zirunhong after investigating some more, I definitely recommend you build your own bootloader and use that with Amazon AWS. The reasons are two fold:

  • There is no one bootloader that supports all versions of NCS. Every time Nordic changes something in the partition manager, it makes the previous bootloader inoperable.
  • You should secure your bootloader with a non-default signing key.

I updated the documentation about creating your own signing key.

    zirunhong Additionally, I found this github source, when I compare mine under the same directly in the SDK, it is slightly different:

    NCS >1.5.0 has the bootloader code that I submitted as a PR that handles the LED plus the bootlader delay. That way you can build your own bootloader/application and have the same functionality of the factory bootloader.

      Working on NCS 1.5.1 and the factory bootloader here were my results:

      Using the instructions here I set up my S3 bucket, etc.

      Once set up I also updated

      CONFIG_CLOUD_CLIENT_ID="feather-xxxx"
CONFIG_MQTT_BROKER_HOSTNAME="xxxx-ats.iot.us-east-1.amazonaws.com"

      They seem to be the only things that need to be added to prj.conf

      I downloaded the cert, private key and the Amazon Root CA1. Popped those in nRF Connect for Desktop and wrote them to the device.

      (I used the default security tag of 12345678)

      Remember the device needs to be on but not connected (Using AT+CFUN=4 in order to add the certs.) Once complete setting AT+CFUN=0 is always a good idea.

      A successful connection looks like:

      2021-05-03T16:29:58.240Z DEBUG modem << MQTT AWS Jobs FOTA Sample, version: v1.0.0
2021-05-03T16:29:58.241Z DEBUG modem << Initializing modem library
2021-05-03T16:29:58.447Z DEBUG modem << Initialized modem library
2021-05-03T16:29:58.449Z DEBUG modem << LTE Link Connecting ...
2021-05-03T16:30:03.254Z DEBUG modem << LTE Link Connected!
2021-05-03T16:30:03.486Z DEBUG modem << IPv4 Address 3.224.183.138
2021-05-03T16:30:03.488Z DEBUG modem << client_id: feather-xxxxx
2021-05-03T16:30:08.503Z DEBUG modem << [mqtt_evt_handler:182] MQTT client connected!
2021-05-03T16:30:09.155Z DEBUG modem << [mqtt_evt_handler:235] PUBACK packet id: 17463
2021-05-03T16:30:09.216Z DEBUG modem << [mqtt_evt_handler:245] SUBACK packet id: 2114
2021-05-03T16:30:09.472Z DEBUG modem << [mqtt_evt_handler:235] PUBACK packet id: 20067
2021-05-03T16:31:10.994Z DEBUG modem << [mqtt_evt_handler:250] default: 9
2021-05-03T16:32:12.008Z DEBUG modem << [mqtt_evt_handler:250] default: 9

      Then I created a job..

      Running the update with the compiled bootloader works. While using the stock v2 bootloader does not work. Exactly as you were seeing @zirunhong. My earlier recommendation still stands considering the situation.

      jaredwolff Thanks for the reply!

      which version of the SDK are you running?

      I use v1.5.0, I used the instruction here.

      NCS >1.5.0 has the bootloader code that I submitted as a PR that handles the LED plus the bootlader delay. That way you can build your own bootloader/application and have the same functionality of the factory bootloader.

      I see, I will try v1.5.1 to see if any progress.

      after investigating some more, I definitely recommend you build your own bootloader and use that with Amazon AWS.

      Yes, eventually we will have our application with FOTA feature, so to have our bootloader with our own key is definitely necessary.

      I updated the documentation about creating your own signing key.

      Thanks for the update, I will check it out.

      Zirun

          zirunhong NCS >1.5.0 has the bootloader code that I submitted as a PR that handles the LED plus the bootlader delay. That way you can build your own bootloader/application and have the same functionality of the factory bootloader.

          I see, I will try v1.5.1 to see if any progress.

          I take this back slightly. It doesn’t have the delay or the LED functionality. That means you’re likely putting the device into DFU you just can’t see it. 😅

              jaredwolff

              When I take the conversation back, I found this:

              The default baud for an unmodified bootloader is 115200. (thus the likely newtmgr timeouts)

              On the factory bootaloader it was 1000000, So I changed the connection configuration into
              newtmgr conn add serial type=serial connstring='dev=/dev/tty.SLAB_USBtoUART,baud=115200'

              And it flash the binary with the compiled bootloader (including in merged.hex), FOTA works as well! My mistake not see your mention earlier. One thing I am curious about, how to changed the baud rate into 1000000, and it that a reason for changing it?

              I take this back slightly. It doesn’t have the delay or the LED functionality. That means you’re likely putting the device into DFU you just can’t see it.

              Yeah. I found the same problem, at first I thought it never goes into DFU until I saw the firmware stop running on serial console. I think they haven’t released the v1.8.0 which merged your PR on LED and delay change. So I am still using the v1.7.99.

                  zirunhong One thing I am curious about, how to changed the baud rate into 1000000, and it that a reason for changing it?

                  The reason for changing it was because 115200 is slow. It takes >45 seconds to load an update. Whereas with 1M BAUD it takes < 15 seconds. That’s one thing I forgot to mention (changing that back to the 1M)

                  You can change circuitdojo_feather_nrf9160.dts which is located in zephyr/boards/arm/circuitdojo_feather_nrf9160/circuitdojo_feather_nrf9160.dts to match the following:

                  /*
 * Copyright (c) 2018-2020 Nordic Semiconductor ASA
 * Copyright (c) 2020 Circuit Dojo LLC
 *
 * SPDX-License-Identifier: Apache-2.0
 */

/dts-v1/;
#include <nordic/nrf9160_sica.dtsi>
#include "circuitdojo_feather_nrf9160_common.dts"

/ {
	chosen {
		zephyr,sram = &sram0_s;
		zephyr,flash = &flash0;
		zephyr,code-partition = &slot0_partition;
		zephyr,sram-secure-partition = &sram0_s;
		zephyr,sram-non-secure-partition = &sram0_ns;
	};
};


&uart0 {
	status = "okay";
	current-speed = <1000000>;
	tx-pin = <6>;
	rx-pin = <5>;
};

                  This applies to the non-secure portion of code (i.e. the bootoader). So it will default back to the 115200 for your application code. This will also merge as soon as this PR is approved and NCS is rebased to latest Zephyr.

                      jaredwolff

                      I updated the documentation about creating your own signing key.

                      I tried with the same process to build my own key. It works with AWS_FOTA example!

                      You will need to add those options to prj.conf :

                      CONFIG_SECURE_BOOT=y
CONFIG_BUILD_S1_VARIANT=y

                      Thanks for all your help!

                      Zirun

                          zirunhong fantastic!!!

                          Thanks for sharing those last bits. I’m sure it will be helpful for others out there as well. 😀

                            Terms and Conditions | Privacy Policy