Using MCUboot in nRF Connect SDK

The nRF Connect SDK includes MCUboot-specific integration files located in the modules/mcuboot subfolder in the sdk-nrf repository.

You can use MCUboot in the nRF Connect SDK in one of the following roles:

• As an Immutable first-stage bootloader that can perform device firmware updates to the application. Enable CONFIG_BOOTLOADER_MCUBOOT to use it in this role.

• As an Upgradable second-stage bootloader that can perform device firmware updates to both itself and the application. Enable both CONFIG_BOOTLOADER_MCUBOOT and CONFIG_SECURE_BOOT to use it in this role.

See the following user guides for more information on adding, configuring, and testing MCUboot for your application build in the nRF Connect SDK:

• Secure bootloader chain

• Adding a bootloader chain

• Testing the bootloader chain

• Using external memory partitions

• Customizing the bootloader

• Firmware updates

When you add MCUboot to your application build, the following files that can be used for firmware over-the-air (FOTA) upgrades are automatically generated:

• app_update.bin - Signed variant of the firmware in binary format (as opposed to intelhex). This file can be uploaded to a server as FOTA image.

• app_to_sign.bin - Unsigned variant of the firmware in binary format.

• app_signed.hex - Signed variant of the firmware in intelhex format. This HEX file is linked to the same address as the application. Programming this file to the device will overwrite the existing application. It will not trigger a DFU procedure.

• app_test_update.hex - Same as app_signed.hex except that it contains metadata that instructs MCUboot to test this firmware upon boot. As app_signed.hex, this HEX file is linked against the same address as the application. Programming this file to the device will overwrite the existing application. It will not trigger a DFU procedure.

• app_moved_test_update.hex - Same as app_test_update.hex except that it is linked to the address used to store the upgrade candidates. When this file is programmed to the device, MCUboot will trigger the DFU procedure upon reboot.

See the Multi-image builds user guide for more information on image files in multi-image builds.

Note

When you use MCUboot in the direct-xip mode, enable the CONFIG_BOOT_BUILD_DIRECT_XIP_VARIANT Kconfig option to let the build system generate an additional set of files for the second application slot. These .hex files are identical to the ones listed above, but their names also use the mcuboot_secondary_ prefix. For example, mcuboot_secondary_app_signed.hex is created and placed in the second slot on the target device when the app_signed.hex file is placed in the first slot. For more information about the direct-xip mode, see the Equal slots (direct-xip) section in the Bootloader documentation.