Device Firmware Update (DFU)

The Gecko OS Device Firmware Update (DFU) feature allows device firmware to be updated offline via the device serial interface. This is an alternative to the OTA (Over-The-Air) update process, which requires the device to have Internet access via the device Wi-Fi interface.

Each device to be updated must have the minimum Gecko OS kernel firmware installed. The Gecko OS kernel provides all the features required to complete the DFU process.

A DFU package is created by the Product owner using the DMS web interface or REST API.

Gecko OS devices or bridging hosts can then obtain the required DFU package from the Silabs Device Management Service (DMS). This part of the process requires Internet access.

The DFU package can then be used to update one or more devices via the serial interface.

See DFU Procedures.

The DFU process incorporates comprehensive security measures to ensure the integrity of the updated firmware. See Security and Authentication.

Special Terms

The following terms have special meaning in this documentation:

Types of DFU

Direct OTA DFU, a.k.a. Serial DFU

A single device is updated by DFU using the device Wi-Fi with direct access to the DMS DFU service. The device can retain NVM variable settings and files not in the package.

Offline DFU, a.k.a Manufacturing DFU

Multiple devices are updated with a single DFU package. The device can retain NVM variables and files not in the package.

Bridged DFU

An intermediate host, such as a mobile phone app, obtains the DFU package and caches it. It then passes it on to a Gecko OS device connected to the bridging host. This is a form of Offline DFU. A bridging app uses the DFU REST API to perform operations with the DFU host.

Factory DFU

Multiple devices are updated with a DFU package consisting of images to be programmed to specified flash locations. Devices programmed with a Factory DFU cannot retain NVM variable settings or files. All existing NVM variable settings and files are erased from the device, other than the device credentials.

DFU Procedures

Basic Procedure

Bridged DFU Procedure

To obtain a request from a device to determine if an update is available, use the dfu_query -o command.

To obtain a request from a device to request a DFU package, use the dfu_request command.

File Updating Rules

For security and efficiency, the DFU process updates device files only when required. A device file is updated if:

DFU Commands and Variables

DFU Package

A DFU Package consists of a firmware bundle and additional data.

Security and Authentication

Package Security

DFU packages contain the firmware bundle files or images required for the update. A DFU package is generated by the DMS or other secure utility. It is signed with the Product Auth Key and is encrypted with the Product AES Key.

DMS and Device Authentication

The DMS host for DFU operations will be dfu.zentri.com

There are three credentials used in DFU package security:

Devices can present TLS client certificates to identify themselves to the DMS.

The device authenticates the DMS by validating the DMS's server certificate against the device's internally stored DMS CA certificate.

The DMS authenticates the device using the device's certificate and key.

For a Bridged DFU, the bridging device presents a request signed by the device, containing the device EUI (Extended Unique Identifier - see IEEE - EUI), signed by the device. Since the request is signed by the device, the bridging device is not required to authenticate separately with the DMS. See Bridged DFU Procedure.

DPA Attack Countermeasures

A DPA (Differential Power Analysis) attack can extract cryptopgraphic keys passively from a device. As this requires repetition of the cryptographic process, an attack is enabled if two or more DFU packages allow DFU between the packages, i.e.

DPA attacks can be disabled by limiting a package's allowed update packages to avoid DFU loops.

DFU REST API

TBD