Zum Inhalt

BlueID Ready2Go implementation for Nordic nRF52840

BlueID Ready2Go implementation for Nordic nRF52840


BlueID GmbH developed a Ready2Go implementation for the nRF52840 module that enables the module to execute commands over Bluetooth Low energy (BLE).

BLE stack

SoftDevice v6.1.1

nRF5 SDK v15.3.0

BLE version Bluetooth 5
Pinout and used pins

Pin assignment is described in:

Nordic Semiconductor Info Center

BlueID relevant pin description
Pin name Description
P0.20 Actuator Pin A
P0.19 Actuator Pin B
Specification data
  • RTC implementation

  • default timestamp by reset 01.01.1970

  • 20 ppm deviation (depending on external crystal)

Revocation Store
  • implemented in flash

  • up to 310 revocations

User access store
  • implemented in flash

  • up to 275 log entries

Configuration Store
  • implemented in flash

Initialization Data Store
  • implemented in flash

Serial DEBUG
  • only in debug mode available on UART0

Serial CMD port
  • only when debug disabled on UART0

RNG quality
  • TRNG

  • micro-ecc

Security subsystem ARM® TrustZone® Cryptocell 310
Over the Air Update

See Over the air update section in Nordic nRF52 Family for description of OTA update process.

The nRF52840 performs a signature validation of the application on each boot. Therefore the signature of a the application is saved in the settings page in the flash during a DFU update.

On startup the bootloader calculates and verifies the signature of the application against the signature in the settings page. If the check fails, the module remains in the bootloader. If the validation succeeds, the BlueID application starts.

For generation and validation of the signature the ARM CryptoCell-310 of the nRF52840 is used with SHA-256 and ECDSA (curve SECP256R1 equivalent to NIST P-256).

ARM CryptoCell-310

The nRF52840 features an on-chip Arm CryptoCell 310 cryptographic hardware accelerator.

The CryptoCell cryptographic subsystem is supported from Version 1.1 of the BlueID Ready2Go for Nordic nRF52840 and offers a wide range of ciphers and security features:

  • RNG - Random Number Generation fullfilling the NIST 800-90B3 and AIS-31 (Class "P2 High") standards

  • ECC/ECDSA signature calculation and verification

  • SHA hashes (featuring DMA)

The BlueID Ready2Go for Nordic nRF52840 uses the CryptoCell for all cryptographic operations, consequently speeding up associated security operations and resulting in decreased processing time and power consumption.

Flash Map

For our BlueID Ready2Go implementation for the Nordic nRF52840, we use this memory layout:

Firmware installation and update

To get a running BlueID installation on the nRF52840, you need the following parts:

  • BlueID nRF52840 firmware package which consists of these parts:

    • the BlueID application including Nordic Semi S140 SoftDevice v6.1.1 and bootloader

    • the BlueID Customization data as BCF, provided by BlueID GmbH

  • BlueID Initialization data as BCF, generated by the BlueID Initializer tool

BlueID for nRF52840 only works if all three components were flashed!

The example calls will use the nRF5x Command Line Tools (macOS), their installation path is referred to as CLI_TOOLS_PATH (e.g. "/opt/nRF5x-Command-Line-Tools/"). Also, we need a bin2hex conversion tool, a suitable is the one included in the Python IntelHex module.

Flash the BlueID nRF52840 firmware

Use the CLI (Command Line) tools to flash the BlueID nRF52840 firmware. The correct target address is already encoded in the hex file:

<CLI_TOOLS_PATH>/nrfjprog/nrfjprog -f nrf52 --sectorerase --program CustomizationData.<profile>.hex
<CLI_TOOLS_PATH>/nrfjprog/nrfjprog -f nrf52 --sectorerase --program nrf52840-bootloader-softdevice-<version>.hex
<CLI_TOOLS_PATH>/nrfjprog/nrfjprog -f nrf52 --sectorerase --program nrf52840-app-<version>.hex
Generate and flash the BlueID Initialization data

A sample call to the BlueID Initializer tool that uses a demo account on the integration environment and uses the Bluetooth Low Energy channel may look like this:

java -jar sdkforc-initializer.jar -a BT0QGQEOP00FKAIK5GRA -e INT --channel-btlespp

If successful, you will receive -- amongst other things -- a file ending with BCF. Before we can flash it, we have to convert it into the HEX format. Assuming the program bin2hex of the Python IntelHex module is available, apply this command:

bin2hex.py --offset=0x0F0000 LockServerConfiguration_<ID>.bcf LockServerConfiguration_<ID>.hex

