SShortSingh.
Back to feed

Engineer Details Secure BLE Firmware Update Architecture for Nordic nRF5340

0
·1 views

A developer has published architecture notes from an internal R&D project exploring secure over-the-air firmware updates on the Nordic nRF5340-DK development board using Bluetooth Low Energy. The system uses Zephyr RTOS, nRF Connect SDK, MCUmgr SMP for transport, and MCUboot for verified boot, allowing a technician to update field devices locally without requiring cloud or internet connectivity. Firmware images are signed with ECDSA P-256 and verified by MCUboot before execution, ensuring an unauthorized binary cannot be run even if a BLE connection is established. The update flow separates three distinct states — image transferred, image allowed to boot, and image confirmed healthy — so that if a new firmware fails its startup checks, MCUboot automatically restores the previous working image on the next reboot. A timed service mode further limits maintenance access to a defined window, keeping update control at the device level rather than relying solely on the operator dashboard.

Read the full story at DEV Community

This is an AI-generated summary. ShortSingh links to the original source for the complete article.

Discussion (0)

Log in to join the discussion and vote.

Log in

Related stories

0
ProgrammingDEV Community ·

Dev Builds Three.js 3D Product Configurator for WooCommerce, Shares Key Lessons

A developer built Noorifa, a WooCommerce plugin that replaces static product photos with an interactive Three.js 3D viewer, allowing customers to rotate models, zoom, and switch colors synced to store variations. The project revealed that 3D rendering was only 20% of the work, with the remaining 80% involving unexpected technical challenges. One key issue was that a single overhead light left downward-facing surfaces completely dark, which was fixed by adopting a multi-light studio setup including a dedicated under-light. Unbounded zoom controls were also a problem, solved by scaling the zoom range dynamically against each model's bounding box radius rather than using fixed values. The developer also publicly corrected a prior claim about WordPress.org prohibiting WebAssembly binaries, noting no such explicit rule exists.

0
ProgrammingDEV Community ·

Developer Builds Tool That Turns GitHub Commit History Into a Narrative Card

A developer has launched Commit Chronicles, a web tool that analyzes a public GitHub repository's commit history and generates a shareable story card. The system uses Snowflake to fetch commit data and apply six SQL-based storyline detectors to identify which narrative pattern exists in the repository, without any AI involvement at that stage. A single Cortex AI call then narrates the detected story thread using 20 to 140 commit lines, while Cloud Run renders the output as a 1200×630 PNG suitable for README embeds. The tool enforces strict rules to prevent the AI from inventing facts, ensuring every timestamp, commit count, and quoted message on the card is drawn directly from real repository data. Repositories with insufficient history receive a plain grey card, and the AI is never invoked for them.

0
ProgrammingDEV Community ·

How Platform Teams Can Multiply Value Instead of Adding Bureaucracy

A software engineer with experience on multiple platform teams outlines what separates effective platform teams from ineffective ones. The core principle is that a platform team should act as a force multiplier, meaning any work it produces should benefit all teams it supports rather than serving only a subset. Reducing cognitive load for development teams is highlighted as a primary responsibility, allowing those teams to focus on business requirements instead of infrastructure concerns. The author emphasizes the importance of community building, encouraging platform teams to collaborate with innovators and early adopters rather than gatekeeping solutions. New platform teams are also cautioned to respect existing workflows, as disrupting processes that already work can create friction and resistance across the organization.

0
ProgrammingDEV Community ·

Claude Code Uses 4.7x More Tokens Than OpenCode Before You Type a Word

A benchmark by Systima found that Claude Code sends approximately 33,000 tokens of system prompts, tool schemas, and scaffolding per session before any user input, compared to roughly 7,000 tokens for OpenCode under identical test conditions. The study used a logging proxy to capture exact API request payloads, with both tools pointed at the same model and run in clean, empty environments. Claude Code also re-wrote up to 54 times more prompt-cache tokens per session than OpenCode, and since cache writes are billed at a premium, costs can climb significantly. However, the benchmark noted one advantage for Claude Code: on multi-step tasks, it batches tool calls into fewer requests, which can result in a lower total token count compared to OpenCode's turn-by-turn approach. The researchers emphasize that session structure — not just baseline overhead — ultimately determines which tool costs more in real-world use.

Engineer Details Secure BLE Firmware Update Architecture for Nordic nRF5340 · ShortSingh