• State Verified Answer
  • Replies 10 replies
  • Subscribers 63 subscribers
  • Views 2319 views
  • Users 0 members are here
Attachments (5) Download All
Nordic Case Info
  • Case ID: 271148
Options
This post is older than 2 years and might not be relevant anymore
More Info: Consider searching for newer posts

Secure DFU (APP, SD, BL) from SDK 15.3.0 to SDK 17.0.2 with VALIDATE_ECDSA_P256_SHA256

hannes

Hi,

I'm running a custom board with a custom example on SDK 15.3.0 using the SDK 15.3.0 Secure Bootloader and SoftDevice S112 V 6.1.1. The used nRF52832 is flashed with a bootloader-settings file created by the following command:

nrfutil settings generate --family NRF52 --application app.hex --application-version 0 --bootloader-version 0 --bl-settings-version 1 bootloader_settings.hex

Now I have migrated the example to SDK 17.0.2 and SoftDevice S112 V 7.2.0 and the SDK 17.0.2 Bootloader. When creating the DFU Package to update APP + SD + BL I also want to specify the VALIDATE_ECDSA_P256_SHA256 option to have a secure boot validation after the DFU. So I changed NRF_BL_APP_SIGNATURE_CHECK_REQUIRED to 1 in the sdk_config.h of the new bootloader. The DFU-package is generated using the following command:

nrfutil pkg generate --hw-version 52 --application-version 1 --application app17.0.2.hex --sd-req 0x00B8 --sd-id 0x0103 --softdevice s112_nrf52_7.2.0_softdevice.hex --bootloader-version 1 --bootloader secure_bootloader_ble_s112_pca10040.hex --key-file private.key --app-boot-validation VALIDATE_ECDSA_P256_SHA256 --sd-boot-validation VALIDATE_ECDSA_P256_SHA256 dfu_update_app_sd_bl_15to17.zip

Performing the DFU using nRF Connect v 3.6.1 for Windows Desktop I'm getting the error "ERROR DFU failed with error: When writing 'CREATE' command to Control Point Characteristic of DFU Target: Could not write CREATE command: Device disconnected." or the error "ERROR DFU failed with error: When writing 'CREATE' command to Control Point Characteristic of DFU Target: Operation code 1 (CREATE) failed on DFU Target. Result code 3 (INVALID_PARAMETER)." after sd_bl.bin was transferred.

Using VALIDATE_GENERATED_SHA256 instead of VALIDATE_ECDSA_P256_SHA256 when generating the DFU-Package i'm getting the same errors but this time just after app.bin was transferred (so the transfer of sd_bl.bin is successful).

The DFU Update is only successful when setting NRF_BL_APP_SIGNATURE_CHECK_REQUIRED to 0 again and not using --sd-boot-validation and --app-boot-validation. I'm using nrfutil 6.1.0.

Related

core_v2_widget.Hide()