• State Suggested Answer
  • Replies 8 replies
  • Answers 2 answers
  • Subscribers 90 subscribers
  • Views 3099 views
  • Users 0 members are here
Attachments (4) Download All
Nordic Case Info
  • Case ID: 257358
Options
This post is older than 2 years and might not be relevant anymore
More Info: Consider searching for newer posts

DFU Signature error

navman

I have been struggling to get the DFU in our own application to work. When starting a DFU from the desktop nRF Connect 3.4.1 it reports an error:

According to the log from the secure bootloader it fails during Signature check. I have followed all the guides to generate public/private keys - building the secure bootloader and generate the DFU zip package. All theses steps are done without any issues. The secure bootloader in our application is based upon the example from the SDK tailored to our hardware. So in order to rule out any issues with that, I went back to test bootloader_secure_ble example from the SDK "out of the box". It turns out that it produces the same errors when trying to send the ble_app_buttonless_dfu_without_bonds_s132.zip file from nRF Connect.

The log from the secure_bootloader is here running the SDK example:

 

Fullscreen 2475.log.txt Download 
00> <debug> app: == We are finished handling conn sec update
00> <debug> app: Set receipt notif
00> <debug> app: Sending Response: [0x2, 0x1]
00> <debug> app: Received select object
00> <info> dfq_req_handling: Valid Command: NRF_DFU_OBJECT_OP_SELECT
00> <debug> app: Sending Object Info: [0x60, 0x06, 0x01 max: 0:x00000100 0:x00000000, CRC:0x00000000]
00> <debug> app: Received create object
00> <info> dfq_req_handling: Before OP create command
00> <info> dfq_req_handling: Valid Command Create
00> <debug> app: Sending Response: [0x1, 0x1]
00> <info> dfq_req_handling: Before OP write command
00> <info> dfq_req_handling: Before OP write command
00> <info> dfq_req_handling: Before OP write command
00> <info> dfq_req_handling: Before OP write command
00> <info> dfq_req_handling: Before OP write command
00> <info> dfq_req_handling: Before OP write command
00> <info> dfq_req_handling: Before OP write command
00> <debug> app: Received calculate CRC
00> <info> dfq_req_handling: Valid Command CRC
00> <debug> app: Sending CRC: [0x60, 0x03, 0x01, 0:x0000008A, CRC:0x82F6B34E]
00> <debug> app: Received execute object
00> <info> dfq_req_handling: Before OP execute command
00> <info> dfq_req_handling: Valid command execute
00> <info> dfq_req_handling: PB: Init packet data len: 61
00> <info> dfq_req_handling: Handling signed command
00> <info> dfq_req_handling: Calculating init packet hash
00> <info> dfq_req_handling: Verify signature
00> <error> dfq_req_handling: Signature failed
00> <error> dfq_req_handling: Prevalidate failed!
00> <debug> app: Sending Response: [0x4, 0x5]
00> <debug> app: Received create object
00> <info> dfq_req_handling: Before OP create command
00> <info> dfq_req_handling: Valid Command Create
00> <debug> app: Sending Response: [0x1, 0x1]
00> <info> dfq_req_handling: Before OP write command
00> <info> dfq_req_handling: Before OP write command
00> <info> dfq_req_handling: Before OP write command
00> <info> dfq_req_handling: Before OP write command
00> <info> dfq_req_handling: Before OP write command
00> <info> dfq_req_handling: Before OP write command
00> <info> dfq_req_handling: Before OP write command
00> <debug> app: Received calculate CRC
00> <info> dfq_req_handling: Valid Command CRC
00> <debug> app: Sending CRC: [0x60, 0x03, 0x01, 0:x0000008A, CRC:0x82F6B34E]
00> <debug> app: Received execute object
00> <info> dfq_req_handling: Before OP execute command
00> <info> dfq_req_handling: Valid command execute
00> <info> dfq_req_handling: PB: Init packet data len: 61
00> <info> dfq_req_handling: Handling signed command
00> <info> dfq_req_handling: Calculating init packet hash
00> <info> dfq_req_handling: Verify signature
00> <error> dfq_req_handling: Signature failed
00> <error> dfq_req_handling: Prevalidate failed!
00> <debug> app: Sending Response: [0x4, 0x5]
00> <debug> app: Received create object
00> <info> dfq_req_handling: Before OP create command
00> <info> dfq_req_handling: Valid Command Create
00> <debug> app: Sending Response: [0x1, 0x1]
00> <info> dfq_req_handling: Before OP write command
00> <info> dfq_req_handling: Before OP write command
00> <info> dfq_req_handling: Before OP write command
00> <info> dfq_req_handling: Before OP write command
00> <info> dfq_req_handling: Before OP write command
00> <info> dfq_req_handling: Before OP write command
00> <info> dfq_req_handling: Before OP write command
00> <debug> app: Received calculate CRC
00> <info> dfq_req_handling: Valid Command CRC
00> <debug> app: Sending CRC: [0x60, 0x03, 0x01, 0:x0000008A, CRC:0x82F6B34E]
00> <debug> app: Received execute object
00> <info> dfq_req_handling: Before OP execute command
00> <info> dfq_req_handling: Valid command execute
00> <info> dfq_req_handling: PB: Init packet data len: 61
00> <info> dfq_req_handling: Handling signed command
00> <info> dfq_req_handling: Calculating init packet hash
00> <info> dfq_req_handling: Verify signature
00> <error> dfq_req_handling: Signature failed
00> <error> dfq_req_handling: Prevalidate failed!
00> <debug> app: Sending Response: [0x4, 0x5]
00> <debug> app: #### Advertising NO BONDING ####
00> <debug> app: DFU reset due to inactivity timeout.
00> <info> app: Inside main

