• State Not Answered
  • Replies 2 replies
  • Subscribers 86 subscribers
  • Views 1511 views
  • Users 0 members are here
Attachments (0)
Nordic Case Info
  • Case ID: 233341
Options
Beware that this post is related to an SDK in maintenance mode
More Info: Consider nRF Connect SDK for new designs
This post is older than 2 years and might not be relevant anymore
More Info: Consider searching for newer posts

Disabling bootloader security without customization

DBT

I'm trying out DFU functionality using nRF52840-PreviewDK and UART transport

It looks like I can disable the requirement for a signature when downloading an APP or SD (SoftDevice) using NRF_DFU_REQUIRE_SIGNED_APP_UPDATE.

It looks like I can disable downgrade prevention of the APP using NRF_DFU_APP_DOWNGRADE_PREVENTION

It looks like I can downgrade the SD regardless of the NRF_DFU_APP_DOWNGRADE_PREVENTION setting (at least for UART transport, which is the only thing I've tried)

However, the signature requirement and downgrade prevention appear to still be in place when downloading a new BL (BootLoader).  The documentation seems to confirm that's what is expected.

Is there a way to disable these checks on the bootloader without customizing the bootloader?

I saw something about --debug-mode.  I haven't tried this but will that bypass both signatures and downgrade prevention of the bootloader?

How about NRF_FSTORAGE_PARAM_CHECK_DISABLED?  I notice this is different in the open bootloader code vs the secure bootloader?  I read the description but I'm still not sure I understand what this setting does.

Parents
  • 0
    bjorn-spockeli said:
    Bjørn

    Hi Bjorn,

    I am confused about how nrf_dfu_validation_prevalidate() verify signature. According to my understanding, the signature from init packet is generated based on the firmware to be updated. The nrf_dfu_validation_signature_check() function will compare if the hash calculated from firmware is the same with the hash from signature. However, the firmware is not available during the prevalidation. To this end, I do not know how the signature is verified.

    From source code, nrf_dfu_validation_prevalidate() call nrf_dfu_validation_signature_check() function with m_init_packet_data_ptr as one of the input. m_init_packet_data_ptr will then be used to calculate the hash, which is obviously the hash from init packet instead of firmware to be updated.

    I might misunderstand some part of the code. Really appreciate if you can explain this to me. Thanks for your time.

Reply
  • 0
    bjorn-spockeli said:
    Bjørn

    Hi Bjorn,

    I am confused about how nrf_dfu_validation_prevalidate() verify signature. According to my understanding, the signature from init packet is generated based on the firmware to be updated. The nrf_dfu_validation_signature_check() function will compare if the hash calculated from firmware is the same with the hash from signature. However, the firmware is not available during the prevalidation. To this end, I do not know how the signature is verified.

    From source code, nrf_dfu_validation_prevalidate() call nrf_dfu_validation_signature_check() function with m_init_packet_data_ptr as one of the input. m_init_packet_data_ptr will then be used to calculate the hash, which is obviously the hash from init packet instead of firmware to be updated.

    I might misunderstand some part of the code. Really appreciate if you can explain this to me. Thanks for your time.

Children
No Data
Related
Terms of service