- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi cypress team,
I am working on CYBT-343026 and trying to transport the .ota.bin through uart and update the firmware by myself. I have upgraded the firmware successfully but I have a question is that I have read the pdf
And it says that there are two firmware partition DS1 and DS2 and my firmware will be written to the inactive partition. When the download procedure is completed and the received image is verified and activated, the currently active partition is invalidated, and then the chip is rebooted. After the chip reboots, the previously inactive partition becomes active.
But if I didn't write firmware to flash correctly, After I call wiced_firmware_upgrade_finish(). The whole system seems to be crash.
My question is do I need to verify the image by myself?
If yes, how?
If no, the boot code will check if the image is valid or not. Shouldn't it run the origional image but not the invalid image?
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
The document says as below. Does it addresses your query.
"During firmware upgrade, the device performing the procedure (Downloader) pushes chunks of the new image
to the device being upgraded. The embedded application receives the image and stores it in the external or onchip flash. When all data has been transferred, the Downloader sends a command to verify the image passing a
32-bit CRC checksum. The embedded app reads the image from the flash and verifies the image. For the nonsecure download, the library calculates the checksum and verifies that it matches received CRC. For the secure
download case, the library performs Elliptic Curve Digital Signature Algorithm (ECDSA) verification and verifies
that the Product Information stored in the new image is consistent with the Product Information of the
firmware currently being executed on the device. If verification succeeds, the embedded application
invalidates the active partition and reboots the chip."
Thanks,
-Dheeraj.P.K
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
The document says as below. Does it addresses your query.
"During firmware upgrade, the device performing the procedure (Downloader) pushes chunks of the new image
to the device being upgraded. The embedded application receives the image and stores it in the external or onchip flash. When all data has been transferred, the Downloader sends a command to verify the image passing a
32-bit CRC checksum. The embedded app reads the image from the flash and verifies the image. For the nonsecure download, the library calculates the checksum and verifies that it matches received CRC. For the secure
download case, the library performs Elliptic Curve Digital Signature Algorithm (ECDSA) verification and verifies
that the Product Information stored in the new image is consistent with the Product Information of the
firmware currently being executed on the device. If verification succeeds, the embedded application
invalidates the active partition and reboots the chip."
Thanks,
-Dheeraj.P.K
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
As you said, both secure and nonsecure will verify that if the image is valid or not. But when I download a invalid image to the device. Ater I call wiced_firmware_upgrade_finish(). The device still reboot, why?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Update:
It says, "When all data has been transferred, the Downloader sends a command to verify the image passing a
32-bit CRC checksum. The embedded app reads the image from the flash and verifies the image. For the nonsecure download, the library calculates the checksum and verifies that it matches the received CRC"
The device performing the procedure (Downloader) should initiate the verification process and the embedded app from the library layer should verify. Please refer to the below OTA library implementation. Please check whether anything is different in your implementation.
https://github.com/Infineon/btsdk-ota/tree/master/COMPONENT_fw_upgrade_lib
Only after the verification, the embedded app invalidates the active partition.
"If verification succeeds, the embedded application invalidates the active partition and reboots the chip"
If you share your implementation and test procedure, we will be able to help you by reproducing the scenario and check what is the issue.