• State Verified Answer
  • Replies 15 replies
  • Subscribers 67 subscribers
  • Views 4665 views
  • Users 0 members are here
Attachments (0)
Nordic Case Info
  • Case ID: 229872
Options
This post is older than 2 years and might not be relevant anymore
More Info: Consider searching for newer posts

dfu removes bonds

Carlos

Hello,

I am using secure dfu with bonds (SDKv15.3, Segger, nrF52832), it works fine however after each dfu (application only) I lose the bond information.

I have search about it and found that there are several variables that can affect to it, I think I checked all of them but the problem still remains:

1-I use nRF Toolbox from Android phone and I enabled the "keep bonds" option on the settings. Can you btw tell me what is doing exactly this option and how is this setting is transfered to the secure dfu code to remove or not the bonds?

2-The sdk_config.h on the secure download has NRF_DFU_APP_DATA_AREA_SIZE set to 12288 (I think is correct to match FDS 3*4*1024)

3-FDS on the application side (based on heart rate example) has FDS_VIRTUAL_PAGES = 3, FDS_VIRTUAL_PAGE_SIZE = 1024, where I think stores the bonds.

According to comment on sdk_config.h it is same size as 12288:

// <i> The total amount of flash memory that is used by FDS amounts to @ref FDS_VIRTUAL_PAGES * @ref FDS_VIRTUAL_PAGE_SIZE * 4 bytes.

To me knowledge all seems to be fine, but .... why I after dfu the phone and board cannot connect?

To bypass the problem I remove bonds on the board and phone and connect them after each dfu, then everything seems to work fine... till the next dfu.

Thanks,

Carlos

Parents
  • 0

    HI Carlos,

    I agree that the NRF_DFU_APP_DATA_AREA_SIZE  looks correct. 

    Can you btw tell me what is doing exactly this option and how is this setting is transfered to the secure dfu code to remove or not the bonds?

    The "keep bonds" in the nrf Toolbox app refers to the bonding information on the Android device. No bonding data is transferred to the nRF device by the nRF Toolbox app.

    Could you try to use the nRF Connect app to perform the DFU instead of nRF Toolbox? Do you see the same behavior there?

    If you do, could you capture a sniffer trace using our nRF Sniffer v2? It will make it easier to see which peer, i.e. the nRF or the Android, that does not have the correct bonding data.

    Best regards

     Best regards

    Bjørn 

  • 0 in reply to bjorn-spockeli

    Hello again,

    I found a similar case 

    https://devzone.nordicsemi.com/f/nordic-q-a/36346/a-problem-on-buttonless-dfu-bonding-valid

    The effect I have is same as described here, however I didn't change MTU size...

    Anyway, do you know if this issues was fixed?

    During the dfu I see this logs:

    <info> app: ble_evt_handler 0x10
    <info> app: Connected.
    <info> app: ble_evt_handler 0x14
    <info> peer_manager_handler: Connection secured: role: Peripheral, conn_handle: 0, procedure: Encryption
    <info> app: ble_evt_handler 0x1A
    <info> app: ble_evt_handler 0x50
    <info> app: Received indication state 1
    <info> app: ble_evt_handler 0x50
    <info> app: Writing peer data to the bootloader...
    <info> app: ble_evt_handler 0x51
    <info> app: Device is preparing to enter bootloadï[info> app: Device is preparing to enter bootloader mode.
    <info> app: Disconnected 1 links.
    <info> app: ble_evt_handler 0x53
    <info> app: Device will enter bootloader mode.
    <info> pwr_mgmt: Shutdown request 2
    <info> pwr_mgmt: Shutdown started. Type 2
    <info> app: Power management wants to reset to DFU mode.
    <info> app: Power management allowed to reset to DFU mode.
    <info> pwr_mgmt: SysOff handler 0x0002C401 => ready
    <info> pwr_mgmt: Shutdown complete.
    <info> pwr_mgmt: NVIC_SystemReset

    When I connect same phone after dfu I see this logs I print event on evt_handler(this should correspond to the sniffer I sent you):

    <info> app: ble_evt_handler 0x10
    <info> app: Connected.
    <info> app: ble_evt_handler 0x54
    <info> app: ble_evt_handler 0x14
    <info> peer_manager_handler: Connection secured: role: Peripheral, conn_handle: 0, procedure: Encryption
    <info> app: ble_evt_handler 0x1A
    <info> app: ble_evt_handler 0x12

    Could you look at the sniffer log?

