• State Verified Answer
  • Replies 10 replies
  • Subscribers 63 subscribers
  • Views 2303 views
  • Users 0 members are here
Attachments (5) Download All
Nordic Case Info
  • Case ID: 271148
Options
This post is older than 2 years and might not be relevant anymore
More Info: Consider searching for newer posts

Secure DFU (APP, SD, BL) from SDK 15.3.0 to SDK 17.0.2 with VALIDATE_ECDSA_P256_SHA256

hannes

Hi,

I'm running a custom board with a custom example on SDK 15.3.0 using the SDK 15.3.0 Secure Bootloader and SoftDevice S112 V 6.1.1. The used nRF52832 is flashed with a bootloader-settings file created by the following command:

nrfutil settings generate --family NRF52 --application app.hex --application-version 0 --bootloader-version 0 --bl-settings-version 1 bootloader_settings.hex

Now I have migrated the example to SDK 17.0.2 and SoftDevice S112 V 7.2.0 and the SDK 17.0.2 Bootloader. When creating the DFU Package to update APP + SD + BL I also want to specify the VALIDATE_ECDSA_P256_SHA256 option to have a secure boot validation after the DFU. So I changed NRF_BL_APP_SIGNATURE_CHECK_REQUIRED to 1 in the sdk_config.h of the new bootloader. The DFU-package is generated using the following command:

nrfutil pkg generate --hw-version 52 --application-version 1 --application app17.0.2.hex --sd-req 0x00B8 --sd-id 0x0103 --softdevice s112_nrf52_7.2.0_softdevice.hex --bootloader-version 1 --bootloader secure_bootloader_ble_s112_pca10040.hex --key-file private.key --app-boot-validation VALIDATE_ECDSA_P256_SHA256 --sd-boot-validation VALIDATE_ECDSA_P256_SHA256 dfu_update_app_sd_bl_15to17.zip

Performing the DFU using nRF Connect v 3.6.1 for Windows Desktop I'm getting the error "ERROR DFU failed with error: When writing 'CREATE' command to Control Point Characteristic of DFU Target: Could not write CREATE command: Device disconnected." or the error "ERROR DFU failed with error: When writing 'CREATE' command to Control Point Characteristic of DFU Target: Operation code 1 (CREATE) failed on DFU Target. Result code 3 (INVALID_PARAMETER)." after sd_bl.bin was transferred.

Using VALIDATE_GENERATED_SHA256 instead of VALIDATE_ECDSA_P256_SHA256 when generating the DFU-Package i'm getting the same errors but this time just after app.bin was transferred (so the transfer of sd_bl.bin is successful).

The DFU Update is only successful when setting NRF_BL_APP_SIGNATURE_CHECK_REQUIRED to 0 again and not using --sd-boot-validation and --app-boot-validation. I'm using nrfutil 6.1.0.

Parents
  • 0

    Hi Hannes, 

    So I changed NRF_BL_APP_SIGNATURE_CHECK_REQUIRED to 1 in the sdk_config.h of the new bootloader.

    Try to set NRF_BL_APP_SIGNATURE_CHECK_REQUIRED to 1 in the sdk_config.h of the old bootloader, and use the same command with VALIDATE_ECDSA_P256_SHA256. 

    Regards,

    Amanda H.

  • 0 in reply to Amanda Hsieh

    Hi Amanda,

    I changed NRF_BL_APP_SIGNATURE_CHECK_REQUIRED to 1 in the sdk_config.h of the old SDK 15.3.0 bootloader and used the following command to generate the bootloader_settings.hex of the old SDK 15.3.0 project:

    nrfutil settings generate --family NRF52 --application app.hex --application-version 0 --bootloader-version 0 --bl-settings-version 2 --app-boot-validation VALIDATE_ECDSA_P256_SHA256 --sd-boot-validation VALIDATE_ECDSA_P256_SHA256 --softdevice s112_nrf52_6.1.1_softdevice.hex --key-file private.key bootloader_settings.hex

    After flashing the SDK 15.3.0 example works fine but the (APP, SD, BL) DFU to the SDK 17.0.2 still fails with the same error...

  • 0 in reply to hannes

    Hi Hannes, 

    Could you provide the log of bootloader with _debug version?

    Are you able to update SD and bootloader with SIGNATURE CHECK? Do you get the same error message?

    -Amanda H.

  • 0 in reply to Amanda Hsieh

    Hi Amanda,

    updating only SD and BL with NRF_BL_APP_SIGNATURE_CHECK_REQUIRED failes with the same error. Attached you can find the RTT output of the _debug version for both cases.
    DFU_Log_APP_SD_BL.txt

    DFU_Log_SD_BL.txt

  • 0 in reply to hannes

    Hi Hannes, 

    From both logs, I see: 

    <error> nrf_dfu_validation: Signature failed (err_code: 0x8542). 

    Do you enable the NRF_BL_APP_SIGNATURE_CHECK_REQUIRED to 1 in the sdk_config.h of the old and new bootloaders while updating from SDK15.3 to SDK17?

    <error> nrf_dfu_req_handler: Object size must be page aligned

    The object size must be page-aligned. Usually, the object size is 4kB. It's mentioned here in the error code.

     

    hannes said:
    After flashing the SDK 15.3.0 example works fine but the (APP, SD, BL) DFU to the SDK 17.0.2 still fails with the same error...

    Do you mean the same old SDK 15.3.0 bootloader with SIGNATURE_CHECK can update with SDK 15.3.0 examples? 

    Regards,

    Amanda H.

