The Serial Secure DFU Bootloader example uses the Bootloader and DFU modules to implement a bootloader with secure Device Firmware Update (DFU) functionality. The SDK provides transport code for UART and for USB CDC ACM (nRF52840 only).
The example bootloader accepts images that contain a new bootloader, SoftDevice, application, or any combination of these. To protect the target device against malicious attackers trying to impersonate the rightful sender of the firmware update, the init packet of the firmware package must be signed.
Depending on the target board and SoftDevice, you can find the source code and the project file of the example in one of the following folders:
<InstallFolder>\examples\dfu\secure_bootloader\pca10040_uart
<InstallFolder>\examples\dfu\secure_bootloader\pca10040e_uart
<InstallFolder>\examples\dfu\secure_bootloader\pca10056_uart
<InstallFolder>\examples\dfu\secure_bootloader\pca10056_usb
<InstallFolder>\examples\dfu\secure_bootloader\pca10056e_uart
Button assignments:
The USB Secure DFU Bootloader example uses the CDC ACM USB class, commonly known as Virtual COM port. After connecting the USB cable, the development kit enumerates as a COMx port on Windows hosts or as a /dev/ttyACMx
device on Linux/Unix hosts. The port can be opened and closed just like a traditional serial port.
On Mac, Linux, and Windows 8 and later, the correct driver should be installed automatically.
You can either create your own firmware package for testing or use one of the provided packages that are located in subfolders of <InstallFolder>\examples\dfu\secure_dfu_test_images
. The provided packages have been generated using a private key that corresponds to the default public key in the project. This public key must not be used in production.
The following is the naming convention for the hex and zip files that you can use in this example:
uart\nrf528xx\hrs_application_s1xx.hex
uart\nrf528xx\hrs_application_s1xx.zip
uart\nrf528xx\blinky_mbr.hex
uart\nrf528xx\blinky_mbr.zip
uart\nrf528xx\softdevice_s1xx.hex
uart\nrf528xx\softdevice_s1xx.zip
uart\nrf528xx\mbr.hex
uart\nrf528xx\bootloader_secure_uart_debug_without_bonds_mbr.hex
uart\nrf528xx\bootloader_secure_uart_debug_without_bonds_mbr.zip
Test the Serial Secure DFU Bootloader application by performing the following steps:
dfu_public_key.c
. See Working with keys for instructions.dfu_public_key.c
file to the project folder, replacing the existing file.nrfutil dfu serial -pkg package.zip -p COM_PORT
for UART transportnrfutil dfu usb_serial -pkg package.zip -p COM_PORT
for USB transport