• State Verified Answer
  • Replies 4 replies
  • Subscribers 75 subscribers
  • Views 1460 views
  • Users 0 members are here
Attachments (0)
Nordic Case Info
  • Case ID: 299291
Options

DFU Fails on nRF5280, loop on nRF Connect

Federico

Hi,

I'm developing on the current setup:

  • nRF52833 DK, emulating an nRF52820. 
  • Soft Device 113 version 7.2.0
  • SDK 17.1.0, with updated MDK (see link)
  • IAR EW ARM 9.30

I'm having issues with the DFU on my project. I included the secure bootloader based on example "\examples\dfu\secure_bootloader\pca10100e_s112_ble".  I'm also having a different issue related to the debugger which can be found here, in case they're related.

The linker configuration for the bootloader project is:

/*-Specials-*/
define symbol __ICFEDIT_intvec_start__ = 0x38000;
/*-Memory Regions-*/
define symbol __ICFEDIT_region_ROM_start__   = 0x38000;
define symbol __ICFEDIT_region_ROM_end__     = 0x3dfff;
define symbol __ICFEDIT_region_RAM_start__   = 0x200022c8;
define symbol __ICFEDIT_region_RAM_end__     = 0x20007fff;
export symbol __ICFEDIT_region_RAM_start__;
export symbol __ICFEDIT_region_RAM_end__;
/*-Sizes-*/
define symbol __ICFEDIT_size_cstack__   = 2048;
define symbol __ICFEDIT_size_heap__     = 0;

And the application linker configuration is:

/*-Specials-*/
define symbol __ICFEDIT_intvec_start__ = 0x1C000;

/*-Memory Regions-*/

// FLASH
define symbol __ICFEDIT_region_ROM_start__   = 0x1C000;				
define symbol __ICFEDIT_region_ROM_end__     = 0x37fff;				

// RAM
define symbol __ICFEDIT_region_RAM_start__   = 0x20003DA8;		
define symbol __ICFEDIT_region_RAM_end__     = 0x20007fff;		

export symbol __ICFEDIT_region_RAM_start__;
export symbol __ICFEDIT_region_RAM_end__;
/*-Sizes-*/
define symbol __ICFEDIT_size_cstack__   = 3072;
define symbol __ICFEDIT_size_heap__     = 0;

I generate the dfu settings and package with the following commands (note I'm using everything as if it were the nRF52820, whereas I'm actually flashing on a nRF52833 DK)

nrfutil settings generate --family NRF52QFAB --application app.hex --application-version 0 --bootloader-version 0 --bl-settings-version 2 dfu_settings.hex

nrfutil pkg generate --hw-version 52 --application-version 0 --application app.hex --sd-req 0x0102 --key-file private.key dfu_package.zip

This appears to work fine: the app executes and I can connect and communicate. However, the DFU fails when I run it for some reason, nRF Connect Desktop crashes and the Android version gets stuck in a loop of starting, connecting, etc.

What I can see on the nRF is this:

  • On the event handler passed to "ble_dfu_buttonless_init" I get the BLE_DFU_EVT_BOOTLOADER_ENTER_PREPARE event
  • I get the "In ble_dfu_buttonless_bootloader_start_finalize" log message
  • Then the BLE_DFU_EVT_BOOTLOADER_ENTER event.
  • Then, on the power management handler registered in "NRF_PWR_MGMT_HANDLER_REGISTER( app_shutdown_handler, 0 );" I get the NRF_PWR_MGMT_EVT_PREPARE_DFU event and I return true.
  • After that, what I see on the RTT Viewer is that the App starts again. I don't know to what extent the bootloader is executing, if at all. I tried adding logging to the bootloader but ran out of memory.

The nRF Connect for android (4.26.0) gets stuck in a loop printing the following messages:

  • Starting DFU
  • Starting bootloader
  • Connecting

This is the log output:

