_dfu_req_handler: Request handling complete. Result: 0x1 0> <debug> nrf_dfu_req_handler: Handle NRF_DFU_OP_OBJECT_WRITE (data) 0> <debug> nrf_dfu_ble: Buffer 0x20006288 acquired, len 244 (244) 0> <debug> nrf_dfu_flash: nrf_fstorage_write(addr=0x000397A0, src=0x20005EB8, len=244 bytes), queue usage: 1 0> <debug> nrf_dfu_req_handler: Request handling complete. Result: 0x1 0> <debug> nrf_dfu_req_handler: Handle NRF_DFU_OP_OBJECT_WRITE (data) 0> <debug> nrf_dfu_flash: Flash write success: addr=0x000396AC, pending 1 0> <debug> nrf_dfu_ble: Freeing buffer 0x20006194 0> <debug> nrf_dfu_flash: Flash write success: addr=0x000397A0, pending 0 0> <debug> nrf_dfu_ble: Freeing buffer 0x20005EB8 0> <debug> nrf_dfu_flash: nrf_fstorage_write(addr=0x00039894, src=0x20005FAC, len=244 bytes), queue usage: 0 0> <debug> nrf_dfu_req_handler: Request handling complete. Result: 0x1 0> <debug> nrf_dfu_req_handler: Handle NRF_DFU_OP_OBJECT_WRITE (data) 0> <debug> nrf_dfu_flash: Flash write success: addr=0x00039894, pending 0 0> <debug> nrf_dfu_ble: Freeing buffer 0x20005FAC 0> x200060A0, len=244 bytes), queue usage: 0 0> a) 0> <debug> nrf_dfu_ble: Advertising... 0> <info> nrf_bootloader_wdt: Internal feed
In wich place of bootloader should I clear or replace CRC ? I just want to reject this verification from bootloader.
