This MCUBoot example is based on the zephyr/samples/basic/blinky
example from the Nordic Connect SDK (NCS).
This example has been configured and tested on Adafruit nRF52840 Feather Express, although it is expected to work with other Nordic devices with only minor changes necessary.
Note: The examples here use the default MCUBoot keys for signing. We strongly recommend that you create your own keys for signing firmware.
These are the steps you take to add MCUBoot support to an existing NCS application:
-
Add
CONFIG_BOOTLOADER_MCUBOOT=y
to your project'sprj.conf
file. This enables MCUBoot for the project. -
Copy the contents of
child_image
to achild_image
directory in your project. You may need to create this directory if it is not already present. This folder contains configuration for MCUBoot. -
DFU mode is typically triggered via a boot pin that MCUBoot checks shortly after device reset. In this example, we used the Feather's D2 pin, which is GPIO 0, Port 10. The boot pin must be pulled up and active low. The boot pin is defined in
child_image/mcuboot.overlay
:
buttonDFU: button_dfu {
gpios = <&gpio0 10 (GPIO_PULL_UP | GPIO_ACTIVE_LOW)>;
label = "DFU activation button";
};
If you wish to use a different pin to activate the bootloader, edit gpio0 10
to correspond with the GPIO peripheral and port of your chosen pin.
We recommend that you use a boot pin if an unused GPIO is available and is connected to Notecard's AUX3 pin. If you wish to not use a boot pin, please see [#mcuboot-configuration-options](MCUBoot configuration options) below.
-
Use
west build
andwest flash
to rebuild and upload the project to the device. -
When the device is reset with the boot pin held low, MCUBoot will start in serial recovery mode. This is indicated via the board's LED, which is ON while MCUBoot is active.
-
You can use the
mcumgr
tool inspect and test image updates via MCUBoot. Here's a brief outline of how to install and use the tool. You can read more about the tool in the Zephyr project mcumgr page- If not already installed, install
mcumgr
. This assumesgo
version >= 1.18 is installed.
go install github.com/apache/mynewt-mcumgr-cli/mcumgr@latest export PATH=$PATH:~/go/bin
- Add the connection to
mcumgr
export MCUMGR_DEV=<USB-serial-device> mcumgr conn add acm0 type="serial" connstring="dev=$MCUMGR_DEV,baud=115200,mtu=512"
- Update the application on the device via MCUBoot:
mcumgr -c acm0 image upload build/zephyr/app_update.bin
- If not already installed, install
MCUBoot configuration options are found in child_image/mcuboot.conf
. The majority of them cannot be changed and are required for MCUBoot to operate correctly with Notecard.
These options can be changed:
-
CONFIG_MCUBOOT_INDICATION_LED
: Enables the on-board LED, which is ON when the device is performing a DFU update. You may wish to set this ton
to conserve power. -
CONFIG_BOOT_SERIAL_WAIT_FOR_DFU
: Configures the bootloader to wait for a valid request before starting the application. When a valid request is received, the device remains in bootloader mode. This is an alternative to using a boot pin. This is only necessary when AUX3 is not connected to a boot pin on the target device.
MCUBoot ships with default keys that are used for signing the firmware during development. These are adequate for testing, but should not be used for firmware you plan to deploy.
We will use imgtool
that ships with the Nordic Connect SDK to generate a new key pair.
- Change directory to the
fast
directory generate a new key usingimgtool
.
imgtool keygen -k child_image/priv.pem -t rsa-2048
- Edit
CMakeLists.txt
and uncomment the line by removing the preceding#
comment marker.
SET(mcuboot_CONFIG_BOOT_SIGNATURE_KEY_FILE "\"${CMAKE_SOURCE_DIR}/child_image/priv.pem\"")
- Rebuild the app.
west build -p
- Verify that the built app uses the custom private key.
imgtool verify -k child_image/priv.pem build/zephyr/app_update.bin
- Change directory to the
slow
version of the app.
cd ../slow
-
Copy the contents of
child_image
from thefast
directory to theslow
directory so both versions use the same key and configuration.cp ../fast/child_image/* child_image/
-
Edit
CMakeLists.txt
and uncomment the line by removing the preceding#
comment marker.
SET(mcuboot_CONFIG_BOOT_SIGNATURE_KEY_FILE "\"${CMAKE_SOURCE_DIR}/child_image/priv.pem\"")
- Rebuild the app.
west build -p
- Verify that the built app uses the custom private key.
imgtool verify -k child_image/priv.pem build/zephyr/app_update.bin
- Flash the app and bootloader to your device.
west flash
Your device is now running the slow
version of the app. To test upgrading, we will use Notecard Outboard Firmware Updates to update to the fast
version.
MCUBoot support was added in firmware version 5.2.1. Ensure that your notecard firmware is at least this version.
In a terminal emulator, or the Notecard Playground on blues.dev, run these commands to enable Outboard DFU with MCUBoot:
{"req":"card.aux", "mode":"dfu"}
{"req":"card.dfu", "name":"mcuboot"}
Test an upgrade to the fast
version of the app:
- The app binary is located at
fast/build/zephyr/app_update.bin
. Follow the Uploading Firmware to Notehub tutorial to upload this file to Notehub so that it is available for download to your device. - With the firmware uploaded, schedule a Device Firmware Update from Notehub.