• State Not Answered
  • Replies 11 replies
  • Subscribers 74 subscribers
  • Views 3844 views
  • Users 0 members are here
Attachments (0)
Nordic Case Info
  • Case ID: 276485
Options
This post is older than 2 years and might not be relevant anymore
More Info: Consider searching for newer posts

MCUboot image in secondary slot is not valid

ballen7

Hello, I currently have nrf9160 devices deployed running nrf connect sdk v1.3.0 that fails to reboot into the secondary image. It specifically happens when I try to send a update that was built with nrf connect version 1.4.2 

From my old versions build directory built with sdk 1.3.0, I copied the contents from partitions_nrf9160dk_nrf9160.yml and made a pm_static.yml file inside my new versions project directory.

pm_static.yml

EMPTY_0:
  address: 0xc000
  placement:
    before:
    - mcuboot_pad
  region: flash_primary
  size: 0x4000
app:
  address: 0x1c200
  region: flash_primary
  size: 0x6be00
mcuboot:
  address: 0x0
  placement:
    before:
    - mcuboot_primary
  region: flash_primary
  size: 0xc000
mcuboot_pad:
  address: 0x10000
  placement:
    align:
      start: 0x8000
    before:
    - mcuboot_primary_app
  region: flash_primary
  size: 0x200
mcuboot_primary:
  address: 0x10000
  orig_span: &id001
  - spm
  - app
  - mcuboot_pad
  region: flash_primary
  sharers: 0x1
  size: 0x78000
  span: *id001
mcuboot_primary_app:
  address: 0x10200
  orig_span: &id002
  - app
  - spm
  region: flash_primary
  size: 0x77e00
  span: *id002
mcuboot_secondary:
  address: 0x88000
  placement:
    after:
    - mcuboot_primary
    align:
      start: 0x1000
  region: flash_primary
  share_size:
  - mcuboot_primary
  size: 0x78000
otp:
  address: 0xff8108
  region: otp
  size: 0x2f4
spm:
  address: 0x10200
  inside:
  - mcuboot_primary_app
  placement:
    before:
    - app
  region: flash_primary
  size: 0xc000

In my new versions (nrf connect v1.4.2) build directory partitions.yml was generated...

partitions.yml

EMPTY_0:
  address: 0xc000
  placement:
    before:
    - mcuboot_pad
  region: flash_primary
  size: 0x4000
app:
  address: 0x1c200
  region: flash_primary
  size: 0x6be00
bsdlib_sram:
  address: 0x20010000
  placement:
    after:
    - spm_sram
    - start
  region: sram_primary
  size: 0x10000
mcuboot:
  address: 0x0
  placement:
    before:
    - mcuboot_primary
  region: flash_primary
  size: 0xc000
mcuboot_pad:
  address: 0x10000
  placement:
    align:
      start: 0x8000
    before:
    - mcuboot_primary_app
  region: flash_primary
  size: 0x200
mcuboot_primary:
  address: 0x10000
  orig_span: &id001
  - spm
  - app
  - mcuboot_pad
  region: flash_primary
  sharers: 0x1
  size: 0x78000
  span: *id001
mcuboot_primary_app:
  address: 0x10200
  orig_span: &id002
  - app
  - spm
  region: flash_primary
  size: 0x77e00
  span: *id002
mcuboot_secondary:
  address: 0x88000
  placement:
    after:
    - mcuboot_primary
    align:
      start: 0x1000
  region: flash_primary
  share_size:
  - mcuboot_primary
  size: 0x78000
otp:
  address: 0xff8108
  region: otp
  size: 0x2f4
spm:
  address: 0x10200
  inside:
  - mcuboot_primary_app
  placement:
    before:
    - app
  region: flash_primary
  size: 0xc000
spm_sram:
  address: 0x20000000
  inside:
  - sram_secure
  placement:
    after:
    - start
  region: sram_primary
  size: 0x10000
sram_primary:
  address: 0x20020000
  region: sram_primary
  size: 0x20000
sram_secure:
  address: 0x20000000
  orig_span: &id003
  - spm_sram
  region: sram_primary
  size: 0x10000
  span: *id003

These are the logs I gathered...

*** Booting Zephyr OS build v2.3.0-rc1-ncs3  ***
[00:00:00.003,143] [<inf> mcuboot: Starting bootloader
[00:00:00.008,819] [<inf> mcuboot: Primary image: magic=unset, swap_type=0x1, copy_done=0x3, image_ok=0x3
[00:00:00.018,066] [<inf> mcuboot: Boot source: none
[00:00:00.023,101] [<inf> mcuboot: Swap type: perm
[00:00:10.750,274] [<err> mcuboot: Image in the secondary slot is not valid!
[00:00:11.081,756] [<inf> mcuboot: Bootloader chainload address offset: 0x10000
[00:00:11.089,599] [<inf> mcuboot: Jumping to the first image slot
*** Booting Zephyr OS build v2.3.0-rc1-ncs3  ***
Flash regions		Domain		Permissions
00 02 0x00000 0x18000 	Secure		rwxl
03 31 0x18000 0x100000 	Non-Secure	rwxl

Non-secure callable region 0 placed in flash region 2 with size 32.