nRF Connect, 2022-11-29
REDACTED_DEVICE_NAME (REDACTED_DEVICE_MAC)
V	15:53:02.167	[DFU] DFU service started
V	15:53:02.167	[DFU] Opening file...
I	15:53:02.167	[DFU] Firmware file opened successfully
V	15:53:02.167	[DFU] Connecting to DFU target...
D	15:53:02.167	[DFU] gatt = device.connectGatt(autoConnect = false, TRANSPORT_LE, preferredPhy = LE_1M | LE_2M)
I	15:53:02.183	[DFU] Connected to REDACTED_DEVICE_MAC
V	15:53:02.183	[DFU] Discovering services...
D	15:53:02.183	[DFU] gatt.discoverServices()
I	15:53:02.183	[DFU] Services discovered
D	15:53:02.183	[DFU] wait(1000)
W	15:53:03.188	[DFU] Application with buttonless update found
V	15:53:03.188	[DFU] Jumping to the DFU Bootloader...
V	15:53:03.188	[DFU] Enabling indications for 8ec90003-f315-4f60-9fb8-838830daea50
D	15:53:03.188	[DFU] gatt.setCharacteristicNotification(8ec90003-f315-4f60-9fb8-838830daea50, true)
D	15:53:03.188	[DFU] gatt.writeDescriptor(00002902-0000-1000-8000-00805f9b34fb, value=0x02-00)
I	15:53:03.386	[DFU] Data written to descr.8ec90003-f315-4f60-9fb8-838830daea50, value (0x): 02-00
V	15:53:03.386	[DFU] Notifications enabled for 8ec90003-f315-4f60-9fb8-838830daea50
A	15:53:03.386	[DFU] Indications enabled
D	15:53:03.386	[DFU] wait(1000)
V	15:53:04.383	[DFU] Writing to characteristic 8ec90003-f315-4f60-9fb8-838830daea50
D	15:53:04.384	[DFU] gatt.writeCharacteristic(8ec90003-f315-4f60-9fb8-838830daea50)
I	15:53:04.549	[DFU] Notification received from 8ec90003-f315-4f60-9fb8-838830daea50, value (0x): 20-01-01
A	15:53:04.549	[DFU] Enter bootloader sent (Op Code = 1)
A	15:53:04.549	[DFU] Response received (Op Code = 1, Status = 1)
D	15:53:04.549	[DFU] gatt.refresh() (hidden)
D	15:53:04.564	[DFU] gatt.disconnect()
D	15:53:04.564	[DFU] gatt.close()
V	15:53:04.564	[DFU] Scanning for the DFU Bootloader... (timeout 5000 ms)
I	15:53:05.511	Connection parameters updated (interval: 7.5ms, latency: 0, timeout: 5000ms)
I	15:53:06.432	[DFU] DFU Bootloader found with address REDACTED_DEVICE_MAC
V	15:53:06.449	[DFU] DFU service started
I	15:53:06.449	[DFU] Firmware file opened successfully
D	15:53:06.449	[DFU] wait(1000)
D	15:53:07.451	[DFU] wait(1000)
V	15:53:08.463	[DFU] Connecting to DFU target...
D	15:53:08.463	[DFU] gatt = device.connectGatt(autoConnect = false, TRANSPORT_LE, preferredPhy = LE_1M | LE_2M)
I	15:53:08.463	[DFU] Connected to REDACTED_DEVICE_MAC
V	15:53:08.463	[DFU] Discovering services...
D	15:53:08.463	[DFU] gatt.discoverServices()
D	15:53:10.527	[Callback] Connection state changed with status: 8 and new state: DISCONNECTED (0)
E	15:53:10.527	Error 8 (0x8): GATT CONN TIMEOUT
I	15:53:10.527	Disconnected
E	15:53:10.535	[DFU] Connection failed (0x08): GATT CONN TIMEOUT
W	15:53:10.536	[DFU] Retrying...
D	15:53:10.536	[DFU] gatt.refresh() (hidden)
D	15:53:10.536	[DFU] gatt.disconnect()
D	15:53:10.536	[DFU] gatt.close()
D	15:53:10.559	[Broadcast] Action received: android.bluetooth.device.action.ACL_DISCONNECTED
D	15:53:10.584	[DFU] [Broadcast] Action received: android.bluetooth.device.action.ACL_DISCONNECTED
V	15:53:10.584	[DFU] DFU service started
I	15:53:10.584	[DFU] Firmware file opened successfully
D	15:53:10.584	[DFU] wait(1000)
D	15:53:11.599	[DFU] wait(1000)
V	15:53:12.570	[DFU] Connecting to DFU target...
D	15:53:12.570	[DFU] gatt = device.connectGatt(autoConnect = false, TRANSPORT_LE, preferredPhy = LE_1M | LE_2M)
I	15:53:12.786	[DFU] Connected to REDACTED_DEVICE_MAC
V	15:53:12.786	[DFU] Discovering services...
D	15:53:12.786	[DFU] gatt.discoverServices()
D	15:53:12.786	[Broadcast] Action received: android.bluetooth.device.action.ACL_CONNECTED
D	15:53:12.804	[DFU] [Broadcast] Action received: android.bluetooth.device.action.ACL_CONNECTED
I	15:53:13.619	[DFU] Services discovered
D	15:53:13.620	[DFU] wait(1000)
W	15:53:14.621	[DFU] Application with buttonless update found
V	15:53:14.621	[DFU] Jumping to the DFU Bootloader...
V	15:53:14.621	[DFU] Enabling indications for 8ec90003-f315-4f60-9fb8-838830daea50
D	15:53:14.621	[DFU] gatt.setCharacteristicNotification(8ec90003-f315-4f60-9fb8-838830daea50, true)
D	15:53:14.621	[DFU] gatt.writeDescriptor(00002902-0000-1000-8000-00805f9b34fb, value=0x02-00)
I	15:53:14.705	[DFU] Data written to descr.8ec90003-f315-4f60-9fb8-838830daea50, value (0x): 02-00
V	15:53:14.705	[DFU] Notifications enabled for 8ec90003-f315-4f60-9fb8-838830daea50
A	15:53:14.705	[DFU] Indications enabled
D	15:53:14.705	[DFU] wait(1000)
W	15:53:15.638	[DFU] [Broadcast] Abort action received
W	15:53:15.711	[DFU] Upload aborted
V	15:53:15.711	[DFU] Disconnecting...
D	15:53:15.711	[DFU] gatt.disconnect()
I	15:53:15.711	[DFU] Disconnected
D	15:53:15.711	[DFU] gatt.refresh() (hidden)
D	15:53:15.726	[DFU] gatt.disconnect()
D	15:53:15.726	[DFU] gatt.close()
D	15:53:15.726	[DFU] wait(600)
D	15:53:16.339	gatt.close()
D	15:53:16.341	wait(200)
V	15:53:16.543	Connecting to REDACTED_DEVICE_MAC...
D	15:53:16.543	gatt = device.connectGatt(autoConnect = false, TRANSPORT_LE, preferred PHY = LE 1M)
D	15:53:16.552	[Callback] Connection state changed with status: 0 and new state: CONNECTED (2)
I	15:53:16.552	Connected to REDACTED_DEVICE_MAC
V	15:53:16.553	Requesting new MTU...
D	15:53:16.553	gatt.requestMtu(517)
D	15:53:16.555	[Callback] Connection state changed with status: 0 and new state: CONNECTED (2)
I	15:53:17.002	Connection parameters updated (interval: 7.5ms, latency: 0, timeout: 5000ms)
I	15:53:17.204	MTU changed to: 247
V	15:53:17.221	Discovering services...
D	15:53:17.221	gatt.discoverServices()
D	15:53:17.228	[Callback] Services discovered with status: 0
I	15:53:17.228	Services discovered
V	15:53:17.248	Generic Access (0x1800)
- Device Name [R] (0x2A00)
- Appearance [R] (0x2A01)
- Peripheral Preferred Connection Parameters [R] (0x2A04)
- Central Address Resolution [R] (0x2AA6)
Generic Attribute (0x1801)
Unknown Service (REDACTED)
- Unknown Characteristic [W] (REDACTED)
- Unknown Characteristic [N] (REDACTED)
   Client Characteristic Configuration (0x2902)
Secure DFU Service (0xFE59)
- Buttonless DFU [I W] (8ec90003-f315-4f60-9fb8-838830daea50)
   Client Characteristic Configuration (0x2902)
D	15:53:17.248	gatt.setCharacteristicNotification(REDACTED, true)
I	15:53:17.264	Connection parameters updated (interval: 45.0ms, latency: 0, timeout: 5000ms)
I	15:53:18.967	Connection parameters updated (interval: 97.5ms, latency: 0, timeout: 4000ms)

