Hi,
I'm running a custom board with a custom example on SDK 15.3.0 using the SDK 15.3.0 Secure Bootloader and SoftDevice S112 V 6.1.1. The used nRF52832 is flashed with a bootloader-settings file created by the following command:
nrfutil settings generate --family NRF52 --application app.hex --application-version 0 --bootloader-version 0 --bl-settings-version 1 bootloader_settings.hex
Now I have migrated the example to SDK 17.0.2 and SoftDevice S112 V 7.2.0 and the SDK 17.0.2 Bootloader. When creating the DFU Package to update APP + SD + BL I also want to specify the VALIDATE_ECDSA_P256_SHA256 option to have a secure boot validation after the DFU. So I changed NRF_BL_APP_SIGNATURE_CHECK_REQUIRED to 1 in the sdk_config.h of the new bootloader. The DFU-package is generated using the following command:
nrfutil pkg generate --hw-version 52 --application-version 1 --application app17.0.2.hex --sd-req 0x00B8 --sd-id 0x0103 --softdevice s112_nrf52_7.2.0_softdevice.hex --bootloader-version 1 --bootloader secure_bootloader_ble_s112_pca10040.hex --key-file private.key --app-boot-validation VALIDATE_ECDSA_P256_SHA256 --sd-boot-validation VALIDATE_ECDSA_P256_SHA256 dfu_update_app_sd_bl_15to17.zip
Performing the DFU using nRF Connect v 3.6.1 for Windows Desktop I'm getting the error "ERROR DFU failed with error: When writing 'CREATE' command to Control Point Characteristic of DFU Target: Could not write CREATE command: Device disconnected." or the error "ERROR DFU failed with error: When writing 'CREATE' command to Control Point Characteristic of DFU Target: Operation code 1 (CREATE) failed on DFU Target. Result code 3 (INVALID_PARAMETER)." after sd_bl.bin was transferred.
Using VALIDATE_GENERATED_SHA256 instead of VALIDATE_ECDSA_P256_SHA256 when generating the DFU-Package i'm getting the same errors but this time just after app.bin was transferred (so the transfer of sd_bl.bin is successful).
The DFU Update is only successful when setting NRF_BL_APP_SIGNATURE_CHECK_REQUIRED to 0 again and not using --sd-boot-validation and --app-boot-validation. I'm using nrfutil 6.1.0.