We are using SDK 14.0 and SoftDevice 5.0 with IAR ARM Workbench 7.8. For our application, I have used nrfutil version 5.0 to generate the public/private keys as well as generating the zip package.

Does anyone have clue on what is wrong?

  • 0

    Update:

    I have tested the example "secure_bootloader_ble_s132_pca10040_debug - nrf52832_xxaa_s132 from the SDK15, with same results. I think I am missing something basic here, since I assume the examples works "out of the box". Here is the log from the SDK 15 example when performing a DFU with file "bootloader_secure_ble_debug_without_bonds_s132.zip".

    Fullscreen 0245.log.txt Download 
    00> <debug> nrf_dfu_ble: Finished handling conn sec update
00> <debug> nrf_dfu_ble: Set receipt notif
00> <debug> nrf_dfu_req_handler: Handle NRF_DFU_OP_RECEIPT_NOTIF_SET
00> <debug> nrf_dfu_req_handler: Request handling complete. Result: 0x1
00> <debug> nrf_dfu_ble: Received BLE_GATTS_EVT_EXCHANGE_MTU_REQUEST (request: 247, reply: 247).
00> <debug> nrf_dfu_req_handler: Handle NRF_DFU_OP_OBJECT_SELECT (command)
00> <debug> nrf_dfu_req_handler: Request handling complete. Result: 0x1
00> <debug> app: Shutting down transports (found: 1)
00> <debug> nrf_dfu_req_handler: Handle NRF_DFU_OP_OBJECT_CREATE (command)
00> <debug> nrf_dfu_req_handler: Request handling complete. Result: 0x1
00> <debug> nrf_dfu_ble: Buffer 0x200074A0 acquired, len 138 (244)
00> <debug> nrf_dfu_req_handler: Handle NRF_DFU_OP_OBJECT_WRITE (command)
00> <debug> nrf_dfu_ble: Freeing buffer 0x200074A0
00> <debug> nrf_dfu_req_handler: Request handling complete. Result: 0x1
00> <debug> nrf_dfu_req_handler: Handle NRF_DFU_OP_CRC_GET (command)
00> <debug> nrf_dfu_req_handler: Request handling complete. Result: 0x1
00> <debug> nrf_dfu_req_handler: Handle NRF_DFU_OP_OBJECT_EXECUTE (command)
00> <debug> nrf_dfu_validation: PB: Init packet data len: 61
00> <info> nrf_dfu_validation: Signature required. Checking signature.
00> <info> nrf_dfu_validation: Calculating init packet hash (init packet len: 61)
00> <info> nrf_dfu_validation: Verify signature
00> <error> nrf_dfu_validation: Signature failed (err_code: 0x8542)
00> <debug> nrf_dfu_validation: Signature:
00> <debug> nrf_dfu_validation:  B6 DD 1F EE 44 79 DA 46|....Dy.F
00> <debug> nrf_dfu_validation:  BF 50 06 E2 09 A0 7C E7|.P....|.
00> <debug> nrf_dfu_validation:  42 E2 BB C5 80 07 44 B2|B.....D.
00> <debug> nrf_dfu_validation:  47 FC 57 96 BD 7B 59 D0|G.W..{Y.
00> <debug> nrf_dfu_validation:  70 F2 CD 98 7E 51 2E FE|p...~Q..
00> <debug> nrf_dfu_validation:  A7 21 8E 2F 1E 4B 30 1D|.!./.K0.
00> <debug> nrf_dfu_validation:  41 54 37 51 97 F9 EB 9E|AT7Q....
00> <debug> nrf_dfu_validation:  4B 39 5C 65 BA 09 08 E9|K9\e....
00> <debug> nrf_dfu_validation: Hash:
00> <debug> nrf_dfu_validation:  8E 07 77 3A 8A 58 3D 1C|..w:.X=.
00> <debug> nrf_dfu_validation:  DE 79 5F D4 D0 D5 B8 B6|.y_.....
00> <debug> nrf_dfu_validation:  1D 39 4B 0B 31 52 CB 99|.9K.1R..
