NRF5340 simultaneous multi-image FOTA DFU: works with initial firmware update, but can't upload any revised new version

I'm trying to use simultaneous FOTA update of both cores with NRF5340DK, and there is a strange behavior with any update with modification - the uploading from mobile app just doesn't start. My setup:

1) NRF5340DK

2) mobile phone with Android NRF connect app for updating via Bluetooth

3) sample project https://github.com/hellesvik-nordic/samples_for_nrf_connect_sdk/tree/main/bootloader_samples/nrf5340/mcuboot_smp_ble_simultaneous  compiled with NRF Connect SDK 2.1.2

After firmware initial flashing with "west flash --force --erase" the firmware works as expected. I'm able to make DFU via Bluetooth with dfu_application.zip from build/zephyr folder - and I can do it multiple times without problems.

But if I change something in firmware (for example a log message), compile a new build and try to make DFU with this the new dfu_application.zip - uploading doesn't start. The NRF Connect Android app immediately disconnects after "Starting DFU". 

What I'm doing wrong? How to make DFU with a modified firmware, and why it works only with initial firmware

Parents
  • I believe I found why this issue happens.

    After many trials I took another NRF5340DK (fortunately I have two), flashed it with the same firmware - and updating works as it should be. Initially I decided that my first DK is broken, but it's not...

    This sample uses external qspi flash for storing update images... I did full qspi erase with

    nrfjprog --qspieraseall

    And now updating of my first DK also works as expected.

    I believe at one moment the external qspi flash was written with wrong data (I tested interruption of the updating process with power off). After that the upgrading functionality became broken

    This leads me to a question: is it possible to handle such situation in any way? Maybe we should make full erase of an external flash before each DFU procedure? Or maybe it's possible to erase qspi with some MCUMGR command?

  • Hi, 

    Apologies for the very late response. I have been out of office due to circumstances I did not plan for when I picked up your case, and I will be until Friday this week.

    A quick (and temporary) answer to your question: I believe there should be a config or something similar that will allow you to erase what is on the external flash before doing the DFU, and my best guess (with the resources I have at hand at this given point in time) is that you will have to erase what is on the flash before doing the DFU. Before I can verify this 100% I need to consult with some of my colleagues, and I will do my best to get a reply that answers and verifies your findings regarding your issue on Friday, no later than Monday. 

    I hope that this prolonged response time has not caused too many issues for you,

    Kind regards,
    Andreas

  • Hi, 

    We've spent some time trying to reproduce the issue you're describing, to isolate if there is a bug in the sample or in the SDK, without any luck. I've tried with several boards and versions of NCS and every combination seems to work out of the box when following the guide. I know you've stated that you've only added some logging functionality, but could you state all the changes you've done so I can exclude if those changes are the issue?

    Is the issue present if you try to do DFU without the external flash?

    This is the result whenever I follow the steps in the guide: 
    1) The initial build that is flashed,
    In between 1-2: Make changes to main.c, build and upload the zip to your mobile device, and perform DFU with nRF Connect for Mobile
    2) nrfjprog --reset to restart the device
    3) Observe the new output

    After firmware initial flashing with "west flash --force --erase" the firmware works as expected. I'm able to make DFU via Bluetooth with dfu_application.zip from build/zephyr folder - and I can do it multiple times without problems.

    Do you generate a new build with changes in between the initial flash + erase and before you perform DFU with the application zip? If this is not the case, and the firmware is the same in the update zip as in the firmware on the device, then the reason it is working is because the hash of the firmware image is identical in those two images, and mcuboot detects this and skips the update since the hashes are identical.


    Sergey said:

    After many trials I took another NRF5340DK (fortunately I have two), flashed it with the same firmware - and updating works as it should be. Initially I decided that my first DK is broken, but it's not...

    Could you check which revisions the DKs are? It should be written on a sticker on the device (for instance 0.11.0). 

    Kind regards,
    Andreas

  • Hi Andreas,

    sorry for late reply - I'm in Ukraine, and it's complicated to work these days (with electricity for 4-16 hours per a day)

    Is the issue present if you try to do DFU without the external flash?

    My main goal is to achieve DFU with encrypted app image (I described it here devzone.nordicsemi.com/.../how-to-encrypt-fw-for-mcuboot-image-update ) - now it's the second attempt :-) I wish I could do it early, but...

    It seems encrypted update works only when simultaneous net core/app core DFU is enabled. Thus if to do it without external FLASH, I have to create many partitions in main flash memory, what dramatically reduces available memory for the app image. Thus for me it's not the case, I haven't tried simultaneous update without external flash

    Anyway, this issue was detected without any encryption, I used the example from github without modifications. Maybe some data in external flash from previous experiments has impact?

