• State Not Answered
  • Replies 13 replies
  • Subscribers 66 subscribers
  • Views 2678 views
  • Users 0 members are here
Attachments (5) Download All
Nordic Case Info
  • Case ID: 281374
Options

How to reject old firmware version from AWS FOTA at NRF9160 side?

Jeffery

Hi Nordic team

Customer Delta was running a street lamp project.

For AWS FOTA, they applied a AWS account and firmware update already can work.

However, it looks like no version control ability. No matter new or old firmware from AWS,

NRF9160 accepted both.

How can we make it at NRF9160 side? Let NRF9160 reject older version update.

This project was from SDK Connect v1.3.0 http_application_update.

Jeffery

  • 0 in reply to Simon

    Hi Simon

    1. I tried sdk connect v1.8.0 application update example. Added configuration settings to prevent downgrade.

       However, it popped error as the project was opened. Anything wrong?

    2. The project customer referred to was v1.3.0. So, does it support mcuboot preventing downgrade?

    Jeffery

  • 0 in reply to Jeffery
    Jeffery said:
     However, it popped error as the project was opened. Anything wrong?

    If you look at this command

    west build -b board application -- \
-DCONFIG_BOOTLOADER_MCUBOOT=y \
-DCONFIG_MCUBOOT_IMAGE_VERSION=\"0.1.2\+3\" \
-Dmcuboot_CONFIG_MCUBOOT_DOWNGRADE_PREVENTION=y \
-Dmcuboot_CONFIG_BOOT_UPGRADE_ONLY=y

    You can see that some of the configs are meant for the application (<application>/prj.conf), and some of the configs are meant for mcuboot (<ncs>/bootloader/mcuboot). Specifically the configs written like "-D<config>" are for the application, while the configs written like "-Dmcuboot<config>" are for mcuboot. The reason it doesn't work is because you have added everything to the application prj.conf file.

    You can also take a look at the ticket mcuboot customer config to see how to set mcuboot configurations from the application.

    Jeffery said:
    2. The project customer referred to was v1.3.0. So, does it support mcuboot preventing downgrade?

    Yes, downgrade preventions should be possible in NCS v1.3.0. I could not find any information about it in the NCS v1.3.0 documentation, but I found some lines mentioning it in the MCUBoot v1.3.0 documentation: https://developer.nordicsemi.com/nRF_Connect_SDK/doc/1.3.0/mcuboot/design.html#downgrade-prevention

    In the above link, both SW based and HW based downgrade preventions are described. I forgot to mention the HW based method in my initial answer.

    Best regards,

    Simon

  • 0 in reply to Simon

    Hi Simon

    1. It can compile now. My test project is v1.8.0 application update. What I did as below.

    A. Added below string at CMakeLists.txt

    set(mcuboot_OVERLAY_CONFIG
    ${CMAKE_CURRENT_LIST_DIR}/mcuboot.conf
    )

    B. Create mcuboot.conf at project folder. Then, fill below settngs.

    CONFIG_BOOTLOADER_MCUBOOT=y
    CONFIG_MCUBOOT_DOWNGRADE_PREVENTION=y
    CONFIG_BOOT_UPGRADE_ONLY=y

    C. Added below setting at prj.conf

    CONFIG_MCUBOOT_IMAGE_VERSION="0.1.0"

    2. AWS address was default and not overwritten. So, nrf9160 will connect to Nordic's AWS account.

    3. After press button1, it started downloading data. As reached to 100%, reset DK for swap test.

       The FOTA was done. 

       However, it shall not be successfully since mcuboot version at my DK (1.0.0) is newer than version

       from AWS(0.0.0). Why is it successful to be downgraded?

    Jeffery

  • 0 in reply to Jeffery

    Could you show me the files <sample>/build/zephyr/.config and <sample>/build/mcuboot/zephyr/.config of the firmware on the DK (where version is 1.0.0).

    Can you also show me the file <sample>/build/zephyr/.config of the firmware to be updated (where version is 0.0.0).

    Best regards,

    Simon

Related