00> <debug> nrf_dfu_validation:  7F 3C E4 33 72 01 0B 80|.<.3r...
00> <debug> nrf_dfu_validation: Public Key:
00> <debug> nrf_dfu_validation:  65 FC 2B F8 16 DA 01 9A|e.+.....
00> <debug> nrf_dfu_validation:  DE 75 D4 A8 47 71 96 21|.u..Gq.!
00> <debug> nrf_dfu_validation:  1C 87 55 69 10 5A BE 04|..Ui.Z..
00> <debug> nrf_dfu_validation:  57 8F D2 B0 29 94 56 B8|W...).V.
00> <debug> nrf_dfu_validation:  CA 03 63 D6 35 C6 4D A7|..c.5.M.
00> <debug> nrf_dfu_validation:  81 9F EF A7 D2 EC B7 F3|........
00> <debug> nrf_dfu_validation:  07 FF 80 AF 7A 3B 4C 19|....z;L.
00> <debug> nrf_dfu_validation:  B8 91 C5 14 3C E8 76 6D|....<.vm
00> <debug> nrf_dfu_req_handler: Request handling complete. Result: 0x5
00> <warning> nrf_dfu_ble: DFU request 4 failed with error: 0x5
00> <debug> app: Shutting down transports (found: 1)
00> <debug> nrf_dfu_req_handler: Handle NRF_DFU_OP_OBJECT_CREATE (command)
00> <debug> nrf_dfu_req_handler: Request handling complete. Result: 0x1
00> <debug> nrf_dfu_ble: Buffer 0x200074A0 acquired, len 138 (244)
00> <debug> nrf_dfu_req_handler: Handle NRF_DFU_OP_OBJECT_WRITE (command)
00> <debug> nrf_dfu_ble: Freeing buffer 0x200074A0
00> <debug> nrf_dfu_req_handler: Request handling complete. Result: 0x1
00> <debug> nrf_dfu_req_handler: Handle NRF_DFU_OP_CRC_GET (command)
00> <debug> nrf_dfu_req_handler: Request handling complete. Result: 0x1
00> <debug> nrf_dfu_req_handler: Handle NRF_DFU_OP_OBJECT_EXECUTE (command)
00> <debug> nrf_dfu_validation: PB: Init packet data len: 61
00> <info> nrf_dfu_validation: Signature required. Checking signature.
00> <info> nrf_dfu_validation: Calculating init packet hash (init packet len: 61)
00> <info> nrf_dfu_validation: Verify signature
00> <error> nrf_dfu_validation: Signature failed (err_code: 0x8542)
00> <debug> nrf_dfu_validation: Signature:
00> <debug> nrf_dfu_validation:  B6 DD 1F EE 44 79 DA 46|....Dy.F
00> <debug> nrf_dfu_validation:  BF 50 06 E2 09 A0 7C E7|.P....|.
00> <debug> nrf_dfu_validation:  42 E2 BB C5 80 07 44 B2|B.....D.
00> <debug> nrf_dfu_validation:  47 FC 57 96 BD 7B 59 D0|G.W..{Y.
00> <debug> nrf_dfu_validation:  70 F2 CD 98 7E 51 2E FE|p...~Q..
00> <debug> nrf_dfu_validation:  A7 21 8E 2F 1E 4B 30 1D|.!./.K0.
00> <debug> nrf_dfu_validation:  41 54 37 51 97 F9 EB 9E|AT7Q....
00> <debug> nrf_dfu_validation:  4B 39 5C 65 BA 09 08 E9|K9\e....
00> <debug> nrf_dfu_validation: Hash:
00> <debug> nrf_dfu_validation:  8E 07 77 3A 8A 58 3D 1C|..w:.X=.
00> <debug> nrf_dfu_validation:  DE 79 5F D4 D0 D5 B8 B6|.y_.....
00> <debug> nrf_dfu_validation:  1D 39 4B 0B 31 52 CB 99|.9K.1R..
00> <debug> nrf_dfu_validation:  7F 3C E4 33 72 01 0B 80|.<.3r...
00> <debug> nrf_dfu_validation: Public Key:
00> <debug> nrf_dfu_validation:  65 FC 2B F8 16 DA 01 9A|e.+.....
00> <debug> nrf_dfu_validation:  DE 75 D4 A8 47 71 96 21|.u..Gq.!
00> <debug> nrf_dfu_validation:  1C 87 55 69 10 5A BE 04|..Ui.Z..
00> <debug> nrf_dfu_validation:  57 8F D2 B0 29 94 56 B8|W...).V.
00> <debug> nrf_dfu_validation:  CA 03 63 D6 35 C6 4D A7|..c.5.M.
