We are making a product using QN908x wlcsp version of the controller. In order to move further with the design and production we would like to know what options we have to load firmware onto qn908x.
If we implement the firmware, will the nxp able to load the firmware at the time of qn908x controller manufacturing - if yes would like to know the MoQ and the steps/process of handing over the firmware.
If above option is not available then any suggestion on whats the best practice others follow to upload the firmware -
1. Loading firmware at the time of component assembly - security is the concern here since the production is happening at the third party vendor.
2. Loading firmware after production will keep the firmware uploading pins exposed to the end user - which is again a concern from the safety point of view.
So need input on the industry guidelines on this front.
Hello @kishansa,
Unfortunately, we don't offer a service to factory flashed devices.
About the first case, the best way to do this would be a custom bootloader that is flashed first and receive an encrypted image.
About the second case, add the OTAP client profile could be an option to update the image on the field. I would suggest to take a look at the following post and the SDK examples. Also, this could be used for the first case too.
BR,
Alexis Andalon
Hi @Alexis_A ,
Thanks for update.
On the first point when you say customized Boot loader - do you mean the boot loader will be going to have decryption feature implemented to manage the encrypted Bootloadable image decryption. Any document or thread explaining this further will be more useful.
In the case of OTAP feature implementation whats the secure way of implementing the OTA part, since BLE is more vulnerable would like to know the best approach.
Hello @kishansa,
Unfortunately for this particular MCU there's not much documentation regarding secure bootloader, for other MCUs we provide a base firmware called MCU Bootloader | NXP Semiconductors, this bootloader can be configured to receive an encrypted image and load the decrypted image in flash. After this, the secure flash features can be enabled to denied any read/write to the memory, maybe you could take some ideas of this implementation.
For the OTAP secure features, I would suggest to check the docs/wireless/Bluetooth/Bluetooth Low Energy Application Developer's Guide.pdf, here mention the secure modes and levels used. Unfortunately, support to receive encrypted image formats is not available by default in the examples but the secure features allow the data to be encrypted on the air.
BR,
Alexis Andalon