SRAM region		Domain		Permissions
00 07 0x00000 0x10000 	Secure		rwxl
08 31 0x10000 0x40000 	Non-Secure	rwxl

Peripheral		Domain		Status
00 NRF_P0               Non-Secure	OK
01 NRF_CLOCK            Non-Secure	OK
02 NRF_RTC0             Non-Secure	OK
03 NRF_RTC1             Non-Secure	OK
04 NRF_NVMC             Non-Secure	OK
05 NRF_UARTE1           Non-Secure	OK
06 NRF_UARTE2           Secure		SKIP
07 NRF_TWIM2            Non-Secure	OK
08 NRF_SPIM3            Non-Secure	OK
09 NRF_TIMER0           Non-Secure	OK
10 NRF_TIMER1           Non-Secure	OK
11 NRF_TIMER2           Non-Secure	OK
12 NRF_SAADC            Non-Secure	OK
13 NRF_PWM0             Non-Secure	OK
14 NRF_PWM1             Non-Secure	OK
15 NRF_PWM2             Non-Secure	OK
16 NRF_PWM3             Non-Secure	OK
17 NRF_WDT              Non-Secure	OK
18 NRF_IPC              Non-Secure	OK
19 NRF_VMC              Non-Secure	OK
20 NRF_FPU              Non-Secure	OK
21 NRF_EGU1             Non-Secure	OK
22 NRF_EGU2             Non-Secure	OK
23 NRF_DPPIC            Non-Secure	OK
24 NRF_GPIOTE1          Non-Secure	OK
25 NRF_REGULATORS       Non-Secure	OK

SPM: NS image at 0x1c200
SPM: NS MSP at 0x2002fcf8
SPM: NS reset vector at 0x21e25
SPM: prepare to jump to Non-Secure image.
*** Booting Zephyr OS build v2.3.0-rc1-ncs3  ***

It is failing at this line.

This is the new versions prj.conf 

# General config
CONFIG_NEWLIB_LIBC=y
CONFIG_RESET_ON_FATAL_ERROR=n
CONFIG_NCS_SAMPLES_DEFAULTS=y
CONFIG_REBOOT=y
CONFIG_ASSERT=y

# Network
CONFIG_NETWORKING=y
CONFIG_NET_NATIVE=n
CONFIG_NET_SOCKETS=y
CONFIG_NET_SOCKETS_OFFLOAD=y

# LTE link control
CONFIG_LTE_LINK_CONTROL=y
CONFIG_LTE_NETWORK_MODE_LTE_M=y
CONFIG_LTE_AUTO_INIT_AND_CONNECT=n

#key management
CONFIG_MODEM_KEY_MGMT=y

# BSD library
CONFIG_BSD_LIBRARY=y
CONFIG_BSD_LIBRARY_SYS_INIT=n

# DK
#CONFIG_DK_LIBRARY=y

# Generic cloud API
#CONFIG_CLOUD_API=y

# nRF Cloud
#CONFIG_NRF_CLOUD=y

# UART 1
CONFIG_SERIAL=y
CONFIG_TRUSTED_EXECUTION_NONSECURE=y
CONFIG_UART_INTERRUPT_DRIVEN=y
#CONFIG_UART_1_NRF_UARTE=y


# FOTA
CONFIG_BOOTLOADER_MCUBOOT=y
CONFIG_IMG_MANAGER=y
CONFIG_MCUBOOT_IMG_MANAGER=y
CONFIG_IMG_ERASE_PROGRESSIVELY=y
CONFIG_FLASH=y
CONFIG_MPU_ALLOW_FLASH_WRITE=y

# MBED TLS
CONFIG_MBEDTLS=y
CONFIG_MBEDTLS_SHA1_C=y

# Heap and stacks
# Extended memory heap size needed for encoding nRF Cloud messages to JSON
CONFIG_HEAP_MEM_POOL_SIZE=8192
CONFIG_MAIN_STACK_SIZE=10240
CONFIG_SYSTEM_WORKQUEUE_STACK_SIZE=2048

#Disabel optimization
#CONFIG_NO_OPTIMIZATIONS=y

Any help is appreciated, Thanks.

Parents
  • 0

    Hi,

     

    Could you check if the mcuboot boot signature algorithm type is equal on both ends? This was defaulted to ECDSA (CONFIG_BOOT_SIGNATURE_TYPE_RSA=y) in mcuboot after ncs v1.2.0.

