MCUBoot compatible?

[romainreignier]

I have tried to use this OTA library with MCUBoot as bootloader but I have the following error message:

Higher version bootloader required to perform OTA.
Please update the bootloader.
File -> Examples -> Portenta_System -> PortentaH7_updateBootloader

Is this library compatible with MCUboot? If not, is there an example sketch to do OTA with MCUBoot?

[pennam]

@romainreignier, this library is intented to perform OTA with the standard Arduino bootloader. If you have flashed the MCUboot binary without locking it (no keys loading) the bootloader is working in the same way the standard Arduino bootloader does, so if you skip the version check you should be able to perform OTA using this library. If you have locked the bootloader you can have a look at this example https://github.com/pennam/ArduinoCore-mbed/commit/5750925603ac33799429c0c7053da939fcbc43d3 It needs to be polished before be mainlined it, but it's the example i've used for my tests. Remember that the update binary file should be signed with imgtool like the ide is doing when uploading the binary with DFU, see https://github.com/arduino/mcuboot-arduino-stm32h7#create-a-signed-and-encrypted-update-sketch

[romainreignier]

Thank you @pennam for this example. I have tried it, everything went well but after the reset, the same update sketch is running and not the update. What should be the format of the update.bin file? Just the raw binary produced by the IDE?

[pennam]

To use the example you have to:

1. Flash MCUboot bootloader (this will update the bootloader binary of the board and create the update.bin and scratch.bin file)
2. Lock the bootloader flashing the default keys included in the manageBootloader.ino sketch (the default keys have to be used only for evaluation purpose. You can create your set of keys following https://github.com/arduino/mcuboot-arduino-stm32h7#customize-signing-and-encryption-keys). This step will enable MCUboot secure boot.
3. Load the example sketch with the ide selecting Security setting -> Signature + Encryption from Tools menu (check for the correct ip address of your configuration to download the binary)
4. Create a signed and encrypted update binary using imgtool, or using the IDE (always selecting from Tools menu Security settings Signature + Encryption) and palce it into your local webserver
5. Run the sketch and once the update.bin file is in place reset your board.

I would also suggest to enable the mcuboot debug log if you have a portenta breakout putting BT_SEL (PI8) pin HIGH, the output will be available through UART1

Since this discussion is not really related to this library i'm closing the issue, but feel free to reopen another one here https://github.com/arduino/mcuboot-arduino-stm32h7 if something is not working

[pennam]

mmm better to leave it open so i'll remember to update/improve the compatibility check including the MCUboot binary