Thread Secure OTA DFU Example

Table of Contents

• Set up MBR
• Set up bootloader
  • Memory settings
• Testing

This information applies to the nRF52840 SoC only.

The Thread Secure OTA DFU example showcases how to configure and carry out the Over-the-Air DFU process in a Thread network. For details about the Thread Secure OTA DFU protocol, see Thread Secure DFU protocol.

Note

The following testing procedure uses the nRF52840 device.

---

Set up MBR

To program the MBR, perform the following steps:

1. Open a command prompt and navigate to <InstallFolder>\components\softdevice\mbr\nrf52840\hex.
2. Ensure that the path to nrfjprog (from nRF5x Command Line Tools v9.2.0 or newer) is in the PATH environment variable.
3. Run the following command: nrfjprog -f nrf52 -r --program mbr_nrf52_2.4.1_mbr.hex --chiperase.

---

Set up bootloader

The bootloader for the Thread Secure OTA DFU is implemented using Bootloader and DFU modules. The main role of the bootloader is to check application integrity and, in case of dual bank updates (see Dual-bank and single-bank updates), to transfer the new image to the active bank. Unlike the BLE Secure DFU Bootloader, the bootloader for Thread Secure OTA DFU does not initialize any transports. Therefore, DFU is not possible in the bootloader. If a valid application is missing, the bootloader enters an infinite loop.

During system startup, the Master Boot Record (MBR) is responsible for starting the bootloader. MBR can be provided as part of the SoftDevice (if application uses a SoftDevice) or as a stand-alone binary firmware (if application does not use a SoftDevice). To start the bootloader, the MBR must know the start address of the bootloader. This start address is defined either in the MBR itself or in UICR.BOOTLOADERADDR. It must be set to the correct value when you program the bootloader. See the S132 SoftDevice Specification for more details.

Programming the bootloader requires the following steps:

1. Navigate to the armgcc folder of the example at <InstallFolder>\examples\thread\dfu\bootloader\pca10056\blank\armgcc.
2. Open a command prompt and run make to build the project.
3. Use nrfjprog (from nRF5x Command Line Tools v9.2.0 or newer) to program the hex file that was created in the _build folder to the board. For example, nrfjprog -f nrf52 -r --program _build\nrf52840_xxaa_blank.hex.

Memory settings

When programming the bootloader, take into account the following points:

• The bootloader must not be flashed with sectorerase option. Using this option can erase the entire flash page that contains the MBR.
• The size of the bootloader is fixed for the lifetime of the device. This is because it is not possible to safely update the location that stores the start address of the bootloader (MBR_BOOTLOADER_ADDR). See the SoftDevice Specification for more information.
• If you enable logging or debugging in the bootloader, it may turn out that it does not fit the defined memory region. In such case, the bootloader space must be expanded at the expense of the application memory (see Memory layout):
  1. Lower the thread_dfu_bootloader, flash the start address and increase the length by the same amount.
     • Example for the GCC linker file: FLASH (rx) : ORIGIN and FLASH (rx) : LENGTH.
  2. In the thread_secure_dfu_client, decrease the flash length by the same value as in the step 1.
     • Example for the GCC linker file: FLASH (rx) : LENGTH
  3. Lower OpenThread settings page start address by the same value.
     • Example for the GCC linker file: ot_flash_data (r) : ORIGIN

---

Testing

To test the DFU process, you need at least two nRF52840 Development Kit boards. One of these boards will be a DFU server that distributes the new firmware, while the others will be DFU clients that are updated. When using more than one DFU client, use the multicast DFU mode. Unless stated otherwise, run all of the presented commands in the main folder of the DFU Example: <InstallFolder>\examples\thread\dfu.

Test the Thread Secure OTA DFU application by performing the following steps:

1. Create cryptographic keys for the example. See Working with keys for information about key generation.
   1. Create a private key:

      nrfutil keys generate priv.pem 

   2. Create a public key in code format and store it in a file named dfu_public_key.c:

      nrfutil keys display --key pk --format code priv.pem --out_file dfu_public_key.c 

   3. Copy the dfu_public_key.c file to the project folder <InstallFolder>\examples\dfu, replacing the existing file.

      Note

      Do not copy the key to the folder <InstallFolder>\examples\thread\dfu. Use the path provided above.

