Secure DFU stuck in Bootloader

Question

Hi, 
 I'm using the nRF52840-DK with SDK 17.0.2. I've developed part of my app, and would like to integrate secure OTA reflash for it. I've copied the code at examples/dfu/secure_bootloader into my project, generated keys, and have flashed the bootloader onto the DK. I'm using the S140 SD, and have flashed that, my app, and the bootloader_settings.hex file also onto the DK. I use the Windows version of nRF Connect to flash all of the files. Everything seems to work fine on a "normal" boot. My application runs fine. 
 Then I change the advertising name on my app, build it, build a new bootloader_settings.hex, and build an app_packet. I copy the app_packet to my Android phone, open up nRF Connect, connect to my app, hit the DFU icon, and select the app_packet I just built. I see "Starting DFU...", then "Starting Bootloader...", followed by a brief "Connecting..." message. Then the connection drops. I see the DFU advertising until it times out 3 minutes later, at which time my app starts. 
 I've stepped into the bootloader with Ozone, and see that nrf_bootloader_fw_activate() looks at p_bank->bank_code, which is a 0. This seems to be the problem, but not sure why. 
 I've also repeated this same sequence by powering up with Button4 pressed to enter the bootloader. I get the same results. 
 I've also re-created my private/public keys, but get the same results. 
 My bootloader code is the same as the example, with the exception of changing the advertising name, and enabling NRF_BL_DFU_ENTER_METHOD_BUTTONLESS in sdk_config.h. 
 In my app code, I've added code to support buttonless DFU, although I can bypass all of this by going into the bootloader on power-up with Button4, so I don't think this is the culprit. 
 I created my bootloader_settings.hex file with this command - 
 nrfutil settings generate --family NRF52840 --application obj_app/app.hex --application-version 1 --bootloader-version 1 --bl-settings-version 2 --key-file ../dfu/priv.pem obj_app/bootloader_settings.hex > bootloader_settings.log 
 I created the app_packet with this command - 
 nrfutil pkg generate --hw-version 52 --application-version 1 --application obj_app/app.hex --sd-req 0xCA --key-file ../dfu/priv.pem obj_app/app_package.zip Zip created at obj_app/app_package.zip 
 I made the following changes to my app version of sdk_config.h - 
 
 #define BLE_DFU_ENABLED 1 
 #define NRF_SDH_BLE_VS_UUID_COUNT 2 
 #define NRF_PWR_MGMT_CONFIG_AUTO_SHUTDOWN_RETRY 1 
 #define NRF_SDH_BLE_SERVICE_CHANGED 1 
 
 In serval posts, I saw a recommendation to install and use micro-ecc. I have not done that, as it appears the example bootloader is using cc310_bl. Do I need to use micro-ecc to get this to work? 
 Any thoughts on what I'm doing wrong here? 
 Thanks... 
 
 Brian

Vidar Berg · Accepted Answer

Hi Brian, 
 Thanks for the posting the log. It shows the pre-validation step is failing because Softdevice FWID specified in the DFU init command (--sd-req 0xCA) does not match the FWID of the Softdevice present on your device. 
 I assume you are using v.7.2.0 of the s140 SD as that is the default version used in this SDK release? In that case, you must set the FWID to 0x0100 instead of 0xCA which is the FWID for s140 v.7.0.1. 
 e.g. 
 > nrfutil pkg generate --hw-version 52 --application-version 1 --application obj_app/app.hex --sd-req 0x0100 --key-file ../dfu/priv.pem obj_app/app_package.zip 
 Note: the FWIDs can be found from the Softdevice release notes. 
 
 Best regards, 
 Vidar 
 Edit: Forgot to comment on this: 
 bootloader is using cc310_bl. Do I need to use micro-ecc to get this to work? 
 Any thoughts on what I'm doing wrong here? 
 It's generally best to use the cc310_bl library. It enables HW acceleration for the crypto algorithms used by the bootloader. micro-ecc is only used for the nRF52 variants that don't include the CRYPTOCELL — ARM TrustZone CryptoCell 310 module

Secure DFU stuck in Bootloader

Top Replies