    After that only works if I delete bond on both nrf and phone...

    Thanks,

    Carlos

  • 0 in reply to Carlos

    Looking up the event IDs from the debug log:

    Event ID 0x10 = BLE_GAP_EVT_CONNECTED

    Event ID 0x12 = BLE_GAP_EVT_CONN_PARAM_UPDATE/**< Connection Parameters updated.

    Event ID 0x14 = BLE_GAP_EVT_SEC_INFO_REQUEST  /**< Request to provide security information.

    Event ID 0x1A = BLE_GAP_EVT_CONN_SEC_UPDATE /**< Connection security updated.

    Event ID 50 = BLE_GATTS_EVT_WRITE /**< Write operation performed.   

    Event ID 51 = BLE_GATTS_EVT_RW_AUTHORIZE_REQUEST  /**< Read/Write Authorization request.    

    Event ID 53 = BLE_GATTS_EVT_HVC        /**< Handle Value Confirmation.  

    Event ID 54 = BLE_GATTS_EVT_SC_CONFIRM /**< Service Changed Confirmation.   

    I cannot see anything abnormal in the sniffer trace you attached. The nRF device responding with the LL_ENC_RSP and the LL_START_ENC_REQ and after that the link is secured. 

    You say that: 

    Carlos said:
    After that only works if I delete bond on both nrf and phone...

    Do you mean that you are not able to connect to the device again if you disconnect after this point? If so did you also capture a sniffer trace when try to reconnect?

Reply
  • 0 in reply to Carlos

    Looking up the event IDs from the debug log:

    Event ID 0x10 = BLE_GAP_EVT_CONNECTED

    Event ID 0x12 = BLE_GAP_EVT_CONN_PARAM_UPDATE/**< Connection Parameters updated.

    Event ID 0x14 = BLE_GAP_EVT_SEC_INFO_REQUEST  /**< Request to provide security information.

    Event ID 0x1A = BLE_GAP_EVT_CONN_SEC_UPDATE /**< Connection security updated.

    Event ID 50 = BLE_GATTS_EVT_WRITE /**< Write operation performed.   

    Event ID 51 = BLE_GATTS_EVT_RW_AUTHORIZE_REQUEST  /**< Read/Write Authorization request.    

    Event ID 53 = BLE_GATTS_EVT_HVC        /**< Handle Value Confirmation.  

    Event ID 54 = BLE_GATTS_EVT_SC_CONFIRM /**< Service Changed Confirmation.   

    I cannot see anything abnormal in the sniffer trace you attached. The nRF device responding with the LL_ENC_RSP and the LL_START_ENC_REQ and after that the link is secured. 

    You say that: 

    Carlos said:
    After that only works if I delete bond on both nrf and phone...

    Do you mean that you are not able to connect to the device again if you disconnect after this point? If so did you also capture a sniffer trace when try to reconnect?

Children
  • 0 in reply to bjorn-spockeli

    Sorry, may be my explanation was not precise, I can connect but cannot see services that are SEC_JUST_WORKS after the dfu.

    The only way to see again the resources is to remove bonds on all sides (phone and nRf) and connect again.

    I guess is similar issue as stated in:

    https://devzone.nordicsemi.com/f/nordic-q-a/36346/a-problem-on-buttonless-dfu-bonding-valid

    That after dfu resources are lost and only way to see them again is to remove bonds.

    Thks

  • 0 in reply to bjorn-spockeli

    I will try to get full sniffer, before dfu (bond and normal operation) -> dfu -> normal operation after dfu (mobile app reports 'cannot subscribe to event' and if I check with nRF connect I can connect but cannot see any service like bas, dis, dfu...).

