nRF5 OTA updates
There are discussions about OTA for nRF5 sensors. We have two variants to that:
- Use Nordics DFU mechanism.
- Implement a SoftDevice independent mechanism
Nordics DFU is ready to use for applications using the official SDK and a SoftDevice. At the moment the MySensors port doesn't support running on Chips with SoftDevice. I think this is more than a little work to implement SoftDevice Support. (NVM collision, Interrupt and RTC sharing, dependencies to non-LGPL compatible SDK...)
The SoftDevice supports updating the firmware with a smartphone and is pre-installed on most/all nRF5 chips. With this type of bootloader, it's easy to install MySensors without using programmers or special hardware. On the other side SoftDevice and bootloader requiring a lot of Flash memory, the SoftDevice reduces the usable RAM.
As I know, Nordics bootloader cannot be protected to flash other software. When a device is lost, encryption keys can be extracted.
My idea is creating a new bootloader which allows only flashing encrypted or signed code. The encryption keys can be protected with nRF5 hardware access control wich denies accessing the bootloader memory from applications. The debug interface can be disabled.
This bootloader can initially be flashed via Nordic's DFU. To do this an additional loader is required, wich runs in RAM to erase the whole Flash.
For flashing a second nRF5 or maybe nRF24 is needed. The flashing controller or additional software manages firmware delivery and encryption.
The first installation of the alternative bootloader needs a component to establish a new connection with an asymmetric key exchange. The resulting key is stored in the protected bootloader area. The initialization part can be erased after pair to the central firmware management. This keeps the boot section small.
New firmware should be flashed via a very small radio protocol, from internal flash for MySensors OTA support and via the serial port.