Nordic Legacy DFU Service blacklisted SecureDFU Update?

WisBlock
1

Please include the following information, in order for us to help you as effectively as possible.

RAK4631

platformio with arduinoadafruitnrf52-framework

MacOS latest ventura

actual google chrome web-bluetooth api

permanent problem

Here is the link to the article:
https://github.com/WebBluetoothCG/registries/blob/master/gatt_blocklist.txt

UUID blocked: 00001530-1212-efde-1523-785feabcd123
Which is the legacy DFU service without signed firmware packages

You can try it yourself with a simple javascript:

const DFUServiceUUID = "00001530-1212-efde-1523-785feabcd123";
const DFUCharacteristicUUID = {
  ControlPoint: "00001531-1212-efde-1523-785feabcd123",
  PacketPoint: "00001532-1212-efde-1523-785feabcd123"
};

const button = document.getElementById('btn');

button.addEventListener('click', async () => {

  navigator.bluetooth.requestDevice({
    filters: [{ services: [DFUServiceUUID] }]
  }).then(device => {
    console.log('Got device', device.name);
    return device.gatt.connect();
  }).catch(error => {
    console.log('Argh! ' + error);
  });
});

So i tried to do a test and implemented basic advertising of the SecureDFU service and characteristics, which then showed up as SecureDFU on the nordic connect app. Question is how to handle the firmware update process on the device if needed then and if there could please be a bootloader available which supports that - or is it already supported?. Would it be possible to have legacy and secure dfu be supported by the bootloader same time? Could you please provide a library, like with the legacy one:

/** OTA DFU service */
BLEDfu ble_dfu;

The Nordic Apps connect and dfu still support legacy mode, so that is fine.

Basic secure dfu ble advertising:

/** Security DFU Service*/
BLEService sec_dfu_service = BLEService(0xFE59);
BLECharacteristic sec_dfu_control_point = BLECharacteristic("0x8EC90001-F315-4F60-9FB8-838830DAEA50", 0x0001);
BLECharacteristic sec_dfu_packet = BLECharacteristic("0x8EC90002-F315-4F60-9FB8-838830DAEA50", 0x0002);
void ble_dfu_control_point_callback(uint16_t conn_hdl, BLECharacteristic *chr, uint8_t *data, uint16_t len);

sec_dfu_packet.setProperties(CHR_PROPS_WRITE_WO_RESP | CHR_PROPS_NOTIFY);

sec_dfu_service.begin();
sec_dfu_control_point.begin();
sec_dfu_packet.begin();
sec_dfu_control_point.setWriteCallback(ble_dfu_control_point_callback);

// must be primary service. advertise first
Bluefruit.Advertising.addService(sett_service);

// callback
void ble_dfu_control_point_callback(uint16_t conn_hdl, BLECharacteristic *chr, uint8_t *data, uint16_t len)
{
	(void)conn_hdl;
	(void)chr;
	(void)data;
	(void)len;
	Serial.println("ble_dfu_control_point_callback");
	// put device in dfu mode and reset
	NRF_POWER->GPREGRET = 0xA8;
	sd_nvic_SystemReset();
        // should be now in dfu mode -> Reconnect ble and write to control and packet point...?? 
}

My goal is to make a dfu via web-bluetooth and would also like to implement the web-usb version.

Regarding webusb dfu there seems to be problem with the protocolclass on the devices. Interface 0 has class 2 (interrupt) and if1 has class 10. None of the examples out there find a suiteable interface for dfu. If I read the deviceDescriptor I indeed get the right one.

Example from Zephyr: Zephyr

Any guidance here would also be much appreciated.

Thx a lot for feedback!
BR
Rainer

1 Like
2

Hello Rainer,

We have at the moment no plans to implement support for secure DFU for the RAK4631 with Arduino Bootloader.

You might have a look into our RUI3 BSP. The RAK4631 with RUI3 bootloader supports the Secure DFU Service:

image
image377×827 72.8 KB

But I have never tried to use web-bluetooth with it.

More information about RUI3 ==> RAKwireless Unified Interface V3 (RUI3) | RAKwireless Documentation Center
How to convert the RAK4630/RAK4631 to RUI3 ==> Device Firmware Upgrade | RAKwireless Documentation Center

3

Hi Bernd !

Thanks a lot for the fast answer. But that would mean, we would need to change over to RUI3 with our project I guess. Which would be quite complicated as it is already for a longer time in development.

Regarding the web-usb DFU, do you have any working example which you know of?

Thanks a lot
Rainer

4

Hi Rainer,

Sorry, I have no example for web-usb DFU, I heard the first time about it from you.

5

Hi @Rainer,

I just stumbled upon the same issue today. You may find more information about Secure DFU for Adafruit nRF52 Bootloader here. I believe the community needs to build momentum there so they implement it.

I am developing a Capacitor plugin for Nordic DFU here. I have already got Legacy DFU working on Android and iOS in my plugin. My company uses RAK4630s for a few products, so I am aiming to get support for web-bluetooth, and electron platform as well. Perhaps we could collaborate on this.

Cheers,
Robson

6

Hi Robson !

Wow great to see that you implemented legacy DFU already in Capacitor! I have an App build for our usecase, where the plugin would be a nice addition to be able to flash directly from the app instead of using the nordic apps. I will give it a try in the coming days. It is based on Ionic and React.

I was also looking into the implementation of doing it via web-usb, but came across recently the possibility, that it is also possible to do the DFU via a serial connection, when speaking from the web-browser capabilities. nrfutil and adafruit-nrfutil seems like to do it that way. But this needs for now a usb cable connection.

One way to get rid of the blocked legacy dfu ble characteristic could be to simply define a proprietary UUID…? For commercial projects a secure dfu would more fit the security requirements. In my case it is more a hobby project with hamradio background.

Cheers,
Rainer

7

Hi Rainer,

The plugin has an example folder with Ionic/Angular sample code. Using a different UUID for the BLE DFU service is something I will be testing soon. At the moment I am only looking into BLE options, but I may give a go at wired alternatives eventually.

Cheers,
Robson.