Secure DFU (APP, SD, BL) from SDK 15.3.0 to SDK 17.0.2 with VALIDATE_ECDSA_P256_SHA256

Hi,

I'm running a custom board with a custom example on SDK 15.3.0 using the SDK 15.3.0 Secure Bootloader and SoftDevice S112 V 6.1.1. The used nRF52832 is flashed with a bootloader-settings file created by the following command:

nrfutil settings generate --family NRF52 --application app.hex --application-version 0 --bootloader-version 0 --bl-settings-version 1 bootloader_settings.hex

Now I have migrated the example to SDK 17.0.2 and SoftDevice S112 V 7.2.0 and the SDK 17.0.2 Bootloader. When creating the DFU Package to update APP + SD + BL I also want to specify the VALIDATE_ECDSA_P256_SHA256 option to have a secure boot validation after the DFU. So I changed NRF_BL_APP_SIGNATURE_CHECK_REQUIRED to 1 in the sdk_config.h of the new bootloader. The DFU-package is generated using the following command:

nrfutil pkg generate --hw-version 52 --application-version 1 --application app17.0.2.hex --sd-req 0x00B8 --sd-id 0x0103 --softdevice s112_nrf52_7.2.0_softdevice.hex --bootloader-version 1 --bootloader secure_bootloader_ble_s112_pca10040.hex --key-file private.key --app-boot-validation VALIDATE_ECDSA_P256_SHA256 --sd-boot-validation VALIDATE_ECDSA_P256_SHA256 dfu_update_app_sd_bl_15to17.zip

Performing the DFU using nRF Connect v 3.6.1 for Windows Desktop I'm getting the error "ERROR DFU failed with error: When writing 'CREATE' command to Control Point Characteristic of DFU Target: Could not write CREATE command: Device disconnected." or the error "ERROR DFU failed with error: When writing 'CREATE' command to Control Point Characteristic of DFU Target: Operation code 1 (CREATE) failed on DFU Target. Result code 3 (INVALID_PARAMETER)." after sd_bl.bin was transferred.

Using VALIDATE_GENERATED_SHA256 instead of VALIDATE_ECDSA_P256_SHA256 when generating the DFU-Package i'm getting the same errors but this time just after app.bin was transferred (so the transfer of sd_bl.bin is successful).

The DFU Update is only successful when setting NRF_BL_APP_SIGNATURE_CHECK_REQUIRED to 0 again and not using --sd-boot-validation and --app-boot-validation. I'm using nrfutil 6.1.0.

  • Hi Hannes, 

    So I changed NRF_BL_APP_SIGNATURE_CHECK_REQUIRED to 1 in the sdk_config.h of the new bootloader.

    Try to set NRF_BL_APP_SIGNATURE_CHECK_REQUIRED to 1 in the sdk_config.h of the old bootloader, and use the same command with VALIDATE_ECDSA_P256_SHA256. 

    Regards,

    Amanda H.

  • Hi Amanda,

    I changed NRF_BL_APP_SIGNATURE_CHECK_REQUIRED to 1 in the sdk_config.h of the old SDK 15.3.0 bootloader and used the following command to generate the bootloader_settings.hex of the old SDK 15.3.0 project:

    nrfutil settings generate --family NRF52 --application app.hex --application-version 0 --bootloader-version 0 --bl-settings-version 2 --app-boot-validation VALIDATE_ECDSA_P256_SHA256 --sd-boot-validation VALIDATE_ECDSA_P256_SHA256 --softdevice s112_nrf52_6.1.1_softdevice.hex --key-file private.key bootloader_settings.hex

    After flashing the SDK 15.3.0 example works fine but the (APP, SD, BL) DFU to the SDK 17.0.2 still fails with the same error...

  • Hi Hannes, 

    Could you provide the log of bootloader with _debug version?

    Are you able to update SD and bootloader with SIGNATURE CHECK? Do you get the same error message?

    -Amanda H.

  • Hi Amanda,

    updating only SD and BL with NRF_BL_APP_SIGNATURE_CHECK_REQUIRED failes with the same error. Attached you can find the RTT output of the _debug version for both cases.
    DFU_Log_APP_SD_BL.txt

    DFU_Log_SD_BL.txt

  • Hi Hannes, 

    From both logs, I see: 

    <error> nrf_dfu_validation: Signature failed (err_code: 0x8542). 

    Do you enable the NRF_BL_APP_SIGNATURE_CHECK_REQUIRED to 1 in the sdk_config.h of the old and new bootloaders while updating from SDK15.3 to SDK17?

    <error> nrf_dfu_req_handler: Object size must be page aligned

    The object size must be page-aligned. Usually, the object size is 4kB. It's mentioned here in the error code.

     

    hannes said:
    After flashing the SDK 15.3.0 example works fine but the (APP, SD, BL) DFU to the SDK 17.0.2 still fails with the same error...

    Do you mean the same old SDK 15.3.0 bootloader with SIGNATURE_CHECK can update with SDK 15.3.0 examples? 

    Regards,

    Amanda H.

Related