Merge pull request #175 from andvib/settings-page-boot-validation

Security Updates to Zigbee External Application and Boot Validation

README.md

@@ -33,6 +33,7 @@ that you are using you will need to select a release of this tool compatible wit
 * Version 0.5.2 generates legacy firmware packages compatible with **nRF SDK 11.0 and older**
 * Versions 1.5.0 and later generate modern firmware packages compatible with **nRF SDK 12.0 and newer**
 * Versions 4.0.0 and later generate modern firmware packages compatible with **nRF SDK 15.1 and newer**
+* Versions 5.0.0 and later generate modern firmware packages compatible with **nRF SDK 15.3 and newer**
 
 **Note**: In order to generate firmware images, compatible with **nRF SDK 12.0 to nRF SDK 15.0**, use `--no-backup` switch during generation of DFU settings.
 
@@ -142,6 +143,7 @@ SoftDevice            | FWID (sd-req)
 ----------------------| -------------
 `s112_nrf52_6.0.0`    | 0xA7
 `s112_nrf52_6.1.0`    | 0xB0
+`s112_nrf52_6.1.1`    | 0xB8
 `s130_nrf51_1.0.0`    | 0x67
 `s130_nrf51_2.0.0`    | 0x80
 `s132_nrf52_2.0.0`    | 0x81
@@ -158,8 +160,10 @@ SoftDevice            | FWID (sd-req)
 `s132_nrf52_5.1.0`    | 0xA5
 `s132_nrf52_6.0.0`    | 0xA8
 `s132_nrf52_6.1.0`    | 0xAF
+`s132_nrf52_6.1.1`    | 0xB7
 `s140_nrf52_6.0.0`    | 0xA9
 `s140_nrf52_6.1.0`    | 0xAE
+`s140_nrf52_6.1.1`    | 0xB6
 
 **Note**: The Thread and Zigbee stacks don't use a SoftDevice but --sd-req option is required for compatibility reasons. You can provide any value for the option as it is ignored during DFU.
 
@@ -173,7 +177,7 @@ The following conventions are used on the table:
 
 Combination   | Supported | Notes
 --------------| ----------|-------
-BL            | Yes       |
+BL            | Yes       | **See note 3 below**
 SD            | Yes       | **See note 1 below**
 APP           | Yes       |
 BL + SD       | Yes       |
@@ -187,11 +191,22 @@ SD + APP      | Yes       | **See notes 1 and 2 below**
 was added in nrfutil 3.1.0 and is required since 3.2.0 in case the package should contain SD (+ BL) + APP. Also, since version 3.2.0 the new ID is copied to `--sd-req` list so that
 in case of a link loss during APP update the DFU process can be restarted. In that case the new SD would overwrite itself, so `--sd-req` must contain also the ID of the new SD.
 
-The boolean option '--zigbee' enables the generation of Zigbee update file in addition to the zip package. The following example demonstrates the generation of such update file:
+**Note 3:** When creating update packages of bootloaders compiled from nRF5 SDK 15.3.0 and higher, nrfutil version 5.0.0 must be used. This is because of changes to the bootloader projects in the nRF5 SDK, and if an old nrfutil version is used the size of the generated packages
+will be too large.
+
+Boot validation for a SD or APP update can be activated by setting the `--sd-boot-validation` or `--app-boot-validation` to the preferred
+validation method. When boot validation is set, the bootloader will store the validation data (signature, hash or checksum) of the SD and/or
+APP in the bootloader setting page and verify the firmware in flash with the validation data on every boot. This is only supported by
+bootloaders using bootloader settings version 2, and is supported for both package and settings generation. See 'settings' for more
+information on bootloader settings versions.
+
+Update packages of external applications, e.g. updates that are intended for a third party, can be generated by setting the `--external-app` option. When this option is set the receiving device will store the received update, but not activate it. Note: This functionality is experimental in the  nRF5 SDK and not yet used in any examples.
+
+The boolean option `--zigbee` enables the generation of Zigbee update file in addition to the zip package. The following example demonstrates the generation of such update file:
 ```
 nrfutil pkg generate --hw-version 52 --sd-req 0 --application-version 0x01020101 --application nrf52840_xxaa.hex --key-file ../priv.pem app_dfu_package.zip --zigbee True --manufacturer-id 0xCAFE --image-type 0x1234 --comment good_image
 ```
-**Note 3:** The generated Zigbee update file is named according to the recommendation of the Zigbee Specification ([Zigbee Cluster Library Specification 11.5 - Zigbee Document 07-5123-06](http://www.zigbee.org/~zigbeeor/wp-content/uploads/2014/10/07-5123-06-zigbee-cluster-library-specification.pdf)), so the user doesn't provide the name of the Update file.
+**Note 4:** The generated Zigbee update file is named according to the recommendation of the Zigbee Specification ([Zigbee Cluster Library Specification 11.5 - Zigbee Document 07-5123-06](http://www.zigbee.org/~zigbeeor/wp-content/uploads/2014/10/07-5123-06-zigbee-cluster-library-specification.pdf)), so the user doesn't provide the name of the Update file.
 
 ##### display
 Use this option to display the contents of a DFU package in a .zip file.
@@ -329,9 +344,14 @@ The `--bl-settings-version` depends on the SDK version used. Check the following
 
 SDK Version   | BL Settings Version
 ------------- | -------------------
-12.0          | 1
+12.0 -        | 1
+15.3.0 -      | 2
 
 The Bootloader DFU settings version supported and used by the SDK you are using can be found in `nrf_dfu_types.h` in the `bootloader` library.
+Even though bootloaders compiled from nRF5 SDK 15.3.0 and higher only use version 2, they can be configured to support settings pages of version 1.
+If a new bootloader boots with a version 1 settings page, the bootloader will translate the settings page to version 2 before booting. When using
+settings page version 2, boot validation for SD and APP can be generated with the settings page using the `--sd-boot-validation` and
+`--app-boot-validation` in the same way as for DFU packages.
 
 ##### display