Adding USB capability to secure DFU BLE bootloader

Hi,

I'd like to add the capability to perform secure DFU over USB with the secure DFU BLE bootloader as a baseline. What needs to be done to achieve this? In addition to adding the USB transport, do I need to add USB CDC in the bootloader to be able to send the DFU using nrfutil?

I'm using sdk v17 as the baseline for the secure DFU bootloader.

Thanks

  • Hi,

    The open USB bootloader have everything needed to be a secure bootloader (and in fact by default it do require signature on bootloader updates). The only change that is needed in order to also require signature verification on application and SoftDevice updates is to set NRF_DFU_REQUIRE_SIGNED_APP_UPDATE to 1 in the bootlaoder's sdk_config.h. So if all you need is the USB transport, then take the example and make this change.

    If you want to combine USB with BLE, then you should take one of the examples and add includes, configuration, etc from the other, as well as adjust size and start address (there are quite a few things to resolve so it is a bit of work but not a huge task). Essentially all you need to add a transport is to add the required files, and then it will automatically be initialized and work out of the box. You do not need to do anything else to support for the USB CDC, as that is all part of the USB transport implementation.

  • Hi, where can I find information on the size and start addresses, either documentation on them or their physical location in the bootloaders?

    Thank you

  • Hi,

    To get a combined USB + BLE DFU secure bootloader, I took the USB example as a baseline and merged sdk_config.h, the Makefile, and the linker script from the BLE example. However, it looks like there are conflicts in the linker script and there's not enough room in Flash:

    _build/nrf52840_xxaa.out section `.text' will not fit in region `FLASH'
    region FLASH overflowed with .data and user data
    section .mbr_params_page VMA [00000000000fe000,00000000000fefff] overlaps section .text VMA [00000000000f4000,00000000000fe077]
    section .crypto_data VMA [00000000000fe078,00000000000fe07f] overlaps section .mbr_params_page VMA [00000000000fe000,00000000000fefff]
    region `FLASH' overflowed by 284 bytes

    Could you advise on how the best way to resolve these issues? What's the best way to attach the resulting sdk_config.h, Makefile, and linker script, so you can better assist?

  • Hi,

    mablabs said:
    To get a combined USB + BLE DFU secure bootloader, I took the USB example as a baseline

    I think it would be easier to take the BLE bootloader as baseline, just because that would probably have you doing fewer modifications. But both will work as long as you get all you need from both. If you use the USB project as stating point, remember to add all the SoftDevice and BLE related files and includes to the Makefile, and also defines such as SOFTDEVICE_PRESENT instead of MBR_PRESENT, get S140, etc.

    mablabs said:
    Could you advise on how the best way to resolve these issues?

    Regarding flash size that will increase when you need to fit both the USB and BLE transport, so you need to move down the start address and increase the size. When you use GCC and Makefile, that means adjusting this line in the linker script:

      FLASH (rx) : ORIGIN = 0xf8000, LENGTH = 0x6000

    Lower the start address and increase the length so that everything fits, and you have two free pages above (for MBR params and bootloader settings).

    mablabs said:
    What's the best way to attach the resulting sdk_config.h, Makefile, and linker script, so you can better assist?

    Use Insert -> Image/video/file, click the "Upload" text, select the file and click the OK button after it has been uploaded. Do this for every file, or zip all files together and upload the zip.

  • I am not sure what you refer to there? The size of the bootloader depends on how much you include. When you add more features, the size typically increases. As the bootloader is located at the end of the flash (with two free pages above it for MBR params and BL Settings), that means that you need to move down the start address. There is no generic way to know how much when you add stuff without building and seeing.

Related