Question about Over the Air update in NCS_V2

Does the NCS V2 .x support OTA updates ? I used OTA update with encryption in older SDK and i was looking to migrate that to the new SDK. Is there some example or  guide to how to do the exact same implementation in NCS ? I know NCS uses mcuboot but does that mean that DFU and OTA is no longer supported in NCS ?

Thank you.

Parents Reply
  • I did a bit of research and I have a few questions. What I want to achieve is over-the-air firmware update using NRF Secure Immutable bootloader. I am using nrf52832 and 840 and NCSV2.1.0

    1. What i understand from the docs is that to use OTA updates with  NSIB, I should include MCUboot as a second stage bootloader because NSIB does not support this and I do not have any other option. Am I right here ? Is what i am trying possible ? If I am right, are there any samples incorporating these ideas ?
    2. To use a custom key for MCUboot, I need to use CONFIG_BT_SIGNATURE_KEY_FILE="path to private key" . But from what I have learned, MCUBoot is not built from source.So where does the public key come from ? How can I embed my custom public key into MCUboot ?
    3. If I am right about (1), then my MCUboot and NSIB will be my projects two child images. Does this mean that every time I try to update my project I will have to build fresh images of signed MCUboot and NSIB ?
    4. Also I found this sample for OTA. But that is only for nrf9160. Is it because other devices does not support it that the sample is not provided for others or is it because of some other reason ? Can I follow the example and use it on my nrf52832 and 840 ?

    Thank you for your time.

Children
  • From your choice of words, it seems that you just want NSIB to be the immutable bootloader, and don't really need a second stage bootloader. Is that right?

    While I research this use case, can I ask why you would like to use NSIB as the immutable bootloader and not MCUboot?

  • From your choice of words, it seems that you just want NSIB to be the immutable bootloader, and don't really need a second stage bootloader. Is that right?

    Right. I do NOT want a second stage bootloader.. As I told, my end goal is over-the-air firmware update using NRF Secure Immutable bootloader. I will take anything to help me get this. That is all.

    But as I understand from the docs, OTA cannot be done with NRF Secure Immutable bootloader. Or am I understanding it wrong ?

    can I ask why you would like to use NSIB as the immutable bootloader and not MCUboot?

    My updates does not involve updating the bootloader. It only updates my application. And from this page, I believe that in this case, first stage immutable bootloader is what I want. Again, if I am wrong in my understanding, please correct me. The whole information is a lot and is vague in my mind.

    Thank you

  • OTA DFU can theoretically be done with either NSIB or MCUboot as the first stage (and immutable) bootloader.

    I should have phrased my question better. Is there a reason you choose NSIB over MCUboot as the first stage bootloader?

    Using MCUboot as the only bootloader, there are various built-in toolchain and libraries support to make enabling OTA DFU easy.

    Using NSIB as the only bootloader, I have not found any such support. I am asking our internal teams to see if I may be missing anything here.

  • Is there a reason you choose NSIB over MCUboot as the first stage bootloader?

    There is no specific reason for this choice.

    So, from what I understand now, OTA DFU is easily done if my first stage immutable bootloader is MCUboot. right ? In that case, would I have to go for a second stage bootloader ?

  • Midhunjac said:
    So, from what I understand now, OTA DFU is easily done if my first stage immutable bootloader is MCUboot. right ?

    That's right. OTA DFU is relatively easily done if your first stage immutable bootloader is MCUboot (and if you use a NSIB - MCUboot chain, like you previously discovered).

    Also, to answer your previous question 4, here are a few relevant reference sources:

    I need to double check a few things before I can be sure of the answers your previous question 2 and 3. I should be back with those answers before next week.
    Please feel free to comment here if you have anymore questions in the mean time though.

Related