nRF5340: Network core bootloader

This bootloader sample implements an immutable first stage bootloader that has the capability to update the application firmware on the network core of the nRF5340 System on Chip (SoC). In addition to this, the network core bootloader sample performs flash protection of both itself and the application.

Overview

The network core bootloader sample supports transporting an already verified and authenticated firmware upgrade from the application core flash to the network core flash, as well as performing flash protection.

This is accomplished by the following steps:

  1. Lock the flash of the bootloader.

    The bootloader sample locks the flash that contains the sample bootloader and its configuration. Locking is done using the ACL peripheral. For details on locking, see the Hardware flash write protection driver.

  2. Perform any pending network core firmware upgrade.

    Invoke the Peripheral CPU DFU (PCD) library to inspect a SRAM region shared with the application core. If the application core has written an update instruction, copy the specified data range to the application partition on the network core. Once the copy is done, compare the SHA of the data in the application partition against the SHA specified in the shared SRAM. Communicate the result of the comparison to the application core through the shared SRAM.

  3. Lock the flash of the application.

    Lock the flash that contains the application. Locking is done using the ACL peripheral. For details on locking, see the Hardware flash write protection driver.

  4. Boot the application on the network core.

    After possibly performing a firmware update, and enabling flash protection, the network core bootloader uninitializes all peripherals that it used and boots the application.

Requirements

Building and running

The source code of the sample can be found under samples/nrf5340/netboot/ in the nRF Connect SDK folder structure.

The most common use case for the network core bootloader sample is to be included as a child image in a multi-image build, rather than being built stand-alone. This sample is included automatically if the application in the nRF5340 network core has the CONFIG_SECURE_BOOT option set. Note that the build system will automatically enable the CONFIG_SECURE_BOOT option for the network core application if the application on the application core has enabled CONFIG_BOOTLOADER_MCUBOOT and CONFIG_BT_RPMSG_NRF53.

A new set of firmware update files is generated by the build system when this image is included in a multi-image build. These files are identical to those described in Using MCUboot in nRF Connect SDK, except that they contain the network core application firmware and are prefixed with net_core_.

Testing

To test the network core bootloader sample run the following commands:

  1. Connect to the kit with a terminal emulator (for example, PuTTY). See How to connect with PuTTY for the required settings.

    Note that on the nRF5340 DK has multiple UART instances, so the correct port must be identified.

  2. west build -b nrf5340dk_nrf5340_cpuapp -d build_netboot samples/bluetooth/peripheral_uart -f -- -DCONFIG_BOOTLOADER_MCUBOOT=y -Dmcuboot_CONFIG_PCD=y

    This sample (samples/bluetooth/peripheral_uart) will automatically include the network core sample hci_rpmsg when built for the nRF5340 DK. Since we enable MCUboot (-DCONFIG_BOOTLOADER_MCUBOOT=y) in the application core, the network core bootloader is automatically included as well. In addition to this, it is necessary to enable the Peripheral CPU DFU (PCD) subsys for the MCUboot image (-Dmcuboot_CONFIG_PCD=y).

  3. west flash -d build_netboot

    Program the merged hex files for both domains (application core and network core).

  4. nrfjprog --program build_netboot/zephyr/net_core_app_moved_test_update.hex --sectorerase -r

    This command will program the update firmware for the network core to the secondary slot of MCUboot in the application core. The firmware is signed the same way that the application firmware is signed. Hence, the firmware is also verified by MCUboot on the application core. See Peripheral CPU DFU (PCD) for more details.

  5. Reset the kit.

  6. Observe that the output includes Done updating network core

Dependencies

This sample uses the following nRF Connect SDK libraries:

The sample also uses drivers from the nrfx.