    If the original project has "CONFIG_BOOT_SIGNATURE_TYPE_RSA=y" set, this must also be set in future projects. Could you check this and set this on the ncs v1.4.x project?

     

    Kind regards,

    Håkon

  • 0 in reply to Håkon Alseth

    Hello when I try this I get the error, 

    Merged configuration 'C:/Users/ballen/code/ttp/lte-modem/prj.conf'
-- Configuring incomplete, errors occurred!
-- Using NCS Toolchain 1.4.2 for building. (C:/Users/ballen/ncs/v1.4.2/toolchain/cmake)
warning: unit address and first address in 'reg' (0x50000) don't match for /soc/peripheral@40000000/flash-controller@39000/flash@0/partitions/partition@40000
warning: unit address and first address in 'reg' (0xc0000) don't match for /soc/peripheral@40000000/flash-controller@39000/flash@0/partitions/partition@b0000

warning: MBEDTLS_SHA1_C (defined at C:/Users/ballen/ncs/v1.4.2/nrfxlib\nrf_security/Kconfig:1293)
was assigned the value 'y' but got the value 'n'. Check these unsatisfied dependencies:
NRF_SECURITY_ANY_BACKEND (=n), NORDIC_SECURITY_BACKEND (=n). See
http://docs.zephyrproject.org/latest/reference/kconfig/CONFIG_MBEDTLS_SHA1_C.html and/or look up
MBEDTLS_SHA1_C in the menuconfig/guiconfig interface. The Application Development Primer, Setting
Configuration Values, and Kconfig - Tips and Best Practices sections of the manual might be helpful
too.


C:/Users/ballen/code/ttp/lte-modem/prj.conf:48: warning: attempt to assign the value 'y' to the undefined symbol BOOT_SIGNATURE_TYPE_RSA

error: Aborting due to Kconfig warnings

CMake Error at C:/Users/ballen/ncs/v1.4.2/zephyr/cmake/kconfig.cmake:239 (message):
  command failed with return code: 1
Call Stack (most recent call first):
  C:/Users/ballen/ncs/v1.4.2/zephyr/cmake/app/boilerplate.cmake:591 (include)
  CMakeLists.txt:9 (include)



error: cmake failed
create_nordic_project.py failed (1)

  • 0 in reply to ballen7

    Hi,

     

    You should set this in the mcuboot configuration file.

    As ncs v1.4.2 is an older version, you need to specify this in the CMakeLists.txt file:

    # Add this just below the line "cmake_minimum_required(...)" !!
if (EXISTS "${CMAKE_CURRENT_SOURCE_DIR}/mcuboot.conf")
  list(APPEND mcuboot_OVERLAY_CONFIG
    "${CMAKE_CURRENT_SOURCE_DIR}/mcuboot.conf"
    )
endif()

    Then create mcuboot.conf in your application folder and add the CONFIG entry there.

     

    Note: for newer ncs versions, you should create my_application/child_image/mcuboot.conf and it will be automatically picked up and merged with the default configuration.

     

    Kind regards,

    Håkon

  • 0 in reply to ballen7

    Hi, when I specify this in my ncs 1.4.2 project my device running sdk version 1.3 successfully take the image.

    When I try to OTA the same image to devices already running ncs 1.4.2 it fails at the same spot... My goal is to OTA all the devices to identical images running the same ncs version

  • 0 in reply to ballen7

    Hi,

     

    As mentioned, you need to set this configuration consistently on all projects in order for mcuboot to accept your image.

     

    You can either go at this by using RSA (ie. setting CONFIG_BOOT_SIGNATURE_TYPE_RSA), or you can choose the ECDSA signature type (setting CONFIG_BOOT_SIGNATURE_TYPE_ECDSA_P256).

     

    If you want to use ECDSA signature type, set this in the configuration for your project in ncs v1.3.0, and it will be default-selected for newer versions as its the default selection.

     

    Kind regards,

    Håkon

Reply
  • 0 in reply to ballen7

    Hi,

     

    As mentioned, you need to set this configuration consistently on all projects in order for mcuboot to accept your image.

     

    You can either go at this by using RSA (ie. setting CONFIG_BOOT_SIGNATURE_TYPE_RSA), or you can choose the ECDSA signature type (setting CONFIG_BOOT_SIGNATURE_TYPE_ECDSA_P256).

     

    If you want to use ECDSA signature type, set this in the configuration for your project in ncs v1.3.0, and it will be default-selected for newer versions as its the default selection.

     

    Kind regards,

    Håkon

Children
  • 0 in reply to Håkon Alseth

    Yikes... Well I currently have a large amount of devises deployed with RSA signatures and even more devices deployed with ECDSA signatures. I am guessing what happened was we factory flashed the new sdk right when the default signature was switched.

    I guess going forward I will have to add logic to determine what signature the device takes and it have it OTA the binary with the correct signature.

Related
Terms of service