Firmware upgrade dual partitions

Ask the Community
Close
Ask the Community
nav search Icon
Forums gray-arrow gray-arrow
Resources gray-arrow gray-arrow
About gray-arrow gray-arrow
Groups gray-arrow gray-arrow
nav-user Account

Tip / Sign in to post questions, reply, level up, and achieve exciting badges. Know more

cross mob

Firmware upgrade dual partitions

wenchilo
Level 4
Level 4
First like received 25 replies posted 25 sign-ins
‎May 22, 2022 08:55 PM
‎May 22, 2022 08:55 PM
Jump to solution

Hi cypress team, 

I am working on CYBT-343026 and trying to transport the .ota.bin through uart and update the firmware by myself. I have upgraded the firmware successfully but I have a question is that I have read the pdf

https://www.infineon.com/dgdl/Infineon-WICED_Firmware_Upgrade_Library-Software-v01_00-EN.pdf?fileId=... 

And it says that there are two firmware partition DS1 and DS2 and my firmware will be written to the inactive partition. When the download procedure is completed and the received image is verified and activated, the currently active partition is invalidated, and then the chip is rebooted. After the chip reboots, the previously inactive partition becomes active.

But if I didn't write firmware to flash correctly, After I call wiced_firmware_upgrade_finish(). The whole system seems to be crash.

My question is do I need to verify the image by myself?

If yes, how?

If no, the boot code will check if the image is valid or not. Shouldn't it run the origional image but not the invalid image? 

0 Likes
Subscribe
1 Solution

Re: Firmware upgrade dual partitions

DheerajPK_41
Moderator
Moderator
Moderator
750 replies posted 500 likes received 500 replies posted
‎May 24, 2022 05:24 AM
‎May 24, 2022 05:24 AM
Jump to solution

Hi,

The document says as below. Does it addresses your query.

"During firmware upgrade, the device performing the procedure (Downloader) pushes chunks of the new image
to the device being upgraded. The embedded application receives the image and stores it in the external or onchip flash. When all data has been transferred, the Downloader sends a command to verify the image passing a
32-bit CRC checksum. The embedded app reads the image from the flash and verifies the image. For the nonsecure download, the library calculates the checksum and verifies that it matches received CRC. For the secure
download case, the library performs Elliptic Curve Digital Signature Algorithm (ECDSA) verification and verifies
that the Product Information stored in the new image is consistent with the Product Information of the
firmware currently being executed on the device. If verification succeeds, the embedded application
invalidates the active partition and reboots the chip."

Thanks,

-Dheeraj.P.K

View solution in original post

0 Likes
3 Replies

Re: Firmware upgrade dual partitions

DheerajPK_41
Moderator
Moderator
Moderator
750 replies posted 500 likes received 500 replies posted
‎May 24, 2022 05:24 AM
‎May 24, 2022 05:24 AM
Jump to solution

Hi,

The document says as below. Does it addresses your query.

"During firmware upgrade, the device performing the procedure (Downloader) pushes chunks of the new image
to the device being upgraded. The embedded application receives the image and stores it in the external or onchip flash. When all data has been transferred, the Downloader sends a command to verify the image passing a
32-bit CRC checksum. The embedded app reads the image from the flash and verifies the image. For the nonsecure download, the library calculates the checksum and verifies that it matches received CRC. For the secure
download case, the library performs Elliptic Curve Digital Signature Algorithm (ECDSA) verification and verifies
that the Product Information stored in the new image is consistent with the Product Information of the
firmware currently being executed on the device. If verification succeeds, the embedded application
invalidates the active partition and reboots the chip."

Thanks,

-Dheeraj.P.K

0 Likes

Re: Firmware upgrade dual partitions

wenchilo
Level 4
Level 4
First like received 25 replies posted 25 sign-ins
‎May 24, 2022 06:50 PM
‎May 24, 2022 06:50 PM
Jump to solution

Hi,

As you said, both secure and nonsecure will verify that if the image is valid or not. But when I download a invalid image to the device. Ater I call wiced_firmware_upgrade_finish(). The device still reboot, why?

0 Likes

Re: Firmware upgrade dual partitions

DheerajPK_41
Moderator
Moderator
Moderator
750 replies posted 500 likes received 500 replies posted
‎Sep 13, 2022 10:14 PM
‎Sep 13, 2022 10:14 PM
Jump to solution

Update:

It says,  "When all data has been transferred, the Downloader sends a command to verify the image passing a
32-bit CRC checksum. The embedded app reads the image from the flash and verifies the image. For the nonsecure download, the library calculates the checksum and verifies that it matches the received CRC"

The device performing the procedure (Downloader) should initiate the verification process and the embedded app from the library layer should verify. Please refer to the below OTA library implementation. Please check whether anything is different in your implementation. 

https://github.com/Infineon/btsdk-ota/tree/master/COMPONENT_fw_upgrade_lib

 

Only after the verification, the embedded app invalidates the active partition. 

"If verification succeeds, the embedded application invalidates the active partition and reboots the chip"

 

If you share your implementation and test procedure, we will be able to help you by reproducing the scenario and check what is the issue.

0 Likes