    Do you generate a new build with changes in between the initial flash + erase and before you perform DFU with the application zip? If this is not the case, and the firmware is the same in the update zip as in the firmware on the device, then the reason it is working

    I tried both cases. If I try to update with initial firmware (i.e. zip as in the firmware on the device) - at least OTA process is starting and works, the firmware is being uploaded from mobile device to the DK, regardless the next MCUBOOT steps. In any words - I can upload the firmware

    The main problem was - if I generate a new build with any changes (logs, or just change version number in config), I see "Starting DFU" on the mobile device screen, and then it immediately disconnects. I.e. firmware uploading even doesn't start. I would say that it's a bug in mobile app, but why it works after full erase of SPI FLASH?

    Could you check which revisions the DKs are? It should be written on a sticker on the device (for instance 0.11.0).

    My first DK is 0.11.0. The second is 1.0.0

  • Hi,

    Sergey said:
    sorry for late reply - I'm in Ukraine, and it's complicated to work these days (with electricity for 4-16 hours per a day)

    No worries about the reply time, and your situation is very understandable. I'm here to give technical support whenever a reply/question comes in as long as the issue is unresolved.

    Thank you for supplying this information as well. I will consult with Einar (who supported you in the ticket you created) and Sigurd (who has created the 5340DFU sample you've based your application on) and see if we can find a solution.

    Sergey said:
    Is the issue present if you try to do DFU without the external flash?

    It looks like I had misunderstood the sample you were testing from Sigurd, as the simultanous dfu sample for the 5340 is indeed using external flash, so there is no need to verify if the issue is present without external flash.

    Sergey said:
    Anyway, this issue was detected without any encryption, I used the example from github without modifications. Maybe some data in external flash from previous experiments has impact?

    I will do an experiment to see if I can recreate the issue by adding something to the EF and attempting DFU without clearing the contents. This is just speculation, but there might be something protected on the location where the update image is supposed to go that causes the issue or that mcuboot that initializes the DFU procedure are looking at the wrong address relative to where the image is.

    I'll get back to with some results as soon as I get them (hopefully by tomorrow)

    Kind regards,
    Andreas

  • Hi, 


    Apologies for the delay

    Sergey said:
    My main goal is to achieve DFU with encrypted app image (I described it here devzone.nordicsemi.com/.../how-to-encrypt-fw-for-mcuboot-image-update ) - now it's the second attempt :-) I wish I could do it early, but...

    I'm sure you've been told this already, but AFAIK encrypted DFU is not supported by us, but it is not impossible to do. I will see if I can manage to find enough resources to achieve this, but before we do so I want you to verify/test the following so we're aligned in our processes:

    Sergey said:
    The main problem was - if I generate a new build with any changes (logs, or just change version number in config), I see "Starting DFU" on the mobile device screen, and then it immediately disconnects. I.e. firmware uploading even doesn't start. I would say that it's a bug in mobile app, but why it works after full erase of SPI FLASH?

    I've still not been able to recreate not able to see recreate the DFU issue by adding logging, or other simple things to the application in between DFU. Below follows a sample of the procedure I've done. I assume this is what you've already done, but I'm adding it so we're following the same procedure. I've been using a nRF5340DK, v.0.11.0. 

    In case there is a mobile difference, could you state which phone you've used to test the sample?

    • Build and flash the sample without modifications
    • Do modifications by adding logging to the bootloader:
    • In proj.conf add:

     

    CONFIG_LOG=y
    CONFIG_MCUBOOT_BOOTUTIL_LIB=y
    CONFIG_MCUBOOT_UTIL_LOG_LEVEL_INF=y

    • In bootloader\mcuboot\boot\bootutil\src\bootutil_public.c add some info logs to various functions such as illustrated below to see if the changes has been done 
    • Build the new build without flashing and add dfu_application.zip to your phone
    • Connect the device to your phone through the nRF Connect application and press DFU. Select the newly added DFU app and press "Confirm Only"

    The following output can then be observed:

    1. DFU being done
    2. Output after writing "nrfjrpog --reset" in a terminal
    3. The new build is running


    Then I added logging to the application and did DFU in sequence:

    • Add the following to proj.conf

    #Logging for app
    CONFIG_LOG=y
    CONFIG_USE_SEGGER_RTT=n
    CONFIG_LOG_BACKEND_UART=y
    CONFIG_LOG_DEFAULT_LEVEL=3
    

    • Add the following to main.c:

    #include <logging/log.h>
    
    #define LOG_MODULE_NAME main
    LOG_MODULE_REGISTER(LOG_MODULE_NAME);
    
    void main(void)
    {
        LOG_INF("Inside main(), added log_inf statement \n ");
        img_mgmt_register_group();
        start_smp_bluetooth();
    	printk("Build with logs added to main.c and mcuboot, build_4  \n");
    }

    Then build without flashing once more, and upload now the new dfu_application.zip to your phone and repeat the dfu procedure

    1. Starting from the boot of the application
    2. Output from DFU
    3. Output after nrfjprog --reset
    4. New output from application


    I observe the same results with and without erasing the device.

