I have created an open source Github project for a secure bootloader I wrote for the BLE 188.8.131.52 stack. I wanted several things that the legacy OTA bootloader in 184.108.40.206 did not offer:
Some of these points appear to have been addressed by the 220.127.116.11 stack release, but it still uses proprietary file formats and tools and isn't customisable.
There is a companion Android app included as an APK in the project which will flash firmware files to the bootloader. The full source for this is not provided, but the source for code to read firmware files and send them to the bootloader is included.
There is no reduction of memory available to the application program, as the bootloader uses the ROM below 0x4000 which is otherwise unused. Encryption is done using AES-256, with SHA-256 to verify the programming. The encryption key and OTA service UUID are configurable, which ensures that only images suitable for the target can be flashed, and the debug lock word is automatically set to prevent the encryption key or code being read out of the chip.
The project uses CMake and does not require Simplicity Studio. If anyone else finds the project useful you are welcome to use and modify it.
Thanks for sharing! I will definitely need to try this myself at some point.
One minor comment:
>> Preserve persistent storage data across application updates.
PS storage is preserved also by the Silicon Labs own OTA implementation, also in version 2.1.1. PS storage resides at the end of flash (two last sectors) and it is not touched during OTA.
(Note that I am marking this post as "solution" just to keep our statistics straight, to avoid reminders of unanswered questions...)
By the way, we have a separate section in the community for sharing projects:
Ok, I saw a mention elsewhere on the Forum that persistent storage was erased after OTA upgrade, but on re-reading, I see it refers to the BLE113, so I guess that's different.
Thanks for the pointer to the projects forum, I'll use that in future.