    Would it help  this trace or do you already have an idea to check? Please tell me how to proceeed. I guess issue is related with service change... but learning and understanding the full SDK is hard without your support.

    Thks

  • 0 in reply to Carlos

    Hello,

    I uploaded full sniffer for all proces normal condition, dfu and post-dfu normal condition on private case: Case ID: 229977

    I hope you can have a look and help me to fix the issue.

    Here I paste the log from the board corresponding to the sniffer trace

    **********First launch of phone app and nRf board, fails to bond*****************
    <info> app: ble_evt_handler 0x10
    <info> app: Connected
    <info> peer_manager_handler: Connection security failed: role: Peripheral, conn_handle: 0x0, procedure: Encryption, error: 4102
    <info> app: ble_evt_handler 0x14
    <info> app: ble_evt_handler 0x13
    <info> peer_manager_handler: Connection security failed: role: Peripheral, conn_handle: 0x0, procedure: Bonding, error: 132
    <info> app: ble_evt_handler 0x19
    <info> app: BLE_GAP_EVT_AUTH_STATUS: status=0x84 bond=0x0 lv4: 0 kdist_own:0x0 kdist_peer:0x0
    <info> app: ble_evt_handler 0x12
    <info> app: Fast advertising.
    <info> app: PLX on_disconnect
    <info> app: ble_evt_handler 0x11
    <info> app: Disconnected, reason 0x13.
    <info> app: Disconnected, reason BLE_HCI_REMOTE_USER_TERMINATED_CONNECTION


    Switch off and on nRF board
    **********Second launch of phone app and nRf board, everything goes fine, all sucessive uses works fine always from this point*****************
    <info> app: ble_evt_handler 0x10
    <info> app: Connected
    <info> app: ble_evt_handler 0x12
    <info> app: ble_evt_handler 0x12
    <info> app: ble_evt_handler 0x13
    <info> app: ble_evt_handler 0x12
    <info> app: ble_evt_handler 0x1A
    <info> peer_manager_handler: Connection secured: role: Peripheral, conn_handle: 0, procedure: Bonding
    <info> app: ble_evt_handler 0x19
    <info> app: BLE_GAP_EVT_AUTH_STATUS: status=0x0 bond=0x1 lv4: 0 kdist_own:0x3 kdist_peer:0x3
    <info> app: ble_evt_handler 0x35
    <info> app: ble_evt_handler 0x36
    <info> app: ble_evt_handler 0x50
    <info> app: ble_evt_handler 0x53
    <info> app: Fast advertising.
    <info> app: PLX on_disconnect
    <info> app: ble_evt_handler 0x11
    <info> app: Disconnected, reason 0x13.
    <info> app: Disconnected, reason BLE_HCI_REMOTE_USER_TERMINATED_CONNECTION


    Switch off and on nRF board
    **********Second launch of phone app and nRf board, everything goes fine*****************
    <info> app: ble_evt_handler 0x10
    <info> app: Connected
    <info> app: ble_evt_handler 0x14
    <info> peer_manager_handler: Connection secured: role: Peripheral, conn_handle: 0, procedure: Encryption
    <info> app: ble_evt_handler 0x1A
    <info> app: ble_evt_handler 0x50
    <info> app: ble_evt_handler 0x53
    <info> app: Fast advertising.
    <info> app: ble_evt_handler 0x11
    <info> app: Disconnected, reason 0x13.
    <info> app: Disconnected, reason BLE_HCI_REMOTE_USER_TERMINATED_CONNECTION

