Secure bootloader chain + two-stage upgradable bootloader MCUBOOT

I am working with nRF connect SDK with nRF5340DK. I am compiling code using nRF connect (ncs-1.8.0) for VS code with nrf5340dk_nrf5340_cpuapp board.

prj.conf as below,

CONFIG_BOOTLOADER_MCUBOOT=y

CONFIG_MCUMGR=y

CONFIG_SECURE_BOOT=y

Using this I can enabling two-stage bootloader, here are the log,

*** Booting Zephyr OS build v2.7.0-ncs1 ***

Attempting to boot slot 0.

Attempting to boot from address 0x8200.

Verifying signature against key 0.

Hash: 0x12...93

Firmware signature verified.

Firmware version 1

Booting (0x8200).

*** Booting Zephyr OS build v2.7.0-ncs1 ***

I: Starting bootloader
I: Primary image: magic=good, swap_type=0x3, copy_done=0x1, image_ok=0x1
I: Secondary image: magic=unset, swap_type=0x1, copy_done=0x3, image_ok=0x3
I: Boot source: none
I: Swap type: none
I: Primary image: magic=unset, swap_type=0x1, copy_done=0x3, image_ok=0x3
I: Secondary image: magic=unset, swap_type=0x1, copy_done=0x3, image_ok=0x3
I: Boot source: none
I: Bootloader chainload address offset: 0x28000
I: Jumping to the first image slot
*** Booting Zephyr OS build v2.7.0-ncs1 ***

I can firmware upgrade over-the-air (FOTA) for application using app_update.bin file.

Question:

1) How can I upgrade the second stage bootloader(MCUBoot bootloader)?

2) Which bin file to upload for upgrade the second stage bootloader?

Top Replies

Parents

0 Hung Bui over 3 years ago

Hi Siddharth,

I would suggest to have a look at this case to have an idea of how it should be handled: https://devzone.nordicsemi.com/f/nordic-q-a/67024/nrf9160-questions-related-to-immutable-mcuboot-application/274813#274813

Then you can have a look at this case , our coworker has created a working example:

https://devzone.nordicsemi.com/f/nordic-q-a/85539/update-mcuboot-with-smp/358748

0 Siddharth Kachhia over 3 years ago in reply to Hung Bui

Hi Hung,

I have tried your coworker example : https://devzone.nordicsemi.com/f/nordic-q-a/85539/update-mcuboot-with-smp/358748

but its not updating MCUBOOT!!

For, testing I had follow below steps,

I make a change to MCUBoot, for example add a log in $NRF_CONNECT_SDK/bootloader/mcuboot/boot/zephyr/main.c.

Build again, and upload the new image using mcumgr:

mcumgr conn add acm0 type="serial" connstring="dev=/dev/ttyACM0,baud=115200,mtu=512"
mcumgr -c acm0 image list
mcumgr -c acm0 image upload build/zephyr/signed_by_mcuboot_and_b0_s1_image_update.bin
mcumgr -c acm0 image list

Copy the hash of the newly uploaded image, and use it to confirm it, making the new image run at next reboot, such as:

mcumgr -c acm0 image confirm 2348de4f84cb19c1c2721662ad1275da5c21eca749da9b32db20d2c9dffb47c0

Then reboot the Developement Kit. This will load the new MCUBoot image its slot. Reboot the Developement Kit again to load using the new version of MCUBoot.

If I miss any steps let me know please.

I did not Disable the Mass Storage feature on the device. is this required to do that?

Why required Disabling the Mass Storage feature on the device?

Also I have one questions,

How we can use both stage bootloader as MCUBOOT? as shown in below ,I am talking about second options.

Bootloader	Can be first-stage	Can be second-stage	Key type support	Public key revocation	SMP updates	Downgrade protection	Versioning	Update methods (supported by nRF Connect SDK)
nRF Secure Immutable Bootloader	Yes	No	See list	Yes	No	Yes	Monotonic (HW)	Dual slot execute in place (XIP)
MCUboot	Yes	Yes	See imgtool	No	Yes	Yes	Semantic (SW)	Image swap - single primary

0 Siddharth Kachhia over 3 years ago in reply to Sigurd Hellesvik

Hi,

I have tried with this example.

In above example, I have added below config in prj.conf for enable net-core

CONFIG_BT=y
CONFIG_BT_DEBUG_LOG=y
CONFIG_BT_PERIPHERAL=y
CONFIG_BT_DEVICE_NAME="BLE_53"
CONFIG_BT_GATT_CLIENT=y
CONFIG_BT_SMP=y
CONFIG_BT_GATT_DM=y
CONFIG_BT_GATT_DM_DATA_PRINT=y
CONFIG_STDOUT_CONSOLE=y
CONFIG_BT_DEVICE_NAME_DYNAMIC=y
CONFIG_BT_DEVICE_NAME_MAX=28

So after that I have send below mcumgr cmd

wait 2 minutes after the upload is done. then after reboot the device but does not go into swap the partition.

Below is screen shot of that

after upload cmd I have send list cmd, here is screen shot of that

after this I have send confirm cmd and reboot the device

bootable flag has been changed but device has not been boot with new image
0 Siddharth Kachhia over 3 years ago in reply to Siddharth Kachhia

Hi Sigurd,

Any update on this issue?

Thanks
0 Sigurd Hellesvik over 3 years ago in reply to Siddharth Kachhia

Hi

I have still not managed to make the nrf5340 multi-core update work for my up-gradable bootloader sample.

You could have a look at the Machine Learning sample for how to do DFU for the network core.

Regards,
Sigurd Hellesvik
0 Siddharth Kachhia over 3 years ago in reply to Sigurd Hellesvik
Hi ,

I have looked into the Machine Learning sample and I am able to build multi-image build with the following child images :

MCUboot bootloader

Bluetooth HCI RPMsg
Till, this I have no issue but not find any details for how to do DFU for network core.

0 Sigurd Hellesvik over 3 years ago in reply to Siddharth Kachhia

Here are how I do DFU for the Machine learning sample:

west build -p -b nrf5340dk_nrf5340_cpuapp
west flash --erase

Then I make edits to src/main and zephyr/samples/bluetooth/hci_rpmsg/src/main.c

Reset the nRF5340DK when holding Button1 to enter Serial Recovery Mode.

west build -p -b nrf5340dk_nrf5340_cpuapp
mcumgr conn add acm1 type="serial" connstring="dev=/dev/ttyACM1,baud=115200,mtu=512"
mcumgr -c acm1 image list
mcumgr -c acm1 image upload -n 3 build/zephyr/net_core_app_update.bin
#wait 2 minutes to allow Network Core to copy image.
mcumgr -c acm1 image upload build/zephyr/app_update.bin
nrfjprog --reset

After this, I can see the new prints I added to the files in the terminal.

Is this what you were looking for?

Regards,
Sigurd Hellesvik

Reply