 

The nRF Connect for desktop induces the same behavior on the nRF chip, however the app hangs and outputs this message:

Cannot read property 'search' of undefined
TypeError: Cannot read property 'search' of undefined
    at C:\Users\redacted\AppData\Local\Programs\nrfconnect-bluetooth-low-energy\resources\app.asar\resources\bundle\bundle.js:665:9661
    at I.next (C:\Users\redacted\AppData\Local\Programs\nrfconnect-bluetooth-low-energy\resources\app.asar\resources\bundle\bundle.js:13:34018)
    at I.next (C:\Users\redacted\AppData\Local\Programs\nrfconnect-bluetooth-low-energy\resources\app.asar\resources\bundle\bundle.js:13:32965)
    at v (file:///C:/Users/redacted/AppData/Local/Programs/nrfconnect-bluetooth-low-energy/resources/app.asar/dist/app-bundle.js:48:54695)
    at file:///C:/Users/redacted/AppData/Local/Programs/nrfconnect-bluetooth-low-energy/resources/app.asar/dist/app-bundle.js:48:56346
    at Ma (file:///C:/Users/redacted/AppData/Local/Programs/nrfconnect-bluetooth-low-energy/resources/app.asar/dist/app-bundle.js:48:65805)
    at vs (file:///C:/Users/redacted/AppData/Local/Programs/nrfconnect-bluetooth-low-energy/resources/app.asar/dist/app-bundle.js:48:106176)
    at ul (file:///C:/Users/redacted/AppData/Local/Programs/nrfconnect-bluetooth-low-energy/resources/app.asar/dist/app-bundle.js:48:96717)
    at sl (file:///C:/Users/redacted/AppData/Local/Programs/nrfconnect-bluetooth-low-energy/resources/app.asar/dist/app-bundle.js:48:96642)
    at Qs (file:///C:/Users/redacted/AppData/Local/Programs/nrfconnect-bluetooth-low-energy/resources/app.asar/dist/app-bundle.js:48:93672)

It looks like either the bootloader is not executing at all or it's encountering an error and going back to the application. What could be the issue here?

