HardFault

Set Up OTA Firmware Updates with Nordic DFU

Overview

Over-the-Air (OTA) firmware updates enable remote updating of nRF-based devices without requiring physical access. Nordic Semiconductor provides a Device Firmware Update (DFU) bootloader that allows secure and reliable OTA firmware updates, making it an essential feature for IoT and embedded applications.

In this blog, we’ll explore how to set up and implement OTA firmware updates using Nordic’s DFU bootloader in a development environment based on Segger Embedded Studio.

Prerequisites

Before diving into the implementation, ensure you have the following:

Hardware

  • nRF52 or nRF53 Series development board (e.g., nRF52840 DK)
  • A computer with Segger Embedded Studio installed
  • Nordic’s nRF Connect for Desktop and nRF Connect for Mobile
  • J-Link programmer (if required for debugging)

Software

  • Segger Embedded Studio (SES)
  • nRF Command Line Tools
  • nRF SDK (Software Development Kit)
  • nRF Util (for DFU package creation and flashing)

Understanding the DFU Bootloader

Nordic’s Secure DFU Bootloader is responsible for handling OTA updates securely. The bootloader verifies and installs new firmware images and can also recover the system in case of a failed update. The main components of Nordic’s DFU system include:

  • Bootloader: Manages firmware updates
  • Application Firmware: The main running firmware
  • SoftDevice (Optional): Bluetooth stack (if BLE is used)
  • DFU Packages: Encrypted firmware bundles used for updates

Step-by-Step Implementation

1. Setting Up the Secure DFU Bootloader

Nordic provides example bootloader projects in the nRF5 SDK. You can find them under:

<nRF SDK>/examples/dfu/

To compile and flash the bootloader:

  1. Open Segger Embedded Studio.
  2. Load the appropriate secure_bootloader project from the SDK.
  3. Compile the bootloader and flash it to your nRF device.

2. Generating a Private-Public Key Pair for Secure DFU

To ensure secure firmware updates, you need to sign your firmware with a private key.

Generate the key pair using:

nrfutil keys generate private.key
nrfutil keys display --key pk --format hex private.key --out_file public.key

The public.key is used in the bootloader, while the private.key signs the firmware updates.

3. Building and Packaging the Firmware Update

Compile your application firmware in Segger Embedded Studio and then create a DFU package using:

nrfutil pkg generate --hw-version 52 --sd-req 0x00 --application app.hex --key-file private.key --application-version 1 firmware.zip

This generates a firmware.zip file that can be used for OTA updates.

4. Uploading Firmware via OTA

  1. Open nRF Connect for Mobile.
  2. Connect to your device via BLE.
  3. Select DFU and choose the firmware.zip file.
  4. Start the update process and monitor progress.

Alternatively, you can perform updates via UART or USB using nrfutil:

nrfutil dfu serial -pkg firmware.zip -p COMx -b 115200

5. Verifying and Testing the Update

Once the OTA update completes, restart your device to load the new firmware. You can verify the update by:

  • Checking the firmware version in the application.
  • Monitoring logs via nRF Logger.

Troubleshooting Common Issues

– DFU Update Fails

  • Ensure the bootloader is correctly flashed.
  • Check BLE connectivity.
  • Verify the firmware package signature.

– Device Not Entering DFU Mode

  • Manually trigger DFU mode using a GPIO pin.
  • Use a debugger to inspect bootloader execution.

– Signing Key Mismatch

  • Ensure you are using the correct private key to sign firmware.

References and Further Reading

Conclusion

OTA firmware updates are crucial for maintaining and enhancing nRF-based devices in the field. By using Nordic’s Secure DFU Bootloader along with nrfutil, nRF Connect, and Segger Embedded Studio, you can seamlessly implement and manage OTA updates securely.

If you have any questions or run into issues, please reach out to us.

Leave a comment