00> <debug> nrf_dfu_validation:  81 9F EF A7 D2 EC B7 F3|........
00> <debug> nrf_dfu_validation:  07 FF 80 AF 7A 3B 4C 19|....z;L.
00> <debug> nrf_dfu_validation:  B8 91 C5 14 3C E8 76 6D|....<.vm
00> <debug> nrf_dfu_req_handler: Request handling complete. Result: 0x5
00> <warning> nrf_dfu_ble: DFU request 4 failed with error: 0x5
00> <debug> app: Shutting down transports (found: 1)
00> <debug> nrf_dfu_req_handler: Handle NRF_DFU_OP_OBJECT_CREATE (command)
00> <debug> nrf_dfu_req_handler: Request handling complete. Result: 0x1
00> <debug> nrf_dfu_ble: Buffer 0x200074A0 acquired, len 138 (244)
00> <debug> nrf_dfu_req_handler: Handle NRF_DFU_OP_OBJECT_WRITE (command)
00> <debug> nrf_dfu_ble: Freeing buffer 0x200074A0
00> <debug> nrf_dfu_req_handler: Request handling complete. Result: 0x1
00> <debug> nrf_dfu_req_handler: Handle NRF_DFU_OP_CRC_GET (command)
00> <debug> nrf_dfu_req_handler: Request handling complete. Result: 0x1
00> <debug> nrf_dfu_req_handler: Handle NRF_DFU_OP_OBJECT_EXECUTE (command)
00> <debug> nrf_dfu_validation: PB: Init packet data len: 61
00> <info> nrf_dfu_validation: Signature required. Checking signature.
00> <info> nrf_dfu_validation: Calculating init packet hash (init packet len: 61)
00> <info> nrf_dfu_validation: Verify signature
00> <error> nrf_dfu_validation: Signature failed (err_code: 0x8542)
00> <debug> nrf_dfu_validation: Signature:
00> <debug> nrf_dfu_validation:  B6 DD 1F EE 44 79 DA 46|....Dy.F
00> <debug> nrf_dfu_validation:  BF 50 06 E2 09 A0 7C E7|.P....|.
00> <debug> nrf_dfu_validation:  42 E2 BB C5 80 07 44 B2|B.....D.
00> <debug> nrf_dfu_validation:  47 FC 57 96 BD 7B 59 D0|G.W..{Y.
00> <debug> nrf_dfu_validation:  70 F2 CD 98 7E 51 2E FE|p...~Q..
00> <debug> nrf_dfu_validation:  A7 21 8E 2F 1E 4B 30 1D|.!./.K0.
00> <debug> nrf_dfu_validation:  41 54 37 51 97 F9 EB 9E|AT7Q....
00> <debug> nrf_dfu_validation:  4B 39 5C 65 BA 09 08 E9|K9\e....
00> <debug> nrf_dfu_validation: Hash:
00> <debug> nrf_dfu_validation:  8E 07 77 3A 8A 58 3D 1C|..w:.X=.
00> <debug> nrf_dfu_validation:  DE 79 5F D4 D0 D5 B8 B6|.y_.....
00> <debug> nrf_dfu_validation:  1D 39 4B 0B 31 52 CB 99|.9K.1R..
00> <debug> nrf_dfu_validation:  7F 3C E4 33 72 01 0B 80|.<.3r...
00> <debug> nrf_dfu_validation: Public Key:
00> <debug> nrf_dfu_validation:  65 FC 2B F8 16 DA 01 9A|e.+.....
00> <debug> nrf_dfu_validation:  DE 75 D4 A8 47 71 96 21|.u..Gq.!
00> <debug> nrf_dfu_validation:  1C 87 55 69 10 5A BE 04|..Ui.Z..
00> <debug> nrf_dfu_validation:  57 8F D2 B0 29 94 56 B8|W...).V.
00> <debug> nrf_dfu_validation:  CA 03 63 D6 35 C6 4D A7|..c.5.M.
00> <debug> nrf_dfu_validation:  81 9F EF A7 D2 EC B7 F3|........
00> <debug> nrf_dfu_validation:  07 FF 80 AF 7A 3B 4C 19|....z;L.
00> <debug> nrf_dfu_validation:  B8 91 C5 14 3C E8 76 6D|....<.vm
00> <debug> nrf_dfu_req_handler: Request handling complete. Result: 0x5
00> <warning> nrf_dfu_ble: DFU request 4 failed with error: 0x5
00> <debug> nrf_dfu_ble: Advertising...

