This post is older than 2 years and might not be relevant anymore
More Info: Consider searching for newer posts

Secure DFU (APP, SD, BL) from SDK 15.3.0 to SDK 17.0.2 with VALIDATE_ECDSA_P256_SHA256

Hi,

I'm running a custom board with a custom example on SDK 15.3.0 using the SDK 15.3.0 Secure Bootloader and SoftDevice S112 V 6.1.1. The used nRF52832 is flashed with a bootloader-settings file created by the following command:

nrfutil settings generate --family NRF52 --application app.hex --application-version 0 --bootloader-version 0 --bl-settings-version 1 bootloader_settings.hex

Now I have migrated the example to SDK 17.0.2 and SoftDevice S112 V 7.2.0 and the SDK 17.0.2 Bootloader. When creating the DFU Package to update APP + SD + BL I also want to specify the VALIDATE_ECDSA_P256_SHA256 option to have a secure boot validation after the DFU. So I changed NRF_BL_APP_SIGNATURE_CHECK_REQUIRED to 1 in the sdk_config.h of the new bootloader. The DFU-package is generated using the following command:

nrfutil pkg generate --hw-version 52 --application-version 1 --application app17.0.2.hex --sd-req 0x00B8 --sd-id 0x0103 --softdevice s112_nrf52_7.2.0_softdevice.hex --bootloader-version 1 --bootloader secure_bootloader_ble_s112_pca10040.hex --key-file private.key --app-boot-validation VALIDATE_ECDSA_P256_SHA256 --sd-boot-validation VALIDATE_ECDSA_P256_SHA256 dfu_update_app_sd_bl_15to17.zip

Performing the DFU using nRF Connect v 3.6.1 for Windows Desktop I'm getting the error "ERROR DFU failed with error: When writing 'CREATE' command to Control Point Characteristic of DFU Target: Could not write CREATE command: Device disconnected." or the error "ERROR DFU failed with error: When writing 'CREATE' command to Control Point Characteristic of DFU Target: Operation code 1 (CREATE) failed on DFU Target. Result code 3 (INVALID_PARAMETER)." after sd_bl.bin was transferred.

Using VALIDATE_GENERATED_SHA256 instead of VALIDATE_ECDSA_P256_SHA256 when generating the DFU-Package i'm getting the same errors but this time just after app.bin was transferred (so the transfer of sd_bl.bin is successful).

The DFU Update is only successful when setting NRF_BL_APP_SIGNATURE_CHECK_REQUIRED to 0 again and not using --sd-boot-validation and --app-boot-validation. I'm using nrfutil 6.1.0.

  • Hi Amanda,

    no, the provided logs were taken when NRF_BL_APP_SIGNATURE_CHECK_REQUIRED was set to 0 in the sdk_config.h of the old SDK 15.3.0 bootloader while updating to SDK17.

    The SDK 15.3.0 bootloader settings were generated by:
    nrfutil settings generate --family NRF52 --application app.hex --application-version 0 --bootloader-version 0 --bl-settings-version 1 bootloader_settings.hex



    When I set NRF_BL_APP_SIGNATURE_CHECK_REQUIRED to 1 in the sdk_config.h of the old SDK 15.3.0 bootloader while updating to SDK17 I'm getting the same error (see attached logfile).

    The SDK 15.3.0 bootloader settings were generated by:
    nrfutil settings generate --family NRF52 --application app.hex --application-version 0 --bootloader-version 0 --bl-settings-version 2 --app-boot-validation VALIDATE_ECDSA_P256_SHA256 --sd-boot-validation VALIDATE_ECDSA_P256_SHA256 --softdevice s112_nrf52_6.1.1_softdevice.hex --key-file private.key bootloader_settings.hex

    And, yes, the same SDK 15.3.0 bootloader with NRF_BL_APP_SIGNATURE_CHECK_REQUIRED set to 1 performs SDK 15.3.0 APP-Updates (without SD and BL) without any problems.

    DFU_Log_APP_SD_BL with Signaturecheck required.txt

    How can I modify the page-alignment? The DFU Packages are generated with nrfutil.

  • Hi Hannes,

    Sorry for the delay. 

    nrfutil pkg generate --hw-version 52 --application-version 1 --application app17.0.2.hex --sd-req 0x00B8 --sd-id 0x0103 --softdevice s112_nrf52_7.2.0_softdevice.hex --bootloader-version 1 --bootloader secure_bootloader_ble_s112_pca10040.hex --key-file private.key --app-boot-validation VALIDATE_ECDSA_P256_SHA256 --sd-boot-validation VALIDATE_ECDSA_P256_SHA256 dfu_update_app_sd_bl_15to17.zip

    Created the package with --app-boot-validation only (remove --sd-boot-validation VALIDATE_ECDSA_P256_SHA256), the update should work fine. In Creating a firmware package with nrfutil section, If you include both a bootloader and a SoftDevice in your firmware package, those two images will be merged together." I think the bootloader treats the SD+BL as an application image, so --sd-boot-validation VALIDATE_ECDSA_P256_SHA256 might cause the error. 

    hannes said:
    How can I modify the page-alignment? The DFU Packages are generated with nrfutil.

    I guess that error comes with the Signature failed. If the package is only generated with --app-boot-validation and work, this error will also go out. 

    -Amanda H.

  • Hi Amanda,

    I've removed "-sd-boot-validation VALIDATE_ECDSA_P256_SHA256" from the nrfutil command when generating the update package.

    No matter if the old SDK 15.3.0 Bootloader was compiled with or without NRF_BL_APP_SIGNATURE_CHECK_REQUIRED enabled the DFU process failes with the error "Connect timed out." In both cases the board remains in a dead state as it doesn't resume to it's normal activity or DFU mode. Also after repowering or pressing the hardware DFU-button the board stays dead. The only way is to erase the board using the programmer. Attached you can find the logs with and without NRF_BL_APP_SIGNATURE_CHECK_REQUIRED enabled for the old SDK 15.3.0 Bootloader.

    1 - CHECK_REQUIRED = 1.txt

    2 - CHECK_REQUIRED = 0.txt 

  • Hi Hannes, 

    Could you try the bootloader without the debug feature? I have the same issue with the debug version, but another one without debug can work.

    -Amanda H.  

  • Hi Amanda

    thank you very much! So it works with the bootloader without the debug feature and removing --sd-boot-validation VALIDATE_ECDSA_P256_SHA256 when creating the update package.

    It works also when the "old" bootloader was compiled without NRF_BL_APP_SIGNATURE_CHECK_REQUIRED enabled ;-)

Related