Hello,
I want to prevent a scenario where I successfully perform a DFU with a faulty firmware image. I have a bootloader that handles firmware updates both for the NRF5 itself and another external chipset. It once happened that we accidentally flashed a firmware image meant for the external chip onto the NRF5, and we "bricked" it (we had to reflash with a JLink).
Our board doesn't have a physical button or something that we could use to do something like in the examples (press button during reset), so I'm trying to figure out a way to protect ourselves from such a scenario in the future.
I was thinking of using a combination of WDT and the GPREGRET. Something like setting a bit in the GPREGRET, starting the watchdog timer in the bootloader and expect it to be refreshed in the main app. The GPREGRET bit should also be cleared first thing in the main app. Then I could check the GPREGRET in the bootloader and decide whether to stay or not.
Would such an approach work? Is it possible to start the WDT in the bootloader and refresh it in the main app as I mentioned?
Thanks for your help!
EDIT: I already took measures to prevent flashing an image to the wrong chipset. I'm just trying to make my bootloader more reliable.
What happens in case of a successful DFU with a faulty FW image is that the bootloader considers the app to be correct, jumps to the main app, but finds only garbage there. The device is bricked from that point on because even though the device boots from the bootloader, the bootloader always jumps to the main app because, in the end, the app is still considered correct.