This example demonstrates how to implement a Zigbee OTA Upgrade Client for the purpose of Secure DFU. The OTA Upgrade Cluster is typically only one of several ZCL clusters defined by the common Zigbee application. The example is based on the OTA Upgrade Cluster and Nordic's Bootloader and DFU modules that create an integrated upgrade solution. This gives you a useful head start when populating the device with other functionalities.
The Zigbee OTA Upgrade Client Example consists of two components:
The OTA Upgrade Cluster allows for downloading a new image while the device is running. This process differs from the one in BLE Secure DFU Bootloader, where a new image is downloaded and installed in the bootloader.
Zigbee OTA Upgrade Client example accepts images that contain an application which contains the Zigbee stack. The OTA Upgrade Client does not use the Zigbee OTA security architecture. Instead, it relies on the architecture of Bootloader and DFU modules for the Secure DFU process.
Zigbee OTA Upgrade Client Example does not use the SoftDevice. However, the bootloader requires the Master Boot Record (MBR). The example uses a standalone MBR provided as a hex file.
To program the MBR, perform the following steps:
<InstallFolder>\components\softdevice\mbr\nrf52840\hex
.nrfjprog -f nrf52 -r --program mbr_nrf52_2.3.0_mbr.hex --chiperase
.The bootloader for the Zigbee OTA Upgrade Client Example is implemented through Bootloader and DFU modules. The main role of the bootloader is to check the integrity of the application and to transfer the new image to the active bank in case of dual-bank updates (see Dual-bank and single-bank updates). Unlike BLE Secure DFU Bootloader, the bootloader for Zigbee Secure DFU does not initialize any transports. Therefore, DFU is not possible in the bootloader. If a valid application is missing, the bootloader enters an infinite loop.
During system startup, the MBR is responsible for starting the bootloader. To do this, the MBR must know the start address of the bootloader. Therefore, you must set it to the correct value when you program the bootloader in UICR.BOOTLOADERADDR
, located at address NRF_UICR_BOOTLOADER_START_ADDRESS
.
To program the bootloader:
armgcc
folder of the example at <InstallFolder>\examples\zigbee\experimental\ota\bootloader\pca10056\blank\armgcc
.make
to build the project._build
folder to the board.nrfjprog -f nrf52 -r --program _build\nrf52840_xxaa_blank.hex --sectoranduicrerase
.nrfutil is a PC tool that allows you to create and sign firmware packages, as well as perform the firmware update process on a PC. Support for Zigbee OTA images has been added to nrfutil in version 4.0.0. Refer to the nrfutil installation section for details on possible ways to install the tool.
To protect the target device against malicious attackers who try to impersonate the rightful sender of the firmware update, the initialization packet of the firmware package must be signed.
The DFU process flow in the Zigbee OTA Upgrade Client is slightly different from the BLE Secure DFU Bootloader DFU process flow or others.
Two entities participate in the Zigbee OTA Upgrade process:
Because of the nature of the DFU implementation, the OTA Upgrade Client cannot accept just any Zigbee OTA Upgrade file. The file must comply with several requirements. Apart from mandatory Zigbee OTA header, the image must consist of all the following Zigbee OTA subelements, in consecutive order:
0xCDEF
and contain the DFU trigger structure.The trigger structure is defined in components/iot/background_dfu/background_dfu_state.h
of nRF5 SDK:
The nrfutil utility automatically generates the OTA Upgrade file of the specified structure, using the provided hex file with the image for upgrading the firmware.
There are several defines in the main.c
file of the Zigbee OTA Upgrade Client example that can help you configure the parameters of the Zigbee OTA Upgrade Client.
Name | Description |
---|---|
OTA_UPGRADE_TEST_FILE_VERSION | Version of the installed firmware. |
OTA_UPGRADE_TEST_MANUFACTURER | Manufacturer ID for the device. |
OTA_UPGRADE_TEST_IMAGE_TYPE | Image Type of the device. |
HARDWARE_REVISION | Hardware Revision of the device. |
OTA_UPGRADE_TEST_MANUFACTURER
, OTA_UPGRADE_TEST_IMAGE_TYPE
, and HARDWARE_REVISION
must correspond to the values set upon generating the firmware package. For a detailed description of these fields, refer to Zigbee OTA Upgrade Cluster specification.Unless stated otherwise, run all of the presented commands in the main folder of the DFU Example: <InstallFolder>\examples\zigbee\experimental\ota
.
Test the Zigbee OTA Client application by performing the following steps:
dfu_public_key.c:
dfu_public_key.c
file to the project folder <InstallFolder>\examples\dfu
. Replace the existing file. <InstallFolder>\examples\zigbee\experimental\ota
. Use the path above.main()
function: OTA_UPGRADE_TEST_FILE_VERSION
to 0x01020101
.608123456
is the serial number of the Zigbee OTA Upgrade Server for the Development Kit, and 11
is the 802.15.4 channel number: The device resets and runs the new application. BSP_BOARD_LED_3 is lit.
When adding a bootloader to your device, pay attention to where in the device memory the different firmware components are located. The following table shows the memory layout used by the Zigbee OTA Upgrade Client. Since the Zigbee stack memory consumption is configurable, the default values in kB are assumed.
Usage | Memory range nRF52840 |
---|---|
Bootloader settings | 0x000F F000 - 0x0010 0000 (4 kB) |
MBR parameter storage | 0x000F E000 - 0x000F F000 (4 kB) |
Bootloader | 0x000F 8000 - 0x000F E000 (24 kB) |
Zigbee settings | 0x000E C000 - 0x000F 8000 (48 kB) |
Application area (incl. free space) | 0x0000 1000 - 0x000E C000 (940 kB) |
Master Boot Record (MBR) | 0x0000 0000 - 0x0000 1000 (4 kB) |