I'm working on a system that has an nRF52 and another ARM microcontroller. We have communication between the two over UART, and I want to use the external app functionality, and just want to double check some of the modifications that I'm making to the nRF52 bootloader.
This is on the nRF5 SDK 17.0.2 with a S113 softdevice.
We sign the external app with nRF Util with the same key we use for the BLE app. In the bootloader, this means that is_trusted is set to true when updating the external application.
However the bootloader (at least out of the box) will only run the nrf_dfu_validation_post_external_app_execute if is_trusted is false.
#if NRF_DFU_SUPPORTS_EXTERNAL_APP
else if (p_init->type == DFU_FW_TYPE_EXTERNAL_APPLICATION)
{
if (!is_trusted)
{
// This function must be implemented externally
ret_val = nrf_dfu_validation_post_external_app_execute(p_init, is_trusted);
}
else
{
s_dfu_settings.bank_1.bank_code = NRF_DFU_BANK_VALID_EXT_APP;
}
}
#endif // NRF_DFU_SUPPORTS_EXTERNAL_APP
I'm assuming the SDK assumes that external applications will NOT be signed, and thus should only update if it's not trusted. But why is the else block setting the bank_1.bank_code to NRF_DFU_BANK_VALID_EXT_APP?
Also, why aren't data_addr and data_len passed to nrf_dfu_validation_post_external_app_execute in postvalidate? It seems like they should be passed because whatever additional processing that needs to happen in nrf_dfu_validation_post_external_app_execute needs to know where the data is located and how much there is. There must be a reason why those two parameters were omitted, but it's not clear to me why they were omitted.
