Configuring DFU and MCUboot

This page provides an overview of Device Firmware Update (DFU) for the nRF54H Series devices, detailing the necessary steps, configurations, and potential risks involved in setting up secure boot and firmware updates.

On the nRF54H20 SoC, you can use MCUboot as a standalone immutable bootloader. If you want to learn how to start using MCUboot in your application, refer to the Enabling a bootloader chain using sysbuild page. For full introduction to the bootloader and DFU solution, see MCUboot and NSIB and Adding MCUboot as an immutable bootloader.

Note

nRF Secure Immutable Bootloader is not supported on the nRF54H20 SoC.

You must select a sample that supports DFU to ensure proper testing of its functionality. In the following sections, the SMP server sample variant in the samples/dfu/smp_svr folder is used. It extends the Zephyr’s SMP server sample and adapts it for nRF54H20 platform.

Note

There are two variants of the SMP server sample:

  • The new sdk-nrf sample supporting the nRF54H20 SoC, located in the samples/dfu/smp_svr folder.

  • The SMP server, located in the samples/subsys/mgmt/mcumgr/smp_svr folder, is the Zephyr sample that supports MCUboot and DFU.

Configuring MCUboot on the nRF54H20 DK

You can build any nRF54H20 SoC sample with MCUboot support by passing the SB_CONFIG_BOOTLOADER_MCUBOOT Kconfig option. This enables the default swap using move bootloader mode, supports a single updateable image, and applies the standard MCUboot configurations.

To configure the Hello World sample for using MCUboot, follow these steps:

  1. Navigate to the zephyr/samples/hello_world directory.

  2. Build the firmware:

    west build -b nrf54h20dk/nrf54h20/cpuapp -p -- -DSB_CONFIG_BOOTLOADER_MCUBOOT=y

  3. Program the firmware onto the device:

    west flash

See the MCUboot SMP Server sample for a reference of how you can further configure your application with MCUboot. It demonstrates how to enable MCUmgr Command-line tool commands in the application, allowing you to read information about images managed by MCUboot.

Supported signatures

MCUboot supports the following signature types:

By default, MCUboot stores the public key in its own bootloader image. The build system automatically embeds the key at compile time. For more information, see DFU with custom keys.

Image encryption

MCUboot supports AES-encrypted images on the nRF54H20 SoC, using ECIES-X25519 for key exchange. For detailed information on ECIES-X25519 support, refer to the MCUboot AES image encryption with ECIES-X25519 key exchange documentation page.

Caution

On the nRF54H20 SoC, private and public keys are currently stored in the image. Embedding keys directly within the firmware image is a security risk.

Suspend to RAM (S2RAM) support

MCUboot on the nRF54H20 SoC supports Suspend to RAM (S2RAM) functionality in the application. It can detect a wake-up from S2RAM and redirect execution to the application’s resume routine.

For more information, see S2RAM operation with MCUboot as the bootloader instruction.

DFU configuration example

MCUboot supports various methods for updating firmware images. On the nRF54H platform, you can use swap and direct-xip modes.

For more information, see the samples/dfu/smp_svr sample. This sample demonstrates how to configure DFU feature in both MCUboot and user application in your project. It uses Simple Management Protocol for DFU and querying device information from the application.

The following nRF54H20-specific build flavors are available:

  • sample.dfu.smp_svr.bt.nrf54h20dk - DFU over BLE using the default IPC radio firmware image and Swap using move MCUboot mode.

  • sample.dfu.smp_svr.bt.nrf54h20dk.direct_xip_withrevert - DFU over BLE using Direct-XIP with revert MCUboot mode.

  • sample.dfu.smp_svr.serial.nrf54h20dk.ecdsa - DFU over serial port with ECDSA P256 signature verification.

  • sample.dfu.smp_svr.bt.nrf54h20dk.direct_xip_withrequests - DFU over BLE using Direct-XIP with revert MCUboot mode and bootloader requests support.

  • sample.dfu.smp_svr.bt.nrf54h20dk.ext_flash - DFU over BLE from external flash using Swap using move MCUboot mode.

The following additional build flavors are also available:

  • sample.dfu.smp_svr.encryption.ecdsa_p256 - DFU using Dual-bank swap with move MCUboot mode with encryption support and ECDSA P256 signature verification.

  • sample.dfu.smp_svr.nrf_compress.basic - DFU using Dual-bank overwrite MCUboot mode with compression support.

  • sample.dfu.smp_svr.nrf_compress.encryption_ecdsa_p256 - DFU using Dual-bank overwrite MCUboot mode with both compression and encryption support, and ECDSA P256 signature verification.

You can build and flash the selected flavor of the MCUboot SMP Server sample with the following commands:

west build -b nrf54h20dk/nrf54h20/cpuapp -T ./sample.dfu.smp_svr.bt.nrf54h20dk
west flash

Testing steps

You can test the MCUboot SMP Server sample by performing a FOTA update. To do so, complete the following steps:

  1. Locate the dfu_application.zip archive in the build directory of the build from the previous chapter. The archive is automatically generated after adding the DFU configuration and building your project.

    Note

    For each image included in the DFU-generated package, use a higher version number than your currently active firmware. You can do this by modifying the VERSION file in the application directory or by making changes to the application code. For the semantic versioning, modify the CONFIG_MCUBOOT_IMGTOOL_SIGN_VERSION Kconfig option. Otherwise, the DFU target may reject the FOTA process due to a downgrade prevention mechanism.

  2. Download the dfu_application.zip archive to your mobile phone. See Output build files (image files) for more information about the contents of update archive.

    Note

    nRF Connect for Desktop does not currently support the FOTA process.

  3. Use the nRF Connect Device Manager mobile app to update your device with the new firmware.

    1. Ensure that you can access the dfu_application.zip archive from your phone or tablet.

    2. In the mobile app, scan and select the device to update.

    3. Switch to the Image tab.

    4. Tap the SELECT FILE button and select the dfu_application.zip archive.

    5. Tap the START button.

    6. Initiate the DFU process of transferring the image to the device:

      • If you are using an Android phone or tablet, select a mode in the dialog window, and tap the START button.

      • If you are using an iOS device, tap the selected mode in the pop-up window.

      Note

      For samples using random HCI identities, the Test and Confirm mode should not be used.

    7. Wait for the DFU to finish and then verify that the new application works properly by observing the new device name visible in the Device Manager app.

Additional Information

You can test BLE-based FOTA samples with the nRF Connect Device Manager. For DFU over a serial connection, use the MCUmgr Command-line tool.

Note

On the nRF54H20 SoC, Direct-xip mode uses a merged image slot that combines both application and radio core images. Refer to the sample’s DTS overlay files to understand the partition layout. In contrast, Swap modes place application and radio images in separate MCUboot slots, enabling multi-image updates.

Direct-xip (merged) build artifacts are generated in the build directory. Swap-mode artifacts reside in subdirectories of the applications build folders under the build/<application>/zephyr directory path (for example, build/smp_svr/zephyr or build/ipc_radio/zephyr).

Note

DFU from external flash is currently not supported on the nRF54H20 SoC.