    Do you manage to do simultaneous DFU (without erasing) this way?

    Kind regards,
    Andreas

  • Hello

    I am running the same sample and I tried to follow the steps described above. When I do so, I get the following output. Note that the current firmware will include "Moo" in the printk in main.c, and my new firmware I am trying to update should be saying "Quack". As you can see the update does not take.

    This is a screenshot of 2 attempts to apply dfu_application.zip. I can add that the qspi --erase will allow the DFU to work appropriately. I am anxious to get simultaneous DFU Updates working soon.

    One question I have is why couldn't we include some code to erase the flash sectors on reset? If this seems to work from the command line, can we have the board erase the flash sector on reset so that after a DFU package gets applied, it then also gets erased so that it is prepared for the next update?

Reply
  • Hello

    I am running the same sample and I tried to follow the steps described above. When I do so, I get the following output. Note that the current firmware will include "Moo" in the printk in main.c, and my new firmware I am trying to update should be saying "Quack". As you can see the update does not take.

    This is a screenshot of 2 attempts to apply dfu_application.zip. I can add that the qspi --erase will allow the DFU to work appropriately. I am anxious to get simultaneous DFU Updates working soon.

    One question I have is why couldn't we include some code to erase the flash sectors on reset? If this seems to work from the command line, can we have the board erase the flash sector on reset so that after a DFU package gets applied, it then also gets erased so that it is prepared for the next update?

Children
  • Hi,

       and  , which phones and what Android OS are you running? My colleague who wrote the sample are seeing the same issue that Sergey described with a  Google Pixel 4 where the DFU process does not start in the app. I am not seeing the issue, even when attempting DFU with the exact same build that fails for my colleague with a Samsung Galaxy S8+. For me the progress bar shows up as expected and I can run his version of the sample after updating.

    I don't think this should be an issue that is mobile specific, but it might be, so if you could state which phones you're using then we can cross examine if there is a phone-related bug in the app.

    Robert de Brum said:
    One question I have is why couldn't we include some code to erase the flash sectors on reset? If this seems to work from the command line, can we have the board erase the flash sector on reset so that after a DFU package gets applied, it then also gets erased so that it is prepared for the next update?

    As for this, the short answer is yes. The longer answer is that the entire point of having dual bank DFU is that the device should revert back to the previous firmware if anything faults during DFU or if the image can not be authenticated. If you do a full-erase before uploading the new firmware, there are no old firmware to revert back to in case either of the mentioned scenarios occur.

    Kind regards,
    Andreas

  • Hi all,

    I use Xiaomi Mi9T MIUI 12.1.4 (Android  11). I also have Iphone 6s, but as I wrote, there is a restiction of BLE throughput from iOS, which leads to another error. I guess I could figure out how to fix it, but I can't work again these days :-(

  • I am testing this on a Google Pixel 4 as well as a 2019 iPad - not the pro version.

    Thanks for the input. If it could be device specific, have there been any known fixes for this?

  • Robert de Brum said:
    Thanks for the input. If it could be device specific, have there been any known fixes for this?

    I am working on getting a larger sample size than us 3 to see if it is device specific. If it indicates that it is so, then I'll investigate it closer and examine if there are any possible fixes.

    Kind regards,
    Andreas

  • Hi,

    I've been out of office due to the christmas holidays here in Norway, but in the meanwhile I've had some colleagues of mine perform some tests and see if they could reproduce the errors on their end. Unfortunately it all seemed to succeed on their ends. 

    Could you attempt to do the following:

    1. Build and flash a clean version of https://github.com/hellesvik-nordic/samples_for_nrf_connect_sdk/tree/main/bootloader_samples/nrf5340/mcuboot_smp_ble_simultaneous
      1. If you have modified the SDK at any point, please try with a clean version of NCS.
    2. Perform DFU with the pre-built zips found in the folder "dfu_zips" in https://github.com/aHaugl/NCS_Simult_DFU_test in sequence or try to follow the steps in the repository yourselves

    If you still observe the same issues, please state so here and I'll follow up on them.

    Kind regards,
    Andreas

Related