• State Not Answered
  • Replies 4 replies
  • Subscribers 89 subscribers
  • Views 1140 views
  • Users 0 members are here
Attachments (0)
Nordic Case Info
  • Case ID: 264117
Options
This post is older than 2 years and might not be relevant anymore
More Info: Consider searching for newer posts

Hash Verification post DFU over thread

ashish_shukla

Hello Everyone, 

We are using nRF52840 IC for our products which has 1 MB of flash.   

Thread Secure DFU Example provided with Nordic SDK supports only Dual Bank DFU. This limits the application size.  

Our Application size is increasing and therefore Dual Bank DFU cannot accommodate new application image. 

To resolve this issue, we have decided to add an external Flash which can act as Bank1 for storing DFU image. 

We have successfully directed incoming DFU packets to external QSPI flash by making changes in nrf_dfu_flash.c file. 

Now, once complete image has been transferred to external flash, Hash has to be verified. In my case, hash verification fails, which is expected. 

<info> nrf_dfu_validation: Hash verification. start address: 0x71000, size: 0x7803C
<warning> nrf_dfu_validation: Hash verification failed.
<info> nrf_dfu_validation: Expected FW hash:
<info> nrf_dfu_validation: BA 71 8F 68 A9 19 0C EE|.q.h....
<info> nrf_dfu_validation: DC 46 7F 8A D1 20 A5 FF|.F... ..
<info> nrf_dfu_validation: 76 53 F3 C9 02 3B 89 E9|vS...;..
<info> nrf_dfu_validation: E8 1F 35 92 BD 8A 7F 6F|..5....o
<info> nrf_dfu_validation: Actual FW hash:
<info> nrf_dfu_validation: 3F 6E E3 8E 2A D6 14 46|?n..*..F
<info> nrf_dfu_validation: C7 BC 57 29 86 7E 8F AF|..W).~..
<info> nrf_dfu_validation: B4 1A 59 A8 1B C7 01 6A|..Y....j
<info> nrf_dfu_validation

I don't fully understand how this function works - 

nrf_crypto_hash_calculate(&hash_context,
                          &g_nrf_crypto_hash_sha256_info,
                          (uint8_t*)src_addr,
                          data_len,
                          m_fw_hash,
                          &hash_len);

as it takes in starting address of firmware in flash, it's length and calculates Hash. Does this function reads complete firmware from flash to calculate hash ?  

Thanks.  

 

Parents
  • 0

    Hi,

    as it takes in starting address of firmware in flash, it's length and calculates Hash. Does this function reads complete firmware from flash to calculate hash

    Yes, that is correct (depending on which crypto backend is used this may be broken down internally, but the caller do not need to care about that). If this does not fit you and you would prefer to do split this in multiple steps for some reason, that is also possible. In that case you would call first nrf_crypto_hash_init(), so nrf_crypto_hash_update() an arbitrary number of times and lastly nrf_crypto_hash_finalize(). You can refer to the API documentation for details, as well as the nrf_crypto documentation.

    (You are probably using the CryptoCell CC310 backend on the nRF52840? In this case the nrf_crypto library will copy chunks of data to RAM if the data is in flash (as in this case), as CC310 only can operate on data in RAM. That is an implementation detail the caller usually do not need to think about, though.)

Reply
  • 0

    Hi,

    as it takes in starting address of firmware in flash, it's length and calculates Hash. Does this function reads complete firmware from flash to calculate hash

    Yes, that is correct (depending on which crypto backend is used this may be broken down internally, but the caller do not need to care about that). If this does not fit you and you would prefer to do split this in multiple steps for some reason, that is also possible. In that case you would call first nrf_crypto_hash_init(), so nrf_crypto_hash_update() an arbitrary number of times and lastly nrf_crypto_hash_finalize(). You can refer to the API documentation for details, as well as the nrf_crypto documentation.

    (You are probably using the CryptoCell CC310 backend on the nRF52840? In this case the nrf_crypto library will copy chunks of data to RAM if the data is in flash (as in this case), as CC310 only can operate on data in RAM. That is an implementation detail the caller usually do not need to think about, though.)

Children
  • 0 in reply to Einar Thorsrud

    Hi Einar, 

    Thanks for the Clarification. Now, I understand why Hash verification fails in my case - as I've directed DFU packets to external flash, while this function must be calculating HASH based on contents of internal flash. 

    Can you suggest how can I direct this function to read from external  flash to calculate HASH, if at all possible ? 

    If not, what are other options to resolve this issue ? 

    • (You are probably using the CryptoCell CC310 backend on the nRF52840? In this case the nrf_crypto library will copy chunks of data to RAM if the data is in flash (as in this case), as CC310 only can operate on data in RAM. That is an implementation detail the caller usually do not need to think about, though.) 

    Yes - I'm using CryptoCell CC310 backend.  

      

  • +1 in reply to ashish_shukla

    Hi,

    ashish_shukla said:
    Can you suggest how can I direct this function to read from external  flash to calculate HASH, if at all possible ? 

    It is not possible.

    ashish_shukla said:
    If not, what are other options to resolve this issue ? 

    You can easily achieve the same thing by using the three functions I mentioned before, and copy chunks of data from your external flash into RAM (the size of the chunks is up to you). In more detail:

    1. Call nrf_crypto_hash_init()

    2. Copy chunk of data into ram and call nrf_crypto_hash_update() for that chunk. Then copy the next chunk and do the same until you have iterated over the entier image.

    3. Call nrf_crypto_hash_finalize() to finialize the calculation and obtain the hash for the entire image.

Related