Butonless secure DFU with bonds- limitation on client devices

RE: Butonless secure DFU with bonds- limitation on client devices

mrono — Mon, 25 Jan 2021 08:07:38 GMT

[quote userid="86158" url="~/f/nordic-q-a/70077/butonless-secure-dfu-with-bonds--limitation-on-client-devices/290877#290877"]I am going with the assumption that the bootloader is a 'separate application in itself' from the 'Buttonless DFU service/application'.
Is that correct?[/quote]

Yes

[quote userid="86158" url="~/f/nordic-q-a/70077/butonless-secure-dfu-with-bonds--limitation-on-client-devices/290877#290877"]If the answer to the above is YES, then are the changes suggested in the file "components\ble\ble_services\ble_dfu\ble_dfu_unbonded.c" for the bootloader application build or for the Buttonless DFU application build?[/quote]

The buttonless DFU application.

RE: Butonless secure DFU with bonds- limitation on client devices

RVM — Sun, 24 Jan 2021 22:06:09 GMT

I am going with the assumption that the bootloader is a 'separate application in itself' from the 'Buttonless DFU service/application'.
Is that correct?

If the answer to the above is YES, then are the changes suggested in the file "components\ble\ble_services\ble_dfu\ble_dfu_unbonded.c" for the bootloader application build or for the Buttonless DFU application build?

Cheers
RMV

RE: Butonless secure DFU with bonds- limitation on client devices

Einar Thorsrud — Mon, 04 Jan 2021 13:47:47 GMT

Hi,

[quote user="A.P"]be applied to buttonless DFU without bonds? Or can this only be achieved when using DFU with bonds?[/quote]

Yes, you can easily apply this limitation to DFU without bonds. In fact, that is the most sensible in my opinion (only allow bonded devices to enter DFU mode, but then let any device do DFU as that is less complicated and more robust, and the DFU images are anyway signed, so security would be good also in this case). The only change you need to achieve this is to modify components\ble\ble_services\ble_dfu\ble_dfu_unbonded.c like this:

devzone.nordicsemi.com/.../ble_5F00_dfu_5F00_unbonded.c.diff

RE: Butonless secure DFU with bonds- limitation on client devices

A.P — Mon, 04 Jan 2021 13:32:39 GMT

Thank you Einar!
I understand.

One question, if I may.
Can your first point -

[quote userid="7377" url="~/f/nordic-q-a/70077/butonless-secure-dfu-with-bonds--limitation-on-client-devices/287238#287238"]Only bonded peers can write to the Buttonless DFU characteristic[/quote]

be applied to buttonless DFU without bonds? Or can this only be achieved when using DFU with bonds?

Thank you for the quick and concise reply!

RE: Butonless secure DFU with bonds- limitation on client devices

Einar Thorsrud — Mon, 04 Jan 2021 13:11:47 GMT

Hi,

I think the description is consistent and your understanding seems correct, but perhaps some clarification is needed. Let me rephrase it, and all this applies when using buttonless secure DFU service with bonds:

Only bonded peers can write to the Buttonless DFU characteristic.
- Once written, the bootloader will provide the bonding information for the bootloader and start the bootloader, so that it is in a buttonless DFU state.
In this state, the bootloader will connect (and secure the link) only with the specific peer that triggered buttonless DFU
If DFU is performed or times out, so that the normal application starts again any bonded peer can start a new DFU procedure.

Einar