Can we prevent OTAFU from older version upgrade?

Tip / Sign in to post questions, reply, level up, and achieve exciting badges. Know more

cross mob
Anonymous
Not applicable

===

SDK: 2.1.

Tag: 920737.

app: OTA hello-sensor.

OTA firmware size ~ 25KB.

===

Question:
Can we use OTAFU (OTA-firmware upgrade) instead of Secure-OTAFU with version control upgrade?
which means, if users want to download a old OTA FW of which the version is 1.0 while in device FW,
of which the version is newer as 1.1; how to avoid this downloading?
Coz in built image, HelloSensor-BCM920737TAG_Q32-rom-ram-Wiced-release.ota.bin,
I didnt find the place storing version (like 1.1) and also no fixed position in ota firmware. So
we can not avoid user downloading old firmware? TKS

0 Likes
1 Solution

Note that I confirmed that during an OTA update, the Major Version can only increment, not go backwards in order to support an older version of the firmware.

This is outlined within the WICED Secure Over-the-Air Firmware Upgrade Application Note (SDK 2.1 and TAG3 Board)

Verification will fail unless the following conditions are met:

  • RSA verification must pass: access to the private key is required to create the new firmware image.
  • The product ID of the new image must match that of the existing application.
    • This requirement prevents the use of a correctly signed application built for a different product.
  • The major version number must be the same or greater than that of the existing application.
  • The major version should be increased when security vulnerabilities are fixed.
    • This requirement prevents replacing the application with a version that has known security problems.

View solution in original post

0 Likes
4 Replies
BoonT_56
Employee
Employee
500 likes received 250 likes received 100 likes received

Check out this thread: WICED Smart BCM92073X OTA Firmware Upgrade (1)

The section on the "Modify Soure Code" discussed about how comparing of the version information of the fw image and ota image is done.

0 Likes
Anonymous
Not applicable

Hi Boont,

I saw that link but it seems it's from secure-OTA and can not work on non-secure OTA.

I also made a test on OTAFW (non-secure) and modify device FW a old version compared
to OTA image and it still can allow downloading... is that right?

0 Likes
Anonymous
Not applicable

boont, there is a correction,

I saw that link but it seems it's from secure-OTA and can not work on non-secure OTA.

I also made a test on OTAFW (non-secure) and modify device FW a NEW version compared
to OTA image and it still can allow downloading...it seems tool didnt check the version before downloading;

I use PC tool embedded in SDK2.1 ota folder.

0 Likes

Note that I confirmed that during an OTA update, the Major Version can only increment, not go backwards in order to support an older version of the firmware.

This is outlined within the WICED Secure Over-the-Air Firmware Upgrade Application Note (SDK 2.1 and TAG3 Board)

Verification will fail unless the following conditions are met:

  • RSA verification must pass: access to the private key is required to create the new firmware image.
  • The product ID of the new image must match that of the existing application.
    • This requirement prevents the use of a correctly signed application built for a different product.
  • The major version number must be the same or greater than that of the existing application.
  • The major version should be increased when security vulnerabilities are fixed.
    • This requirement prevents replacing the application with a version that has known security problems.
0 Likes