Add MCUboot bootloader and firmware update support#2
Open
Conversation
Adds secure bootloader support via MCUboot and an over-the-air (OTA)
firmware update path using MCUmgr/SMP over UART for the custom_plank
(nrf52840) board.
Changes
-------
dfetch.yaml
- Add MCUboot (zephyrproject-rtos/mcuboot, main) fetched to
bootloader/mcuboot/. The dfetch CMake module auto-discovers it as
a Zephyr module via its zephyr/module.yml.
application/west.yml
- Register the bootloader/mcuboot project so that west sysbuild can
locate and build MCUboot as a child image alongside the application.
application/boards/vendor/custom_plank/custom_plank.dts
- Add fixed-partitions map for the 1 MB nrf52840 flash:
0x000000 48 KB boot_partition (MCUboot, read-only)
0x00C000 448 KB slot0_partition (active image)
0x07C000 448 KB slot1_partition (update candidate)
0x0EC000 16 KB scratch_partition(swap workspace)
0x0F0000 64 KB storage_partition(NVS/settings)
- Set zephyr,code-partition = &slot0_partition in /chosen so the
linker places the application inside the correct slot.
application/app/boards/custom_plank.conf (new)
- Board-specific Kconfig fragment that:
* CONFIG_BOOTLOADER_MCUBOOT=y – links image for slot0 + trailer
* Flash / stream-flash / img-manager for update state tracking
* MCUmgr over UART (SMP) with IMG and OS command groups for
host-side image upload via `mcumgr` or `nrfutil device`
application/app/sysbuild/mcuboot.conf (new)
- MCUboot Kconfig overrides applied by sysbuild:
* SWAP_USING_MOVE (no dedicated scratch erase needed)
* RSA-2048 image signing (replace root-rsa-2048.pem for production)
* BOOT_MAX_IMG_SECTORS=256 (covers 448 KB / 4 KB sectors)
Build instructions
------------------
# Fetch MCUboot source
dfetch update
# Build bootloader + application together (recommended)
west build --sysbuild -b custom_plank application/app
# Flash
west flash
# Upload a new image over UART with mcumgr CLI
mcumgr --conntype serial --connstring /dev/ttyUSB0,baud=115200 \
image upload build/app/zephyr/zephyr.signed.bin
https://claude.ai/code/session_01MXGFeBsm7tePm9ggz6fc8w
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
This PR integrates MCUboot secure bootloader and firmware update capabilities into the custom_plank board. It enables over-the-air (OTA) firmware updates via MCUmgr/SMP protocol over UART, with proper flash partitioning and bootloader configuration.
Key Changes
Flash partitioning (
custom_plank.dts):zephyr,code-partitionreference to slot0_partitionApplication configuration (
custom_plank.conf):CONFIG_BOOTLOADER_MCUBOOT=y)IMG_MANAGER,IMG_ERASE_PROGRESSIVELY)MCUboot bootloader configuration (
mcuboot.conf):Dependency management:
Implementation Details
The flash layout supports dual-slot firmware updates with MCUboot as the secure bootloader. The configuration uses SWAP_USING_MOVE for efficient sector management without requiring a dedicated scratch partition. Image signing with RSA-2048 ensures firmware authenticity. MCUmgr over UART enables remote image upload, confirmation, and device reset for seamless OTA updates.
https://claude.ai/code/session_01MXGFeBsm7tePm9ggz6fc8w