I'm trying to implement an immutable bootloader + MCUBoot + (SPM and APP), and then update the app via fota.
My implementation is based on the asset_tracker_v2 example.
I copied my key to the root of my application as `priv.pem`.
I added this in my config for my application:
# Bootloaders CONFIG_SECURE_BOOT=y CONFIG_SB_SIGNING_KEY_FILE="priv.pem" # MCUBOOT CONFIG_BOOTLOADER_MCUBOOT=y CONFIG_IMG_MANAGER=y CONFIG_MCUBOOT_IMG_MANAGER=y CONFIG_IMG_ERASE_PROGRESSIVELY=y
and this in a file named `mcuboot.conf` under ./child_image/
CONFIG_BOOT_SIGNATURE_KEY_FILE="/hard/code/path/to/priv.pem"
Then I flash my application, and it boots no problem:
*** Booting Zephyr OS build zephyr-v2.5.0-1100-gca2b2af6b699 *** Attempting to boot slot 0. Attempting to boot from address 0x8200. Verifying signature against key 0. Hash: 0xff...a8 Firmware signature verified. Firmware version 1 Setting monotonic counter (version: 1, slot: 0) *** Booting Zephyr OS build zephyr-v2.5.0-1100-gca2b2af6b699 *** I: Starting bootloader I: Primary image: magic=unset, swap_type=0x1, copy_done=0x3, image_ok=0x3 I: Secondary image: magic=unset, swap_type=0x1, copy_done=0x3, image_ok=0x3 I: Boot source: none I: Swap type: none I: Primary image: magic=unset, swap_type=0x1, copy_done=0x3, image_ok=0x3 I: Secondary image: magic=unset, swap_type=0x1, copy_done=0x3, image_ok=0x3 I: Boot source: none I: Swap type: none I: Bootloader chainload address offset: 0x28000 �*** Booting Zephyr OS build zephyr-v2.5.0-1100-gca2b2af6b699 *** Flash regions Domain Permissions 00 06 0x00000 0x38000 Secure rwxl 07 31 0x38000 0x100000 Non-Secure rwxl Non-secure callable region 0 placed in flash region 5 with size 32. SRAM region Domain Permissions 00 07 0x00000 0x10000 Secure rwxl 08 31 0x10000 0x40000 Non-Secure rwxl Peripheral Domain Status 00 NRF_P0 Non-Secure OK 01 NRF_CLOCK Non-Secure OK 02 NRF_RTC0 Non-Secure OK 03 NRF_RTC1 Non-Secure OK 04 NRF_NVMC Non-Secure OK 05 NRF_UARTE1 Non-Secure OK 06 NRF_UARTE2 Secure SKIP 07 NRF_TWIM2 Non-Secure OK 08 NRF_SPIM3 Non-Secure OK 09 NRF_TIMER0 Non-Secure OK 10 NRF_TIMER1 Non-Secure OK 11 NRF_TIMER2 Non-Secure OK 12 NRF_SAADC Non-Secure OK 13 NRF_PWM0 Non-Secure OK 14 NRF_PWM1 Non-Secure OK 15 NRF_PWM2 Non-Secure OK 16 NRF_PWM3 Non-Secure OK 17 NRF_WDT Non-Secure OK 18 NRF_IPC Non-Secure OK 19 NRF_VMC Non-Secure OK 20 NRF_FPU Non-Secure OK 21 NRF_EGU1 Non-Secure OK 22 NRF_EGU2 Non-Secure OK 23 NRF_DPPIC Non-Secure OK 24 NRF_REGULATORS Non-Secure OK 25 NRF_GPIOTE1 Non-Secure OK SPM: NS image at 0x38200 SPM: NS MSP at 0x2002b9c0 SPM: NS reset vector at 0x45bc9 SPM: prepare to jump to Non-Secure image. *** Booting Zephyr OS build zephyr-v2.5.0-1100-gca2b2af6b699 *** -->>> Application V1 starts
Then I compile the same source but with bumped version number (V2) and initiate a FOTA update with that version. The FOTA downloads, does not show any issues and the application reboots.
*** Booting Zephyr OS build zephyr-v2.5.0-1100-gca2b2af6b699 *** Attempting to boot slot 0. Attempting to boot from address 0x8200. Verifying signature against key 0. Hash: 0xff...a8 Firmware signature verified. Firmware version 1 *** Booting Zephyr OS build zephyr-v2.5.0-1100-gca2b2af6b699 *** I: Starting bootloader I: Primary image: magic=unset, swap_type=0x1, copy_done=0x3, image_ok=0x3 I: Secondary image: magic=good, swap_type=0x2, copy_done=0x3, image_ok=0x3 I: Boot source: none I: Swap type: test I: Primary image: magic=unset, swap_type=0x1, copy_done=0x3, image_ok=0x3 I: Secondary image: magic=good, swap_type=0x2, copy_done=0x3, image_ok=0x3 I: Boot source: none I: Bootloader chainload address offset: 0x28000 �*** Booting Zephyr OS build zephyr-v2.5.0-1100-gca2b2af6b699 *** Flash regions Domain Permissions 00 06 0x00000 0x38000 Secure rwxl 07 31 0x38000 0x100000 Non-Secure rwxl Non-secure callable region 0 placed in flash region 5 with size 32. SRAM region Domain Permissions 00 07 0x00000 0x10000 Secure rwxl 08 31 0x10000 0x40000 Non-Secure rwxl Peripheral Domain Status 00 NRF_P0 Non-Secure OK 01 NRF_CLOCK Non-Secure OK 02 NRF_RTC0 Non-Secure OK 03 NRF_RTC1 Non-Secure OK 04 NRF_NVMC Non-Secure OK 05 NRF_UARTE1 Non-Secure OK 06 NRF_UARTE2 Secure SKIP 07 NRF_TWIM2 Non-Secure OK 08 NRF_SPIM3 Non-Secure OK 09 NRF_TIMER0 Non-Secure OK 10 NRF_TIMER1 Non-Secure OK 11 NRF_TIMER2 Non-Secure OK 12 NRF_SAADC Non-Secure OK 13 NRF_PWM0 Non-Secure OK 14 NRF_PWM1 Non-Secure OK 15 NRF_PWM2 Non-Secure OK 16 NRF_PWM3 Non-Secure OK 17 NRF_WDT Non-Secure OK 18 NRF_IPC Non-Secure OK 19 NRF_VMC Non-Secure OK 20 NRF_FPU Non-Secure OK 21 NRF_EGU1 Non-Secure OK 22 NRF_EGU2 Non-Secure OK 23 NRF_DPPIC Non-Secure OK 24 NRF_REGULATORS Non-Secure OK 25 NRF_GPIOTE1 Non-Secure OK SPM: NS image at 0x38200 SPM: NS MSP at 0x2002b9c0 SPM: NS reset vector at 0x45bc9 SPM: prepare to jump to Non-Secure image. *** Booting Zephyr OS build zephyr-v2.5.0-1100-gca2b2af6b699 *** --->> Still boots V1 of application
But it still boots the same V1 version of the application.
If I remove the B0 bootloader, everything works as expected, and MCUBoot pauses for a while after `I: Swap type: test`, I assume to copy the image. With the B0 bootloader there is no pause and it kinda looks like the MCUBoot restarts, but not completely.
Why is inclusion of B0 breaking MCUBoot? And what am I doing wrong.
Side-note: figuring out how to add a key and where is extremely complicated / unclear at the moment. An example / docs on this would be great.
Thanks!
