• State Not Answered
  • Replies 13 replies
  • Subscribers 76 subscribers
  • Views 3263 views
  • Users 0 members are here
Attachments (1) Download All
Nordic Case Info
  • Case ID: 291902
Options

nRF Connect SDK DFU

lCannon

After reviewing the add DFU support to your application guide

 Add DFU support to your application 

i have several questions:

1)What modifications are required for the nRF5340 with an app core and net core?  This example shows using Device Manager to upload a .bin file but that is only one of the app core or net core, not both.  Can Device Manager accept a the generated .zip with the manifest to update both at once?  Could a similar guide be generated for updating both the app and net cores at the same time?  When trying to upload the zip of both, Device Manager shows the hash of both bin files, but when started with confirm only, the state shows VALIDATING… for a while then “Sending the request timed out.”  When using the advanced page, I can manually select the app core and download the bin for it – not the zip.

2)In Device Manger, the read, test, confirm, and erase options do not work.  How can they be activated?

3)The guide said that Device Manager will reset the device after the transfer but watching the debug output on the device, this is not the case.  I need to manually press the advanced button to get the reset command to show then issue it.  Is this correct?

4)I have read about encryption and updating keys but in other places it appears it is not supported to encrypt an image:

 Please add/enable support for encrypted images with MCUBOOT 

Is it correct to say signing is supported but encryption is not?  Is there a step by step guide to generate new encryption keys (or signing keys) and update the MCUboot and app for both the app core and net core?

5)If singing is working correctly, is it still possible for a user to upload an image that is not correctly signed, but that the MCUboot will just not swap to it?

Thank you

Parents
  • 0
    1)What modifications are required for the nRF5340 with an app core and net core?  This example shows using Device Manager to upload a .bin file but that is only one of the app core or net core, not both.  Can Device Manager accept a the generated .zip with the manifest to update both at once?  Could a similar guide be generated for updating both the app and net cores at the same time?  When trying to upload the zip of both, Device Manager shows the hash of both bin files, but when started with confirm only, the state shows VALIDATING… for a while then “Sending the request timed out.”  When using the advanced page, I can manually select the app core and download the bin for it – not the zip.

    I created a sample here that updates the netcore and appcore. The readme contains instructions how to perform the updates.

    Btw, the patch I refer to in the readme is applied to NCS v2.0.0.

    It is not possible to update both cores simultaneously using this sample, you have to do it one at the time.

    If you want to update both cores simultaneously, you could take a look at the machine learning sample and copy the approach there. It supports multi-image update. Take a look at this page as well: https://developer.nordicsemi.com/nRF_Connect_SDK/doc/2.0.0/nrf/ug_nrf5340.html#simultaneous-multi-image-dfu 

    2)In Device Manger, the read, test, confirm, and erase options do not work.  How can they be activated?

    What do you mean by this?

    Does this window not show up when clicking on "Start"?

    Do you mean that these are greyed out (you can see this view by clicking on "ADVANCED" in the top right corner)?

    You need to click on "READ" for "TEST", "CONFIRM" and "ERASE" to be clickable.

    Or do you mean that these options are visible, but it fails/nothing happens when you click on them?

    3)The guide said that Device Manager will reset the device after the transfer but watching the debug output on the device, this is not the case.  I need to manually press the advanced button to get the reset command to show then issue it.  Is this correct?

    I was not able to reproduce this. I modified the peripheral_lbs sample and followed the steps in the guide using NCS v2.0.0 and the nrf5340dk_nrf5340_cpuapp, and the device reset after the transfer completed:

    I noticed that I had to do a pristine build, in order for the build time print to be different. If this printk is the same, the image will be the same and the hash will be the same, and the update won't even start.

    Here is the sample I used

    7271.peripheral_lbs_dfu.zip

    4)I have read about encryption and updating keys but in other places it appears it is not supported to encrypt an image:
    Is it correct to say signing is supported but encryption is not?  Is there a step by step guide to generate new encryption keys (or signing keys) and update the MCUboot and app for both the app core and net core?

    That is correct. It should be possible to encrypt the images, but we do not have any guides or sample that does this unfortunately. This is reported internally. I will keep you updated on the progress.

    The resources I know of, are listed in the ticket you referred to:  Please add/enable support for encrypted images with MCUBOOT 

    5)If singing is working correctly, is it still possible for a user to upload an image that is not correctly signed, but that the MCUboot will just not swa

    Yes, that is my understanding. The image is validated by mcuboot, so it has to be transferred to the secondary slot first. MCUmgr does not do any checks, it just transfers the image + some more commands like resetting, confirming etc..

    Best regards,

    Simon

Reply
  • 0
    1)What modifications are required for the nRF5340 with an app core and net core?  This example shows using Device Manager to upload a .bin file but that is only one of the app core or net core, not both.  Can Device Manager accept a the generated .zip with the manifest to update both at once?  Could a similar guide be generated for updating both the app and net cores at the same time?  When trying to upload the zip of both, Device Manager shows the hash of both bin files, but when started with confirm only, the state shows VALIDATING… for a while then “Sending the request timed out.”  When using the advanced page, I can manually select the app core and download the bin for it – not the zip.

    I created a sample here that updates the netcore and appcore. The readme contains instructions how to perform the updates.

    Btw, the patch I refer to in the readme is applied to NCS v2.0.0.

    It is not possible to update both cores simultaneously using this sample, you have to do it one at the time.

    If you want to update both cores simultaneously, you could take a look at the machine learning sample and copy the approach there. It supports multi-image update. Take a look at this page as well: https://developer.nordicsemi.com/nRF_Connect_SDK/doc/2.0.0/nrf/ug_nrf5340.html#simultaneous-multi-image-dfu 

    2)In Device Manger, the read, test, confirm, and erase options do not work.  How can they be activated?

    What do you mean by this?

    Does this window not show up when clicking on "Start"?

    Do you mean that these are greyed out (you can see this view by clicking on "ADVANCED" in the top right corner)?

    You need to click on "READ" for "TEST", "CONFIRM" and "ERASE" to be clickable.

    Or do you mean that these options are visible, but it fails/nothing happens when you click on them?

    3)The guide said that Device Manager will reset the device after the transfer but watching the debug output on the device, this is not the case.  I need to manually press the advanced button to get the reset command to show then issue it.  Is this correct?

    I was not able to reproduce this. I modified the peripheral_lbs sample and followed the steps in the guide using NCS v2.0.0 and the nrf5340dk_nrf5340_cpuapp, and the device reset after the transfer completed:

    I noticed that I had to do a pristine build, in order for the build time print to be different. If this printk is the same, the image will be the same and the hash will be the same, and the update won't even start.

    Here is the sample I used

    7271.peripheral_lbs_dfu.zip

    4)I have read about encryption and updating keys but in other places it appears it is not supported to encrypt an image:
    Is it correct to say signing is supported but encryption is not?  Is there a step by step guide to generate new encryption keys (or signing keys) and update the MCUboot and app for both the app core and net core?

    That is correct. It should be possible to encrypt the images, but we do not have any guides or sample that does this unfortunately. This is reported internally. I will keep you updated on the progress.

    The resources I know of, are listed in the ticket you referred to:  Please add/enable support for encrypted images with MCUBOOT 

    5)If singing is working correctly, is it still possible for a user to upload an image that is not correctly signed, but that the MCUboot will just not swa

    Yes, that is my understanding. The image is validated by mcuboot, so it has to be transferred to the secondary slot first. MCUmgr does not do any checks, it just transfers the image + some more commands like resetting, confirming etc..

    Best regards,

    Simon

Children
No Data
Related
Terms of service