DFU keys update

Hi,

Which DFU solution are you using? There is both the standard DFU bootloader solution from nRF5 SDK, and the particular solution for Thread Secure DFU. The latter can only be used for application updates, and so I assume that you are talking about the (serial) DFU bootloader from nRF5 SDK.

For the one from nRF5 SDK, the DFU bootloader contains a public key, which is used for checking the signing. It will therefore accept any update signed with the corresponding private key.

With key pairs 1 and 2, and bootloaders 1 and 2, the update will go like this:

1. On SoC: Bootloader 1, compiled with public key 1.
2. Bootloader 2 (compiled with public key 2) is put into an update package signed with private key 1.
3. DFU is performed.
4. Now on SoC: Bootloader 2, compiled with public key 2.
5. New updates can be prepared and signed with private key 2.
6. The SoC, now with bootloader 2, can accept those new updates.

In your case, in 6, the bootloader claims the signing is wrong. This may be either because the old bootloader (with old key) is still on the SoC (i.e. the first update failed), or because there is something wrong with the update.

Have you confirmed that the first bootloader update succeeded?
Have you confirmed that the upgrade zip packet is working as expected if programming bootloader 2 directly first?

Regards,
Terje

Hi,

Which DFU solution are you using? There is both the standard DFU bootloader solution from nRF5 SDK, and the particular solution for Thread Secure DFU. The latter can only be used for application updates, and so I assume that you are talking about the (serial) DFU bootloader from nRF5 SDK.

For the one from nRF5 SDK, the DFU bootloader contains a public key, which is used for checking the signing. It will therefore accept any update signed with the corresponding private key.

With key pairs 1 and 2, and bootloaders 1 and 2, the update will go like this:

1. On SoC: Bootloader 1, compiled with public key 1.
2. Bootloader 2 (compiled with public key 2) is put into an update package signed with private key 1.
3. DFU is performed.
4. Now on SoC: Bootloader 2, compiled with public key 2.
5. New updates can be prepared and signed with private key 2.
6. The SoC, now with bootloader 2, can accept those new updates.

In your case, in 6, the bootloader claims the signing is wrong. This may be either because the old bootloader (with old key) is still on the SoC (i.e. the first update failed), or because there is something wrong with the update.

Have you confirmed that the first bootloader update succeeded?
Have you confirmed that the upgrade zip packet is working as expected if programming bootloader 2 directly first?

Regards,
Terje

Hi Terje,

Thanks for quick reaction. 

I'm using Thread Secure DFU. You are right, I missed step when I update keys for bootloader (Is not required for SDK2, because there is no signature validation by bootloder). 

I try to update like this (SDK4):

1. Prepare keys pair 1 (let's call them pub1 and priv1) and pair 2 (pub2 and priv2)
2. On SoC: Bootloader 1, Application 1, compiled with public key 1 (pub1), signed with private key 1 (priv1).
3. Prepare bootlader dfu package (compiled with pub2, signed with priv1)
4. DFU is performed
5. Prepare application dfu package (compiled with pub2, signed with priv1)
6. DFU is performed
7. Now I have bootloader 2 and application 2
8. Prepare application dfu package (compiled with pub2, signed with priv2)
9. DFU is performed
   1. application is downloaded correctly
   2. reboot after DFU
   3. bootloader - signature error 

In case 9.c I got bootloader error debug:

<error> nrf_dfu_validation: Signature failed (err_code: 0x8542)

Please let me know if my steps are ok.

Regards 

Piotr