• State Verified Answer
  • Replies 6 replies
  • Subscribers 87 subscribers
  • Views 2040 views
  • Users 0 members are here
Attachments (0)
Nordic Case Info
  • Case ID: 272006
Options
This post is older than 2 years and might not be relevant anymore
More Info: Consider searching for newer posts

Secure DFU production configuration

cemerick

Using SDK17.0.2 and added secure, dual bank, button based bootloader DFU for use with our application.
Was based on DK52 secure bootloader debug example.
It all works as expected when programming Bootloader, SD (and application) using nRF Connect .
After programming the debug indicates bootloader/DFU is working as expected and will enter DFU update mode if the button is pressed on powerup.
Can successfully do the DFU update using a signed and versioned package.


The problem is that I cant get a production single .hex package to work.
I do a nrfjprog -f nrf52 --recover before programming using nrfjprog --program and then the .hex package.
It programs ok but the bootloader/DFU don't run.
I don't see any of the debug info that worked when the device was programmed using three files and nRF Connect to program.

Are there additional steps in the process or changes in sdk17.0.2 that are automatically handled by nRF Connect ?
Does (for example) nRF Connect generate and program bootloader settings that need to be addressed in the nrfprog process steps ?
If so please point me to an example or related documentation.

  • 0 in reply to Amanda Hsieh

    That looks like just what I needed. Will post results later today after trying. Thank you. 

  • 0 in reply to Amanda Hsieh

    Bootloader/DFU still not running. The main application runs on powerup and the DFU related button does not change the behavior. Don't see any debug info on rtt viewer other than main but dfu debug info works when programmed using nRF Connect.

    Using sdk17.02 here is what I am using:

    (dfu38) J:\DFU>nrfutil settings generate --family NRF52840 --application gw.hex --application-version 0 --bootloader-version 0 --bl-settings-version 2 bl_setting.hex

     

    Note: Generating a DFU settings page with backup page included.

    This is only required for bootloaders from nRF5 SDK 15.1 and newer.

    If you want to skip backup page generation, use --no-backup option.

     

    Generated Bootloader DFU settings .hex file and stored it in: bl_setting.hex

     

    Bootloader DFU Settings:

    * File:                     bl_setting.hex

    * Family:                   NRF52840

    * Start Address:            0x000FF000

    * CRC:                      0x59A37020

    * Settings Version:         0x00000002 (2)

    * App Version:              0x00000000 (0)

    * Bootloader Version:       0x00000000 (0)

    * Bank Layout:              0x00000000

    * Current Bank:             0x00000000

    * Application Size:         0x00035A9C (219804 bytes)

    * Application CRC:          0x0CEF584D

    * Bank0 Bank Code:          0x00000001

    * Softdevice Size:          0x00000000 (0 bytes)

    * Boot Validation CRC:      0x3161D593

    * SD Boot Validation Type:  0x00000000 (0)

    * App Boot Validation Type: 0x00000001 (1)

     

     

    (dfu38) J:\DFU>mergehex --merge bl_setting.hex secure_bootloader_ble_s140_pca10056.hex s140_nrf52_7.2.0_softdevice.hex --output bl_set_s140.hex

    Parsing input files.

    Merging file "bl_setting.hex" into output.

    Merging file "secure_bootloader_ble_s140_pca10056.hex" into output.

    Merging file "s140_nrf52_7.2.0_softdevice.hex" into output.

    Storing merged file.

     

    (dfu38) J:\DFU>mergehex --merge bl_set_s140.hex gw.hex --output prod_set_s140_app.hex

    Parsing input files.

    Merging file "bl_set_s140.hex" into output.

    Merging file "gw.hex" into output.

    Storing merged file.

     

    (dfu38) J:\Medsense\DFU>nrfjprog -f nrf52 --recover

    Recovering device. This operation might take 30s.

    Erasing user code and UICR flash areas.

     

    (dfu38) J:\DFU>nrfjprog --program prod_set_s140_app.hex

    Parsing image file.

    Reading flash area to program to guarantee it is erased.

    Checking that the area to write is not protected.

    Programming device.

     

     

    (dfu38) J:\DFU>nrfutil settings display bl_setting.hex

    Bad access at 0x7F000: not enough data to read 4 contiguous bytes

     

    Bootloader DFU Settings:

    * File:                     bl_setting.hex

    * Family:                   NRF52840

    * Start Address:            0x000FE000

    * CRC:                      0x59A37020

    * Settings Version:         0x00000002 (2)

    * App Version:              0x00000000 (0)

    * Bootloader Version:       0x00000000 (0)

    * Bank Layout:              0x00000000

    * Current Bank:             0x00000000

    * Application Size:         0x00035A9C (219804 bytes)

    * Application CRC:          0x0CEF584D

    * Bank0 Bank Code:          0x00000001

    * Softdevice Size:          0x00000000 (0 bytes)

    * Boot Validation CRC:      0x3161D593

    * SD Boot Validation Type:  0x00000000 (0)

    * App Boot Validation Type: 0x00000001 (1)

  • 0 in reply to cemerick

    Hi Clark, 

    What is the gw.hex? Can it run without DFU? You can test with hrs_application_s140.hex under nRF5_SDK_17.0.2\examples\dfu\secure_dfu_test_images\ble\nrf52840

    Seems you forgot to reset the board after programming prod_set_s140_app.hex.

    The following are the commands I get the hrs app work:

    nrfutil settings generate --family NRF52840 --application hrs_application_s140.hex --application-version 0 --bootloader-version 0 --bl-settings-version 2 bl_setting.hex
mergehex --merge bl_setting.hex secure_bootloader_ble_s140_pca10056.hex s140_nrf52_7.2.0_softdevice.hex --output bl_set_s140.hex
mergehex --merge bl_set_s140.hex hrs_application_s140.hex --output prod_set_s140_app.hex
nrfjprog -f nrf52 -e
nrfjprog --program prod_set_s140_app.hex -r

    Can you try that? Please let me know it can help or not. Thanks. 

    -Amanda H. 

  • 0 in reply to Amanda Hsieh

    The gw.hex is the main application that scans for our beacons and then sends beacon data to our backend over wifi. It is what is running after I program the device using both the process I posted and just now, using your suggestions. Since a valid app is loaded that should match the generated settings it seems normal that it runs after power reset. 

    But the button press does not force dfu mode on powerup and unfortunately the rtt viewer does not provide any info at that point.

    Below is the output from the generate command, can you look at it and/or provide the results you get please ?

    Note: Generating a DFU settings page with backup page included.
    This is only required for bootloaders from nRF5 SDK 15.1 and newer.
    If you want to skip backup page generation, use --no-backup option.

    Generated Bootloader DFU settings .hex file and stored it in: bl_setting.hex

    Bootloader DFU Settings:
    * File: bl_setting.hex
    * Family: NRF52840
    * Start Address: 0x000FF000
    * CRC: 0x9827517A
    * Settings Version: 0x00000002 (2)
    * App Version: 0x00000000 (0)
    * Bootloader Version: 0x00000000 (0)
    * Bank Layout: 0x00000000
    * Current Bank: 0x00000000
    * Application Size: 0x00035AAC (219820 bytes)
    * Application CRC: 0xDBD3646B
    * Bank0 Bank Code: 0x00000001
    * Softdevice Size: 0x00000000 (0 bytes)
    * Boot Validation CRC: 0x423BCF44
    * SD Boot Validation Type: 0x00000000 (0)
    * App Boot Validation Type: 0x00000001 (1)

    I am going to modify the bootloader code to make use of an LED to indicate the button has triggered dfu mode entry.

Related
Terms of service