Thanks for the help!

Thank you!

Parents
  • 0

    Hi Federico, 


    It seems that the application managed to jump to the bootloader but then the bootloader rejected the DFU image: 

    We need to check why it doesn't want to do DFU update. 

    My suggestion to test is not to start with the buttonless example. 
    Please try the following: 

    1. Flash only softdevice + bootloader. Try to do DFU update a ble_app_hrs for example. 

    2. Flash softdevice + bootloader + ble_app_hrs + bootloader setting. Create a new image of ble_app_hrs and create a new DFU .zip file with incremented firmware version. Try to do DFU to update to this new ble_app_hrs via FOTA. You can enter DFU mode by holding a button when reset. 

    3. Flash softdevice + bootloader + buttonless application + bootloader setting. Create a new image of buttonless application with new firmware version and create a .zip file. Do DFU update. 

Reply
  • 0

    Hi Federico, 


    It seems that the application managed to jump to the bootloader but then the bootloader rejected the DFU image: 

    We need to check why it doesn't want to do DFU update. 

    My suggestion to test is not to start with the buttonless example. 
    Please try the following: 

    1. Flash only softdevice + bootloader. Try to do DFU update a ble_app_hrs for example. 

    2. Flash softdevice + bootloader + ble_app_hrs + bootloader setting. Create a new image of ble_app_hrs and create a new DFU .zip file with incremented firmware version. Try to do DFU to update to this new ble_app_hrs via FOTA. You can enter DFU mode by holding a button when reset. 

    3. Flash softdevice + bootloader + buttonless application + bootloader setting. Create a new image of buttonless application with new firmware version and create a .zip file. Do DFU update. 

Children
  • 0 in reply to Hung Bui

    Hi Hung, thanks for answering both questions. Let's try to solve this one first.

    I tried what you said in step 1: "Flash only softdevice + bootloader. Try to do DFU update a ble_app_hrs for example".

    I did this with "ble_app_uart_pca10100_s112" instead of ble_app_hrs because it supports PCA10100e. For the bootloader image, I compiled the secure_bootloader example "secure_bootloader_ble_s112_pca10100e". This worked without issue. I flashed it, saw the device as DFUTarg, ran the DFU and ended up with a device "Nordic UART". So that worked.

    I then tried to do the same thing with my bootloader hex file but it didn't work. I can't see the device as DFUTarg. This is very interesting, because my bootloader code basically has zero differences from the  example "secure_bootloader_ble_s112_pca10100e". The two differences that I can see are: the public key and the soft device. I changed the softdevice to 113 instead of 112 to have DLE. The way I did this was to change the includes in the preprocessor from 112 to 113, change the define from S112 to S113 and swap the soft device binary. Is this correct? Or did I miss something? Could this be the issue?

    EDIT: I went back to SoftDevice 112 on my bootloader code and now I can see it as DFUTarg, so this seems like the obvious reason, I must've forgotten something when changing the soft devices. What do I need to do to change the "secure_bootloader_ble_s112_pca10100e" example to be able to run with S113? Keep in mind I'm using the 52833DK emulating a 52820.

    Thanks!

  • 0 in reply to Federico

    Hi Federico, 
    I don't  see any reason it shouldn't work. Have you tried to do the change with a normal application (not bootloader) and check if it works ? (only softdevice + bootloader) 
    You may want to try testing with the bootloader debug version and step into the code to see what caused the issue. 

    Please make sure you make an full chip erase before testing there is a chance that there was something in the UICR that has not been erased from the previous bootloader. 

  • +1 in reply to Hung Bui

    Hi Hung,

    Found it. It was the bootloader linker file, there was not enough RAM allocated for the SoftDevice. Since I migrated the project from a S112 example, the linker was set for that amount of RAM:

    define symbol __ICFEDIT_region_RAM_start__   = 0x200022c8;

    After migrating to S113, it appears that amount of RAM is not enough. So I changed it to what the secure_bootloader example has for this SoftDevice (which is exactly what nrf_sdh_ble_enable returns). Now DFU is successful. As the bootloader project doesn't have a log, I didn't see the error as you'd see in app when starting the SoftDevice fails.

    The new config is:

    define symbol __ICFEDIT_region_RAM_start__   = 0x20002608; /* This is taken from calling nrf_sdh_ble_enable(), calculated at runtime by the SoftDevice. */

    Thank you!

Related
Terms of service