Hello everyone, I hope you’re all doing well! I’m currently working on enabling hardware-based downgrade protection using MCUboot for my project, but I’m running into some issues that I’m hoping the community can help me with.
I followed the official documentation to set up the protection, but after flashing the initial image, the software didn’t start as expected. The boot logs show an error related to the security counter update failing after image validation, and it’s unable to find a bootable image. Here’s what the logs look like:
*** Booting MCUboot v2.1.0-dev-12e5ee106034 ***
*** Using nRF Connect SDK v2.9.0-7787b2649840 ***
*** Using Zephyr OS v3.7.99-1f8f3dc29142 ***
I: Starting bootloader
I: Image index: 0, Swap type: none
I: Image index: 1, Swap type: none
E: Security counter update failed after image validation.
E: Unable to find bootable image
I’ve configured the sysbuild.conf file according to the guidelines, including enabling hardware-based downgrade protection with 24 counter slots and setting the initial counter value to 1. However, when these lines are enabled, the system fails to boot. Disabling them allows the software to start normally, which suggests the issue is specifically with the downgrade protection configuration.
I also came across a similar issue reported in another forum thread, but the solution provided there didn’t resolve my problem. I’m wondering if there’s something I’m missing in the configuration or if there’s a known limitation with this setup.
Any insights or suggestions would be greatly appreciated! I’m really stuck here and would love to get this working properly. Thanks in advance for your help!