This blog is to show to use the non-secure bootloader on the nRF52810 chipset. This example is based on the SDK 14.2 with softdevice S132v5.1. This example is working on the single bank OTA without external flash approach.


On the Nordic nRF5 SDK, the size of the secure bootloader (BLE) is 32KB which includes

  • Bootloader 24KB
  • Bootloader Setting 4KB
  • MBR Param Setting 4KB

The total size of the bootloader is 32KB.

Memory layout of the nRF52810 / nRF52811 with OTA bootloader is

The goal is to reduce the bootloader size by disable the secure feature. Thus, I select the smallest softdevices S132v5.1 and S112v5.1 for trying.

S132v5.1 (140KB)

  • Support BLE Central / Peripheral / Advertiser / Observer role

S112v5.1 (96KB)

  • Support BLE Peripheral and Advertiser role only

The non-secure bootloader would be reduced to 16KB + 4KB = 20KB totally.


The idea of the non-secure bootloader is just removed all the secure routine and micro-ecc library.

// <e> NRF_CRYPTO_ENABLED - nrf_crypto - Cryptography library
// <q> NRF_CRYPTO_BACKEND_CC310_LIB  - Enable the ARM Cryptocell CC310 backend

By configure the section placement

The size of the bootloader is limited to 0x4000 (16KB).

The starting address of the bootloader is 0x2B000.

The total size of the bootloader (after compile) would be 15.9KB.

How to setup the demo

Place the source code package under the example\dfu folders

The project of the bootloader is “bootloader_non-secure_ble”.

Two test BLE application firmware

  • ble_app_uart1 (BLE device name: 832UARTS132_1)
  • ble_app_uart2 (BLE device name: 832UARTS132_2)

Generate the Private Key

nrfutil keys generate demo_private.key 

Generate the public key

nrfutil keys display --key pk --format code demo_private.key --out_file demo_public_key.c 

Generate the zip package

nrfutil pkg generate --hw-version 52 --application-version 1 --application ..\ble_app_uart1\pca10040e_s132\s132\ses\Output\Release\Exe\ble_app_uart_pca10040e_s132.hex --sd-req 0xA5 --key-file demo_private.key

nrfutil pkg generate --hw-version 52 --application-version 1 --application ..\ble_app_uart2\pca10040e_s132\s132\ses\Output\Release\Exe\ble_app_uart_pca10040e_s132.hex --sd-req 0xA5 --key-file demo_private.key

Generate the Bootloader Setting (no backup)

nrfutil settings generate --family NRF52810 --application ble_app_uart_1_pca10040e_s132.hex --application-version 0 --bootloader-version 0 --no-backup --bl-settings-version 1 bl_setting_ble_nus_1.hex 

nrfutil settings generate --family NRF52810 --application ble_app_uart_2_pca10040e_s132.hex --application-version 0 --bootloader-version 0 --no-backup --bl-settings-version 1 bl_setting_ble_nus_2.hex 

This demo code is not using the backup region. It needs to add the --no-backup option inside the nrfutil.

Bootloader Setting file no backup

Merge the bootloader, bootloader setting, softdevice and application firmware

mergehex.exe -m secure_dfu_ble_s132_pca10040e.hex bl_setting_no_backup_ble_nus_1.hex -o bl_and_setting_ble_nus_1.hex

mergehex.exe -m ble_app_uart_1_pca10040e_s132.hex bl_and_setting_ble_nus_1.hex ..\s132_nrf52_5.1.0_softdevice.hex -o app_nus_1_bl_and_setting_softdevice.hex

By using the nrfjprog to program combine hex on nRF52810.

If you would like to get this demo code, please give me your project requirement first.