    Switch off and on nRF board
    **********Made secure dfu bonded to the same application, everything goes fine*****************
    <info> app: ble_evt_handler 0x10
    <info> app: Connected
    <info> app: ble_evt_handler 0x14
    <info> peer_manager_handler: Connection secured: role: Peripheral, conn_handle: 0, procedure: Encryption
    <info> app: ble_evt_handler 0x1A
    <info> app: ble_evt_handler 0x50
    <info> app: Received indication state 1
    <info> app: ble_evt_handler 0x50
    <info> app: Writing peer data to the bootloader...
    <info> app: ble_evt_handler 0x51
    <info> app: Device is preparing to enter bootloadã[info> app: Device is preparing to enter bootloader mode.
    <info> app: Disconnected 1 links.
    <info> app: ble_evt_handler 0x53
    <info> app: Device will enter bootloader mode.
    <info> pwr_mgmt: Shutdown request 2
    <info> pwr_mgmt: Shutdown started. Type 2
    <info> app: Power management wants to reset to DFU mode.
    <info> app: Power management allowed to reset to DFU mode.
    <info> pwr_mgmt: SysOff handler 0x0002C405 => ready
    <info> pwr_mgmt: Shutdown complete.
    <info> pwr_mgmt: NVIC_SystemReset

    **********First start after DFU, connects to phone but no services are displayed. From this point all sucesive trials are same until we remove bonds on both phone and nRF and then we go to step1 and we got the system working fine forever (till next dfu)*****************
    <info> app: ble_evt_handler 0x10
    <info> app: Connected
    <info> app: ble_evt_handler 0x54
    <info> app: ble_evt_handler 0x14
    <info> peer_manager_handler: Connection secured: role: Peripheral, conn_handle: 0, procedure: Encryption
    <info> app: ble_evt_handler 0x1A
    <info> app: ble_evt_handler 0x12

    Thank you for your help!

  • +1 in reply to Carlos

    Hi Carlos, 

    Looking at the sniffer trace and the last connection I cannot see anything wrong with regards to the reencryption using the bonding data( i.e. stored encryption key). The link layer packets(i.e. LL_ENC_REQ/RSP, LL_START_ENC_REQ/RSP) are all send in the correct order and the parameters look good.

    So the bonding data must be preserved during the DFU otherwise you should have gotten a LL_REJECT_IND or LL_REJECT_EXT_IND packet in return. 

    The sniffer trace does not show any LL activity nor ATT activity after the link is encrypted. If the nRF device was bonded with the Android device, then it should have cached the GATT table of the application. However, it could be that you simply have to update the GATT attribute 

    Does the DFU update increase or modify the GATT table of the application compared to the application that was replaced? OItherwise,the GATT attribute table handles should be the same as before the DFU. 

    Can you check if the NRF_SDH_BLE_SERVICE_CHANGED define in sdk_config.h is set in the bootloader project? Could you also check if this is set in the applicaiton as well?

    We do have a "refresh device cache" feature in nRF Connect. Connect to the device, then press the three vertical dots in the upper-right corner and then press "Refresh device cache". Does the Android device perform a new service discovery and display the services and characteristics after doing this?

    Best regards

    Bjørn

  • 0 in reply to bjorn-spockeli

    Thank you Bjorn,

    regarding you questions;

    >>Does the DFU update increase or modify the GATT table of the application compared to the application >>that was replaced? OItherwise,the GATT attribute table handles should be the same as before the >>DFU. 

    No, application is exactly same before and after because dfu, after compile I generate hex and app_package. I write hex files in the board and then I update app to the same version, so no change in the application.

    >>Can you check if the NRF_SDH_BLE_SERVICE_CHANGED define in sdk_config.h is set in the >>bootloader project? Could you also check if this is set in the applicaiton as well?

    Yes, it is defined on both application and bootloader.

    >>We do have a "refresh device cache" feature in nRF Connect. Connect to the device, then press the >>three vertical dots in the upper-right corner and then press "Refresh device cache". Does the Android >>device perform a new service discovery and display the services and characteristics after doing this?

    And here comes the good news, by doing 'refresh services' when fRF is connected or 'refresh device cache' when it is disconnected and the connect it all services appear again and it work normally.

    The option name in nRF Connect changes when it is connected or disconnected but it seems to have same effect.

    Can you please tell me a bit more about this option and how would it be possible to make it work without the user need to do this refresh?

    Is this expected behavior or is it due to I miss something in my code?

    Thank you!!

Related