  • 0 in reply to navman

    Hello,

    It sounds like you have done everything correctly, so not sure why it's failing. Just to make sure, earlier when you used your own key-pair, did you remember to re-build the bootloader with the new public key?

    Also, I tested DFU with the pre-compiled bootloader from SDK 15.0.0 just now, but did not get a signature verification error. Here's how I tested it:

    1. Program bootloader hex in "C:\vidar\workspace\nRF5_SDK_15.0.0_a53641a\examples\dfu\secure_bootloader\pca10040_ble_debug\hex\   with nrfjprog: nrfjprog --program 4426.secure_bootloader_ble_s132_pca10040_debug.hex --chiperase -r

    2. Performed dfu with the " 6153.ble_app_buttonless_dfu_without_bonds_s132.zip" package in \examples\dfu\secure_dfu_test_images\ble\nrf52832

  • 0 in reply to navman

    Hello

    Yes I have rebuild the secure_bootload after replaced the public key with my own generated one.

    I have just tested the example uisng the precompiled hex file and that works also with the other secure_dfu_test_images avaialble in the SDK, so something is seems to be wrong with my secure_bootloader when building it uisng IAR Workbench.

    Can it be related to the micro-ecc library which I have to rebuild in IAR ARM workbench to make it work (IAR compalins about som debug.info when build the libarry using the build_all.bat)?

  • 0 in reply to navman

    Resolved:

    I rebuild the micro ecc library using the gcc compiler instead of IAR, but needed to add -gdwarf-3 compile flag in the makefile in order to debug the application with c-spy in IAR ARM Workbench. Now it works :-). I will investigate what is missing in my micro ECC library project in IAR and update this thread in case other needs this information.

  • 0 in reply to navman

    Thanks for the update! We have not tested or verified uECC with the IAR toolchain. But did you remember to build with uECC_VLI_NATIVE_LITTLE_ENDIAN=1? The bootloader expects it to be little endian.

Related