Now we can flash this hex file using the CLI tools:

<CLI_TOOLS_PATH>/nrfjprog/nrfjprog -f nrf52 --sectorerase --program LockServerConfiguration_<ID>.hex

After all firmware components have been flashed to the device, restart the device:

<CLI_TOOLS_PATH>/nrfjprog/nrfjprog -f nrf52 --reset
Flash your favorite BlueID Customization data

For the nRF52840, we supply two flavours that serve different demands:

Name Advertising interval Power consumption
low power 500 ms < 30 µA
high performance 50 ms < 323 µA

Each preset is delivered as a HEX file that will be flashed to the right address (0x0F1000) automatically. To flash it, use this command:

<CLI_TOOLS_PATH>/nrfjprog/nrfjprog --program blueid_nrf52_custom_<type>.hex -f nrf52 --sectorerase
BlueID performance
Power consumption
DC/DC Mode

The DC/DC converter, which is disabled by default has been enabled to optimize power consumption since the nRF52840 module is continuously advertising for BLE.

When DC/DC is enabled, the nRF52840 device automatically switches between the LDO and DC/DC regulator based on the load to maximize efficiency. The switch operation is done by hardware, DC/DC mode gets turned on when the radio is enabled and goes off again when the radio gets disabled.

Two additional external passive components are required to use the DC/DC regulator.

In order to match the power consumption figures for the power profiles, the DC/DC mode has to be enabled.

Test setup
  • DC power analyzer: Agilent N6705B power analyzer with a N6781A module.

  • Device Under Test (DUT): nRF52840 + s140_nrf52_6.1.1_softdevice + nrf52840-1.0-SNAPSHOT.

  • DUT environment: PCA10056 v.1.1.0 Development kit.

  • Regulator: DC/DC Enabled

Power Profiles

For each BlueID Ready2Go implementation two profiles are available. They are tuned for different use cases.

Battery driven objects (low power optimized)

This configuration is optimized for saving battery life but still providing an outstanding reliability of the BLE command execution. Usually this is used for battery driven equipment like door handles and cylinders.

Adverting interval Transmission power Sleep mode Advertising mode Command execution
500 ms 0 dBm <1 µA < 30 µA 830 µA
Externally powered objects (speed optimized)

This configuration is optimized for fast connections from the smartphone to the lock resulting in faster opening. Usually this is used for powered objects like wall readers.

Adverting interval Transmission power Sleep mode Advertising mode Command execution
50 ms 8 dBm < 2 µA < 323 µA 1.2 mA

For more details please refer to the Nordic Semiconductor website.

  • Bluetooth: The nRF52840 is Bluetooth qualified. The Bluetooth Qualified Design ID for nRF52840 (S140 v.6.1.1) is 124988.

  • CE: The manufacturer must self declare that the product complies with Radio Equipment Directive (RED) in order to mark it with CE logo. Nordic provides a white paper (http://infocenter.nordicsemi.com/pdf/nwp_010.pdf) which details the applied regulation. The nRF52840 module is compliant with those regulations, although the manufacturer should self-declare its implementation to obtain a CE logo.

  • FCC: The manufacturer must certify with FCC to obtain an FCC identification number for ISM (Industrial, Scientific and Medical) band radios. Nordic provides a white paper (http://infocenter.nordicsemi.com/pdf/nwp_010.pdf) which details the applied regulation. The nRF52840 module is compliant with the certification tests for its reference board.

Hardware Design Hints

When designing the hardware, we strongly recommend to take the following points into account

Available Modules
Tested Modules

These modules use the nordic nRF52840. We did not test them. They may need some software adaptions.

Brand Chip/Link BlueID
Type used Chipset clock precision Tested Status
Laird tech BL654 yes nRF52840 external XTAL required no
u-Blox Nina B3xx yes module nRF52840 external XTAL required no
Fanstel Corp.



yes module nRF52840 external XTAL required no
InsightSIP ISP1807 yes chip-module nRF52840 clock not precise enough (40ppm) external clock required. no
Raytac MDBT50Q yes module nRF52840 external XTAL required no
More Modules

There are more available from other vendors. Have a look at https://www.nordicsemi.com/eng/Products/3rd-Party-Bluetooth-low-energy-Modules