• State Not Answered
  • Replies 1 reply
  • Subscribers 73 subscribers
  • Views 486 views
  • Users 0 members are here
Attachments (0)
Nordic Case Info
  • Case ID: 248294
Options
This post is older than 2 years and might not be relevant anymore
More Info: Consider searching for newer posts

How to get a Signature-less Bootloader from example Bootloaders

mitea

Hi 

I would like to know what the easiest way to get a signature-less bootloader from your DFU bootloader examples. For me it looks as if the open_bootloader is not very different to the secure_bootloader and it's not really open since it also uses encryption libs. Even the main and all the underlying code thats called from the sdk is the same.

For me it looks as if only the kind of encryption is different.

however I would like to have Signature-less Bootloader since we don't need them because we have additional security levels that handle that.

Is there an easy way to get one from your examples without writing a complete new bootloader?

Parents
  • 0

    Hi,

    The SDK does not provide any bootloader without support for signature verification. However, the Open bootloader only uses signature verification for bootloader updates, and not for application or SoftDevice updates. This is controlled by the NRF_DFU_REQUIRE_SIGNED_APP_UPDATE macro, which is used by signature_required() in components\libraries\bootloader\dfu\nrf_dfu_validation.c. You could simply modify signature_required() to always return false. With this modification, no crypto libraries are actually used, but we do not have any ready-made projects where they do not exist. You would have to remove unused code yourself (or live with it being there unused).

Reply
  • 0

    Hi,

    The SDK does not provide any bootloader without support for signature verification. However, the Open bootloader only uses signature verification for bootloader updates, and not for application or SoftDevice updates. This is controlled by the NRF_DFU_REQUIRE_SIGNED_APP_UPDATE macro, which is used by signature_required() in components\libraries\bootloader\dfu\nrf_dfu_validation.c. You could simply modify signature_required() to always return false. With this modification, no crypto libraries are actually used, but we do not have any ready-made projects where they do not exist. You would have to remove unused code yourself (or live with it being there unused).

Children
No Data
Related
Terms of service