Change of key in bootloader and application

RE: Change of key in bootloader and application

Vidar Berg — Wed, 26 Apr 2023 11:59:57 GMT

No problem. Yes, bootloader updates are supported according to the SDK documentation:

Just use '--bootloader' instead of '--application' when you generate the dfu package with nrfutil. Also keep in mind that the bootloader version number must be incremented for every update. The bootloader does not permit downgrades.

RE: Change of key in bootloader and application

Simon_89 — Wed, 26 Apr 2023 11:14:23 GMT

Sorry, one more thing:

Is it possible to update the bootloader separately using the OTA process? Using "nrfutil pkg generate", can I create a package that contains the bootloader, which can then be transferred via Thread and installed by the device? Assuming the bootloader can then detect that it should replace itself?

RE: Change of key in bootloader and application

Simon_89 — Mon, 24 Apr 2023 13:38:50 GMT

Thank you very much, I think with this information we can decide which way we want to continue with the product.

RE: Change of key in bootloader and application

Vidar Berg — Mon, 24 Apr 2023 13:01:08 GMT

Hi,

No problem, but as you mentioned, I am afraid that the solution may have to be not to repeat the signature validation step in the bootloader, but instead trust that the update image has been properly validated by the application. The only other solution I can think of is to allocate a shared memory section accessible from both the application and bootloader and store the key there. This approach would be a bit more complex since the key will have to be written to the flash section by either the bootloader or the application. The reason for this is that the DFU protocol does not support writing data to arbitrary addresses. That is, you will not be able to specify where to store the key in the init packet. The bootloader will only store the image to the application or bootloader region depending on what the image type is set to in the init command.

When I said you could perform key rotation by updating the bootloader, I was thinking of DFU within the bootloader with the serial or BLE transport. DFU over thread is only available from the application and the bootloader/app must be uploaded separately.

RE: Change of key in bootloader and application

Simon_89 — Mon, 24 Apr 2023 11:48:49 GMT

Hi Vidar,

Thanks for the quick reply! We are still in development phase. From your perspective, do you recommend to verify the integrity in firmware and as well in bootloader? Or would a verification at one end be enough?

Furthermore we are not using "Soft device". How would be the suggestion to handle such updates of bootloader and application, as a combination of only Bootloader and Application is apparently not supported by Nordic?

RE: Change of key in bootloader and application

Vidar Berg — Mon, 24 Apr 2023 11:24:11 GMT

Hello,

Normally you can perform key rotation by updating the bootloader to a new one that has a different key. But as the update needs to be validated by both the app and bootloader in your case, I am not sure if there really is a good solution to this. Is this a question for an existing product or a product in development?

Best regards,

Vidar