Is there a checksum embedded in the S110?

Hi Moloch,

We don't have an embedded checksum for the softdevice. You need to do it manually.

The softdevice size may change when doing DFU, so it may not be a good idea to store it at the end of the softdevice. Same with storing at the end of master boot record as Clem suggest, because when the softdevice is updated, you need to update the checksum, and then will have to erase 1 page in the MBR that can cause trouble. I would suggest to store the checksum in the bootloader setting page 0x3FC00, it will not be overwrite when doing DFU.

You can also protect the softdevice from being modified by application by ticking the check box "Enable Softdevice protection" or write to CLENR0 in the UICR. But note that, by doing that, the size of the softdevice can not be changed.

Hi Moloch,

We don't have an embedded checksum for the softdevice. You need to do it manually.

The softdevice size may change when doing DFU, so it may not be a good idea to store it at the end of the softdevice. Same with storing at the end of master boot record as Clem suggest, because when the softdevice is updated, you need to update the checksum, and then will have to erase 1 page in the MBR that can cause trouble. I would suggest to store the checksum in the bootloader setting page 0x3FC00, it will not be overwrite when doing DFU.

You can also protect the softdevice from being modified by application by ticking the check box "Enable Softdevice protection" or write to CLENR0 in the UICR. But note that, by doing that, the size of the softdevice can not be changed.

I have CRC-32s at the end of the MBR (4K-4bytes) at the end of the softdevice (SOFTDEVICE_INFORMATION->softdevice_size-4) at the end of my application (NRF_UICR->BOOTLOADERADDR-PSTORAGE_SIZE-4) and at the end of my bootloader (256K-4). The softdevice CRC does not cover the MBR. The MBR CRC was just for completeness, if the MBR is corrupted you are most likely not going to recover.

I only some minimal testing of growing the softdevice by hacking up the softdevice binary and it seems to work.

Personally I feel that embedded CRCs are much better then side-loading them in the bootloader.

Hi Clem,

You mean the CRC you put at the end of the MBR is the CRC check for the MBR ? Then it should be fine (at least for the current version of the MBR). I was confused and thought it's the CRC of the softdevice which needs to be updated when you update the softdevice.

Yes, you can store CRC for softdevice the at the end of the softdevice, there is no guarantee that address would be free in the future version of the softdevice.

We may come up with the embedded CRC for softdevice in the future but I don't know when.

Yes, I have a CRC that covers the MBR for completeness. It can't hurt anything because the MBR is only written once.

Yes, I realize that it is a risk to put the CRC at the end of the softdevice, depending on what nordic chooses to do in the future. The benefits of having the CRC there is worth more to me then having to deal with working around it if/when nordic decides to use that location.

In the bootloader DFU I validate the download with a RSA signed SHA1, but at boot time I just check the embedded CRC-32s. This also has the benefit of not needing to waste a page storing the bootloader settings.

Well, for updating the bootloader and softdevice, we still need to use the bootloader setting page to store to flash the state of the DFU process because we do a reset when updating bootloader. So I'm not really sure you can get rid of the bootloader setting page.

I do the reset, but pass a flag via GPREG. I store the state for the swap in uninitialized SRAM (so it doesn't get cleared by my start code) and protect it with a CRC. Before doing the swap it checks the embedded CRCs.

The only side effect is my current implementation of the swap can't survive a power failure during a swap like it is claimed the nordic dfu code can. I suspect that claim is dubious at best. My bootloader won't let you do an upgrade if the battery isn't >50% and there is no power switch or way to reset the device. I don't have the flash to do dual banks, but I did consider implementing a non-softdevice pre-bootloader that could pull a clean image off the external SPI flash, but decided it wasn't worth the complexity.