Secure bootloader chain + two-stage upgradable bootloader MCUBOOT

Hi Siddharth, 

I would suggest to have a look at this case to have an idea of how it should be handled: https://devzone.nordicsemi.com/f/nordic-q-a/67024/nrf9160-questions-related-to-immutable-mcuboot-application/274813#274813

Then you can have a look at this case , our coworker has created a working example: 

https://devzone.nordicsemi.com/f/nordic-q-a/85539/update-mcuboot-with-smp/358748

Hi Hung,

I have tried your coworker example : https://devzone.nordicsemi.com/f/nordic-q-a/85539/update-mcuboot-with-smp/358748

but its not updating MCUBOOT!!

 For, testing I had follow below steps,

I make a change to MCUBoot, for example add a log in $NRF_CONNECT_SDK/bootloader/mcuboot/boot/zephyr/main.c.

Build again, and upload the new image using mcumgr:

mcumgr conn add acm0 type="serial" connstring="dev=/dev/ttyACM0,baud=115200,mtu=512"
mcumgr -c acm0 image list
mcumgr -c acm0 image upload build/zephyr/signed_by_mcuboot_and_b0_s1_image_update.bin
mcumgr -c acm0 image list

Copy the hash of the newly uploaded image, and use it to confirm it, making the new image run at next reboot, such as:

mcumgr -c acm0 image confirm 2348de4f84cb19c1c2721662ad1275da5c21eca749da9b32db20d2c9dffb47c0

Then reboot the Developement Kit. This will load the new MCUBoot image its slot. Reboot the Developement Kit again to load using the new version of MCUBoot.

If I miss any steps let me know please.

I did not Disable the Mass Storage feature on the device. is this required to do that?

Why required Disabling the Mass Storage feature on the device? 

Also I have one questions,

How we can use both stage bootloader as MCUBOOT? as shown in below ,I am talking about second options.

Hi,

I have tried with this example.

In above example, I have added below config in prj.conf for enable net-core

CONFIG_BT=y
CONFIG_BT_DEBUG_LOG=y
CONFIG_BT_PERIPHERAL=y
CONFIG_BT_DEVICE_NAME="BLE_53"
CONFIG_BT_GATT_CLIENT=y
CONFIG_BT_SMP=y
CONFIG_BT_GATT_DM=y
CONFIG_BT_GATT_DM_DATA_PRINT=y
CONFIG_STDOUT_CONSOLE=y
CONFIG_BT_DEVICE_NAME_DYNAMIC=y
CONFIG_BT_DEVICE_NAME_MAX=28

So after that I have send below mcumgr cmd

wait 2 minutes after the upload is done. then after reboot the device but does not go into swap the partition.

Below is screen shot of that

after upload cmd I have send list cmd, here is screen shot of that

after this I have send confirm cmd and reboot the device

bootable flag has been changed but device has not been boot with new image

Hi Sigurd,

Any update on this issue?

Thanks

Hi

I have still not managed to make the nrf5340 multi-core update work for my up-gradable bootloader sample.

You could have a look at the Machine Learning sample for how to do DFU for the network core.

Regards,
Sigurd Hellesvik

Hi ,

I have looked into the Machine Learning sample and I am able to build multi-image build with the following child images : 

• MCUboot bootloader

• Bluetooth HCI RPMsg

  Till, this I have no issue but not find any details for how to do DFU for network core. 

Hi

Here are how I do DFU for the Machine learning sample:

west build -p -b nrf5340dk_nrf5340_cpuapp
west flash --erase

Then I make edits to src/main and zephyr/samples/bluetooth/hci_rpmsg/src/main.c

Reset the nRF5340DK when holding Button1 to enter Serial Recovery Mode.

west build -p -b nrf5340dk_nrf5340_cpuapp
mcumgr conn add acm1 type="serial" connstring="dev=/dev/ttyACM1,baud=115200,mtu=512"
mcumgr -c acm1 image list
mcumgr -c acm1 image upload -n 3 build/zephyr/net_core_app_update.bin
#wait 2 minutes to allow Network Core to copy image.
mcumgr -c acm1 image upload build/zephyr/app_update.bin
nrfjprog --reset

After this, I can see the new prints I added to the files in the terminal.

Is this what you were looking for?

Regards,
Sigurd Hellesvik

Hi

Here are how I do DFU for the Machine learning sample:

west build -p -b nrf5340dk_nrf5340_cpuapp
west flash --erase

Then I make edits to src/main and zephyr/samples/bluetooth/hci_rpmsg/src/main.c

Reset the nRF5340DK when holding Button1 to enter Serial Recovery Mode.

west build -p -b nrf5340dk_nrf5340_cpuapp
mcumgr conn add acm1 type="serial" connstring="dev=/dev/ttyACM1,baud=115200,mtu=512"
mcumgr -c acm1 image list
mcumgr -c acm1 image upload -n 3 build/zephyr/net_core_app_update.bin
#wait 2 minutes to allow Network Core to copy image.
mcumgr -c acm1 image upload build/zephyr/app_update.bin
nrfjprog --reset

After this, I can see the new prints I added to the files in the terminal.

Is this what you were looking for?

Regards,
Sigurd Hellesvik

Hi ,

Yes. This looks working but it is not having support of secure bootloader chain. I would like to add Secure bootloader chain to upgrade MCUBoot in a single application.

In summary, we would like to have a single firmware which can supports,

• Updating of network core (Using net_core_app_update.bin) 
• Updating application core (Using app_update.bin)
• Updating 2nd stage MCUboot bootloader (Using signed_by_mcuboot_and_b0_s1_image_update.bin)

I hope my requirements are clear now.

Please guide/suggest me as our product development is blocked due to this. I hope you understand criticality.

Hi Sigurd,

Have you got chance to look into this?

Please update on this.

Thanks

Hi

The Sample on how to use NSIB(b0) to update MCUBoot feat. SMP Server will likely not work for the nRF5340, as the nRF5340 MCUBoot samples use the external flash to work.

I took the Machine Learning sample and simplified it to an Serial Recovery for the nRF5340 sample.

Now I am trying to merge these samples, to make Upgradable bootloader for the nRF5340.
I am getting build errors, so it is not working yet.

To get an upgradable bootIoader for the nRF5340 working, I suggest that you look at my first two working samples and try to find a way to include both functionalities in the same project.

I will also try to do this, but if we both try, it will likely be solved faster.

Regards,
Sigurd Hellesvik

Hi Sigurd,

While debugging the NCS SDK source code, I found that It has opening wrong flash area slot to update net core image in $(ncs)\v1.8.0\bootloader\mcuboot\boot\bootutil\src\loader.c file. so some modification required for that.

Can you please look into that and confirm this.

Hi

Can you specify how it is wrong?

Regards,
Sigurd Hellesvik