cancel
Showing results for 
Search instead for 
Did you mean: 

WICED Smart Bluetooth

Anonymous
Not applicable

===

SDK: 2.1.

Tag: 920737.

app: OTA hello-sensor.

OTA firmware size ~ 25KB.

===

Question:
Can we use OTAFU (OTA-firmware upgrade) instead of Secure-OTAFU with version control upgrade?
which means, if users want to download a old OTA FW of which the version is 1.0 while in device FW,
of which the version is newer as 1.1; how to avoid this downloading?
Coz in built image, HelloSensor-BCM920737TAG_Q32-rom-ram-Wiced-release.ota.bin,
I didnt find the place storing version (like 1.1) and also no fixed position in ota firmware. So
we can not avoid user downloading old firmware? TKS

0 Likes
Reply
1 Solution
Moderator
Moderator

Note that I confirmed that during an OTA update, the Major Version can only increment, not go backwards in order to support an older version of the firmware.

This is outlined within the WICED Secure Over-the-Air Firmware Upgrade Application Note (SDK 2.1 and TAG3 Board)

Verification will fail unless the following conditions are met:

  • RSA verification must pass: access to the private key is required to create the new firmware image.
  • The product ID of the new image must match that of the existing application.
    • This requirement prevents the use of a correctly signed application built for a different product.
  • The major version number must be the same or greater than that of the existing application.
  • The major version should be increased when security vulnerabilities are fixed.
    • This requirement prevents replacing the application with a version that has known security problems.

View solution in original post

0 Likes
Reply
4 Replies
Employee

Check out this thread: WICED Smart BCM92073X OTA Firmware Upgrade (1)

The section on the "Modify Soure Code" discussed about how comparing of the version information of the fw image and ota image is done.

0 Likes
Reply
Anonymous
Not applicable

Hi Boont,

I saw that link but it seems it's from secure-OTA and can not work on non-secure OTA.

I also made a test on OTAFW (non-secure) and modify device FW a old version compared
to OTA image and it still can allow downloading... is that right?

0 Likes
Reply
Anonymous
Not applicable

boont, there is a correction,

I saw that link but it seems it's from secure-OTA and can not work on non-secure OTA.

I also made a test on OTAFW (non-secure) and modify device FW a NEW version compared
to OTA image and it still can allow downloading...it seems tool didnt check the version before downloading;

I use PC tool embedded in SDK2.1 ota folder.

0 Likes
Reply
Moderator
Moderator

Note that I confirmed that during an OTA update, the Major Version can only increment, not go backwards in order to support an older version of the firmware.

This is outlined within the WICED Secure Over-the-Air Firmware Upgrade Application Note (SDK 2.1 and TAG3 Board)

Verification will fail unless the following conditions are met:

  • RSA verification must pass: access to the private key is required to create the new firmware image.
  • The product ID of the new image must match that of the existing application.
    • This requirement prevents the use of a correctly signed application built for a different product.
  • The major version number must be the same or greater than that of the existing application.
  • The major version should be increased when security vulnerabilities are fixed.
    • This requirement prevents replacing the application with a version that has known security problems.

View solution in original post

0 Likes
Reply