Important: Before you run this example, make sure to program the SoftDevice.
The ANT Secure DFU Bootloader example uses the Bootloader and DFU modules to implement a bootloader with secure Device Firmware Update (DFU) functionality.
The example bootloader accepts images that contain a new bootloader, a SoftDevice, an application, or any combination of these. To protect the target device against malicious attackers trying to impersonate the rightful sender of the firmware update, the init packet of the firmware package must be signed.
The ANT transport is a basic wrapper around the DFU protocol which uses ACK messages and bursts. The example uses a static master channel configuration for the ANT channel and the ANT public network. The host opens a matching slave channel to initiate communication.
DFU protocol request and response packets are sent using the following format. All multibyte values are in little endian format.
| Byte Index | Name | Description |
|---|---|---|
| 0..1 | Length | Length of the entire packet (=N). This is used to determine where the padding bytes start. |
| 2 | Sequence | A separate sequence number is kept by each side. It is incremented by the transmitter for every new request/response and used by the receiving side to filter out repeats. |
| 3 | Op Code | DFU protocol opcode. For messages in the response direction this should always be 0x60. |
| 4..N | Payload | Payload is specific to each opcode. Use existing transports as a guide. All values are packed as little endian. Generic structure does not encode length, so variable length data should have a length field somewhere in the payload to allow the distinction between payload and padding bytes. |
| N..M | Padding | Padding of 0-bytes to the nearest 8-byte boundary. |
Messages of 8 bytes total are sent as acknowledged messages. Longer messages are sent as bursts. The transmitter retries the transmission of a message until a TRANSFER_TX_COMPLETE event or a retry limit is reached. Exceeding the retry limit should be considered a fatal error.
When there is no message to send, the slave sends broadcast data in the following format.
| Byte Index | Name | Description |
|---|---|---|
| 0 | RX seq | Sequence number of the last slave-to-master message. |
| 1 | TX seq | Sequence number of the last master-to-slave message. |
| 2..7 | Reserved | Reserved bytes, set to 0. |
The message sequence for transferring objects is identical to that used for the serial transport.
There are certain configuration parameters available in the sdk_config file through which you can configure the Secure DFU Bootloader. For details on editing the SDK configurations, see SDK configuration header file.
You can find the source code and the project file of the example in the following folder: <InstallFolder>\examples\dfu\secure_bootloader\pca10040_s212_ant
Button assignments:
Note: You can use a custom channel or encryption when running any of the ANT examples. When adding a new channel or encryption, remember to update SoftDevice ANT event handler configuration.
Test the ANT Secure DFU Bootloader application by performing the following steps:
dfu_public_key.c. See Working with keys for instructions.dfu_public_key.c file to the project folder, replacing the existing file.nrfutil dfu ant -pkg package.zip