Skip to content

Commit

Permalink
doc: SUIT recovery and customize DFU update
Browse files Browse the repository at this point in the history
This commit introduces changes to docs regarding SUIT recovery sample
and recovery guide.
Support for recovery app configuration with external flash was added
recently.
Also, minor change to Customization DFU guide was added.

Signed-off-by: Michal Kozikowski <[email protected]>
  • Loading branch information
nordic-mik7 committed Dec 30, 2024
1 parent dee077d commit 2a44e61
Show file tree
Hide file tree
Showing 3 changed files with 7 additions and 12 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -195,7 +195,7 @@ Specifically, in the basic case:
* :kconfig:option:`SB_CONFIG_SUIT_MPI_RAD_LOCAL_1_CLASS_NAME`

These Kconfig options are used during Manifest Provisioning Information (MPI) generation.
After the MPI has been flashed, it is read by the Secure Domain Firmware, which can then use it to verify if the UUIDs in a manifest are correct,
Once the MPI has been flashed, it is read by the SDFW, which uses it to verify the correctness of the UUIDs in the manifest.

As an example, after adding the following lines to the :file:`sysbuild.conf` file:

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -52,11 +52,11 @@ The following image shows the recovery manifest topology for the nRF54H20 SoC:
If a failure during a boot process occurred, the Secure Domain sets the recovery flag and reboots the device.
Upon each boot the Secure Domain checks if the recovery flag is set.
If it is set, the device enters recovery mode.
If it isn't booting proceeds normally by running the root manifest.
If it is not, the boot process continues normally by executing the root manifest.

After entering the recovery mode it is verified if MPI configuration for the APP_RECOVERY is present.
If it is, the APP_RECOVERY manifest is processed.
It no MPI configuration is found the Secure Domain performs an attempt to process the normal manufacturer root manifest.
If no MPI configuration is found, the Secure Domain attempts to process the normal manufacturer root manifest.
This is needed, as the device might enter recovery mode if it is empty.
The recovery flag is not cleared after flashing the firmware, but the device should proceed as if it would boot normally.

Expand All @@ -80,10 +80,6 @@ Nordic provides a default recovery firmware that can be used in the recovery pro
This firmware uses Bluetooth LE and SMP as a transport.
It is optimized for memory usage, currently using around 164 kB of MRAM (72 kB of application core and 92 kB radio core).

.. caution::
The default recovery firmware does not support :ref:`updating from external flash memory <ug_nrf54h20_suit_external_memory>`.
This also means that the recovery firmware is not compatible with a main application that uses external flash for updates.

To use the firmware:

1. Create :file:`recovery.overlay` and :file:`recovery_hci_ipc.ovelay` files in the main application's :ref:`configuration_system_overview_sysbuild` directory.
Expand All @@ -95,7 +91,7 @@ To use the firmware:
This will cause the recovery firmware to be built automatically as part of the main application build.

#. :ref:`Program the main application firmware to the device <programming>`.
This will automatically program both the main application and the recovery firmware to the device.
This automatically programs both the main application and the recovery firmware onto the device.

#. To update the recovery firmware perform an update in the same way as described in :ref:`nrf54h_suit_sample`, however using the recovery firmware envelope.
The envelopes needed for the update are located in the build directory of the main application, by default found in :file:`build/DFU/app_recovery.suit` and :file:`build/DFU/rad_recovery.suit`.
Expand Down
7 changes: 3 additions & 4 deletions samples/suit/recovery/README.rst
Original file line number Diff line number Diff line change
Expand Up @@ -10,11 +10,10 @@ SUIT: Recovery application
The SUIT recovery application is a minimal application that allows recovering the device firmware if the original firmware is damaged.
It is to be used as a companion firmware to the main application that is using :ref:`Software Update for Internet of Things (SUIT) <ug_nrf54h20_suit_intro>` procedure, rather than a stand-alone application.

The following limitations apply to this application:
The following limitation applies to this application:

* The recovery firmware is only able to recover from a situation where the application or radio core are damaged.
It does not recover from Nordic Semiconductor-controlled firmware failures.
* The recovery firmware is not compatible with a main application that uses an external flash for update.

.. _suit_recovery_reqs:

Expand Down Expand Up @@ -98,13 +97,13 @@ Testing

.. code-block:: console
nrfutil device x-write --address 0xE0BA000 --value 0xFFFF --serial-number <segger_id>
nrfutil device x-write --address 0xE0B7000 --value 0xFFFF --serial-number <dk_serial_number>
#. Reset the device to enter the recovery path:

.. code-block:: console
nrfutil device reset --serial-port COM7
nrfutil device reset --serial-number <dk_serial_number>
#. Open the nRF Device Manager app on your mobile phone, and observe the device now advertising itself as *SUIT Recovery*.
#. Recover the application using the nRF Device Manager app to perform an update, following the process outlined in the :ref:`nrf54h_suit_sample` sample documentation.
Expand Down

0 comments on commit 2a44e61

Please sign in to comment.