• State Verified Answer
  • Locked Locked
  • Replies 13 replies
  • Subscribers 25 subscribers
  • Views 497 views
  • Users 0 members are here
Attachments (0)
Nordic Case Info
  • Case ID: 288842
Options
nRF5 SDK is not maintained anymore
More Info: Consider nRF Connect SDK for new designs
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Customize bootloader to rollback OTA DFU

user108796

Hi,

I've been requested a feature regarding buttonless OTA DFU that I'm not sure if it's feasible or advisable to implement.

The feature is that once the OTA is successful and the new application has been successfully flashed, we should check if the app can connect to the client application. If it can not secure a connection due to a bug in the new app, it should rollback the app to the previous app. Since it can not connect to the client, it should store the old app in a "Bank 2" before flashing the new app from Bank 1 into Bank 0. This assumes that there is enough flash memory to store 3 copies of the app. Does this procedure make sense? Is it feasible to implement with the secure bootloader?

How could this be handled in a different way? I think a timer to check if connection is possible (similar to a watchdog timer) and if not send device to bootloader mode for OTA DFU could be an easier approach to implement.

Thanks in advance.

  • 0 in reply to user108796

    Hi Alberto, 

    As far as I know the bootloader wont automatically enter DFU mode if the reset was because of the watchdog. You may want to implement that. It should be added in function dfu_enter_check() in nrf_bootloader.c 

    The bootloader timeout after 2 minutes if the DFU mode is entered, but for normal booting it won't enter DFU mode. 

    Calling ble_dfu_buttonless_bootloader_start_finalize() will write to GPREGRET and will put the bootloader to DFU mode as  you can find in the dfu_enter_check() function. 

  • 0 in reply to Hung Bui

    I see, I understand now what you meant about the 5 seconds after booting to enter DFU mode. It could be certainly be an option. First, I will try to modify the bootloader to use this new Bank 2 for the old app. If I fail, I will look into these other methods.

    I think app_activate() would be the best method where to copy the old app in Bank 0 to the new Bank 2 just before the new app in Bank 1 is copied to Bank 0. Or maybe adding another case in nrf_bootloader_fw_activate() could make more sense.

  • 0 in reply to user108796
    alberto. said:
    I think app_activate() would be the best method where to copy the old app in Bank 0 to the new Bank 2 just before the new app in Bank 1 is copied to Bank 0. Or maybe adding another case in nrf_bootloader_fw_activate() could make more sense.

    Yes you can modify app_activate. But please make sure you have configured the location of bank0, bank 1 and bank 2 correctly so that they won't overlap. 

Related
Terms of service