  • 0 in reply to Amanda Hsieh

    Hi Amanda,

    no, the provided logs were taken when NRF_BL_APP_SIGNATURE_CHECK_REQUIRED was set to 0 in the sdk_config.h of the old SDK 15.3.0 bootloader while updating to SDK17.

    The SDK 15.3.0 bootloader settings were generated by:
    nrfutil settings generate --family NRF52 --application app.hex --application-version 0 --bootloader-version 0 --bl-settings-version 1 bootloader_settings.hex



    When I set NRF_BL_APP_SIGNATURE_CHECK_REQUIRED to 1 in the sdk_config.h of the old SDK 15.3.0 bootloader while updating to SDK17 I'm getting the same error (see attached logfile).

    The SDK 15.3.0 bootloader settings were generated by:
    nrfutil settings generate --family NRF52 --application app.hex --application-version 0 --bootloader-version 0 --bl-settings-version 2 --app-boot-validation VALIDATE_ECDSA_P256_SHA256 --sd-boot-validation VALIDATE_ECDSA_P256_SHA256 --softdevice s112_nrf52_6.1.1_softdevice.hex --key-file private.key bootloader_settings.hex

    And, yes, the same SDK 15.3.0 bootloader with NRF_BL_APP_SIGNATURE_CHECK_REQUIRED set to 1 performs SDK 15.3.0 APP-Updates (without SD and BL) without any problems.

    DFU_Log_APP_SD_BL with Signaturecheck required.txt

    How can I modify the page-alignment? The DFU Packages are generated with nrfutil.

Reply
  • 0 in reply to Amanda Hsieh

    Hi Amanda,

    no, the provided logs were taken when NRF_BL_APP_SIGNATURE_CHECK_REQUIRED was set to 0 in the sdk_config.h of the old SDK 15.3.0 bootloader while updating to SDK17.

    The SDK 15.3.0 bootloader settings were generated by:
    nrfutil settings generate --family NRF52 --application app.hex --application-version 0 --bootloader-version 0 --bl-settings-version 1 bootloader_settings.hex



    When I set NRF_BL_APP_SIGNATURE_CHECK_REQUIRED to 1 in the sdk_config.h of the old SDK 15.3.0 bootloader while updating to SDK17 I'm getting the same error (see attached logfile).

    The SDK 15.3.0 bootloader settings were generated by:
    nrfutil settings generate --family NRF52 --application app.hex --application-version 0 --bootloader-version 0 --bl-settings-version 2 --app-boot-validation VALIDATE_ECDSA_P256_SHA256 --sd-boot-validation VALIDATE_ECDSA_P256_SHA256 --softdevice s112_nrf52_6.1.1_softdevice.hex --key-file private.key bootloader_settings.hex

    And, yes, the same SDK 15.3.0 bootloader with NRF_BL_APP_SIGNATURE_CHECK_REQUIRED set to 1 performs SDK 15.3.0 APP-Updates (without SD and BL) without any problems.

    DFU_Log_APP_SD_BL with Signaturecheck required.txt

    How can I modify the page-alignment? The DFU Packages are generated with nrfutil.

Children
  • 0 in reply to hannes

    Hi Hannes,

    Sorry for the delay. 

    nrfutil pkg generate --hw-version 52 --application-version 1 --application app17.0.2.hex --sd-req 0x00B8 --sd-id 0x0103 --softdevice s112_nrf52_7.2.0_softdevice.hex --bootloader-version 1 --bootloader secure_bootloader_ble_s112_pca10040.hex --key-file private.key --app-boot-validation VALIDATE_ECDSA_P256_SHA256 --sd-boot-validation VALIDATE_ECDSA_P256_SHA256 dfu_update_app_sd_bl_15to17.zip

    Created the package with --app-boot-validation only (remove --sd-boot-validation VALIDATE_ECDSA_P256_SHA256), the update should work fine. In Creating a firmware package with nrfutil section, If you include both a bootloader and a SoftDevice in your firmware package, those two images will be merged together." I think the bootloader treats the SD+BL as an application image, so --sd-boot-validation VALIDATE_ECDSA_P256_SHA256 might cause the error. 

    hannes said:
    How can I modify the page-alignment? The DFU Packages are generated with nrfutil.

    I guess that error comes with the Signature failed. If the package is only generated with --app-boot-validation and work, this error will also go out. 

    -Amanda H.

  • 0 in reply to Amanda Hsieh

    Hi Amanda,

    I've removed "-sd-boot-validation VALIDATE_ECDSA_P256_SHA256" from the nrfutil command when generating the update package.

    No matter if the old SDK 15.3.0 Bootloader was compiled with or without NRF_BL_APP_SIGNATURE_CHECK_REQUIRED enabled the DFU process failes with the error "Connect timed out." In both cases the board remains in a dead state as it doesn't resume to it's normal activity or DFU mode. Also after repowering or pressing the hardware DFU-button the board stays dead. The only way is to erase the board using the programmer. Attached you can find the logs with and without NRF_BL_APP_SIGNATURE_CHECK_REQUIRED enabled for the old SDK 15.3.0 Bootloader.

    1 - CHECK_REQUIRED = 1.txt

    2 - CHECK_REQUIRED = 0.txt 

  • +1 in reply to hannes

    Hi Hannes, 

    Could you try the bootloader without the debug feature? I have the same issue with the debug version, but another one without debug can work.

    -Amanda H.  

  • 0 in reply to Amanda Hsieh

    Hi Amanda

    thank you very much! So it works with the bootloader without the debug feature and removing --sd-boot-validation VALIDATE_ECDSA_P256_SHA256 when creating the update package.

    It works also when the "old" bootloader was compiled without NRF_BL_APP_SIGNATURE_CHECK_REQUIRED enabled ;-)

Related