2. Build the bootloader by running the following command:

   make -C bootloader\pca10056\blank\armgcc 

3. Prepare the DFU Client:
   1. Install micro-ecc. This library is required by the Cryptography library , which is used by the Thread Secure OTA DFU example.
   2. Compile the DFU client by running the following command:

      make -C client\pca10056\blank\armgcc 

   3. Return to the DFU example main folder and generate a bootloader settings hex file:

      nrfutil settings generate --family NRF52840 --application client\pca10056\blank\armgcc\_build\nrf52840_xxaa.hex --application-version 1 --bootloader-version 1 --bl-settings-version 2 settings.hex 

   4. Use mergehex (part of the nRF5x Command Line Tools) to merge the client hex file and the bootloader settings hex file:

      mergehex -m client\pca10056\blank\armgcc\_build\nrf52840_xxaa.hex settings.hex -o dfu_client.hex 

4. Flash the DFU Client to the client boards:
   1. Connect one or more DFU Client boards to the computer.
   2. Erase the flash memory on all connected DFU Client boards.

      nrfjprog -f nrf52 --eraseall 

   3. Flash the MBR as described in Set up MBR.

      nrfjprog -f nrf52 -r --program ..\..\..\components\softdevice\mbr\nrf52840\hex\mbr_nrf52_2.4.1_mbr.hex --chiperase 

   4. Flash the bootloader as described in Set up bootloader.

      nrfjprog -f nrf52 -r --program bootloader\pca10056\blank\armgcc\_build\nrf52840_xxaa_blank.hex 

   5. Flash the merged DFU Client with the following command:

      nrfjprog -f nrf52 -r --program dfu_client.hex --sectorerase 

   6. Make sure that the device connects to the Thread network. This is indicated by LED1 being lit, as per Thread BSP LED and button reference.
5. Prepare the firmware package for the DFU process:
   1. To successfully perform the DFU process, make sure the new firmware has a different checksum. For example, add the following line to the main() function:

      LEDS_ON(BSP_LED_3_MASK);

   2. Compile the modified DFU Client by running the following command:

      make -C client\pca10056\blank\armgcc 

   3. Return to the DFU example main folder and prepare a firmware package (in ZIP format) with the new firmware. See Creating a firmware package for more information:

      nrfutil pkg generate --hw-version 52 --sd-req 0x00 --application-version 2 --application client\pca10056\blank\armgcc\_build\nrf52840_xxaa.hex --key-file priv.pem app_dfu_package.zip 

      Note

      - To trigger the DFU process, the application-version value must be higher than the current application version.

      - The Thread and Zigbee stacks do not use SoftDevice, but the –sd-req option is required for compatibility reasons. You can provide any value for the option as it is ignored during DFU.

6. Use nRF Util to run the DFU:
   1. Connect the DFU server nRF52840 Development Kit board to your computer. This board serves as the connectivity IC to the Thread network. This board does not require installation of any firmware. It will be flashed by nRF Util.
   2. Run the following command to start the DFU process over Thread, where COM3 is the DFU Server DK serial port:
      1. For unicast DFU:

         nrfutil dfu thread -f -pkg app_dfu_package.zip -p COM3 --channel 11 --panid 43981 

      2. For multicast DFU:

         nrfutil dfu thread -f -pkg app_dfu_package.zip -p COM3 --channel 11 --panid 43981 -r 4 -rs 5000 -a FF03::1 

         The -r rate parameter may need to be adjusted for a given network size. In general, larger networks will not be able to disseminate multicast messages at a higher rate.
   3. By default, DFU is performed on all conforming devices in the network. To choose a specific target device using its IPv6 address, use nRF Util's -a option. For more information about nRF Util parameters, enter nrfutil dfu thread --help.
7. Observe that the device resets and runs the new application.