Posts: 13
Registered: ‎12-04-2016

Open source, secure OTA bootloader for EFR32/BGM111 using GCC and BLE

I have created an open source Github project for a secure bootloader I wrote for the BLE stack. I wanted several things that the legacy OTA bootloader in did not offer:

  • Build with GCC
  • Avoid proprietary file formats and tools
  • Preserve persistent storage data across application updates.
  • Secure encryption with customisable keys
  • Customisable OTA service UUID
  • Ability to add other features into the bootloader (e.g. manufacturing tests)

Some of these points appear to have been addressed by the stack release, but it still uses proprietary file formats and tools and isn't customisable.


There is a companion Android app included as an APK in the project which will flash firmware files to the bootloader. The full source for this is not provided, but the source for code to read firmware files and send them to the bootloader is included.


There is no reduction of memory available to the application program, as the bootloader uses the ROM below 0x4000 which is otherwise unused. Encryption is done using AES-256, with SHA-256 to verify the programming. The encryption key and OTA service UUID are configurable, which ensures that only images suitable for the target can be flashed, and the debug lock word is automatically set to prevent the encryption key or code being read out of the chip.


The project uses CMake and does not require Simplicity Studio. If anyone else finds the project useful you are welcome to use and modify it.