Other Parts Discussed in Thread: CC3220SF, CC3200, UNIFLASH
Tool/software: Code Composer Studio
Precondition:
I'm using the CC3220SF Launchpad and testing the the Over the air example. I have modified it to work with my Dropbox Folder. I have defined "SL_ENABLE_OTA_DEBUG_TRACES", "OTA_LOOP_TESTING" and "DISABLE_OTA_SWITCH_TRIGGER" and included the OTA library in my application. (The idea of using OTA_LOOP_TESTING is to perform a stress test for multiple OTA updates.)
I have used the default OTA certificates and default certificates from the SDK.
Result:
It runs successfully for about 10-15 times in loop correctly, each time testing & committing & resetting the board with the OTA software. But after the 15th time, I get this error with the "signature verification failed!" for ota.sign. This is quite confusing as the signature verification succeeded during the first 15 attempts and OTA update was correctly done.
Log:
----------------------------- START OF LOG -----------------------------
OtaArchive_RunParse: set state=ARCHIVE_STATE_PARSE_HDR
OtaArchive_RunParseTar: parsing archive file header
OtaArchive_RunParseTar: filetype=5, directory=20171229125727_CC3200_OTA/
OtaArchive_RunParseTar: parsing archive file header
OtaArchive_RunParseTar: filetype=5, directory=20171229125727_CC3200_OTA/0/
OtaArchive_RunParseTar: parsing archive file header
OtaArchive_RunParseTar: filetype=5, directory=20171229125727_CC3200_OTA/1/
OtaArchive_RunParseTar: parsing archive file header
OtaArchive_RunParseTar: filetype=5, directory=20171229125727_CC3200_OTA/2/
OtaArchive_RunParseTar: parsing archive file header
OtaArchive_RunParseTar: FileType=0, FileName=ota.cmd, FileSize=3579
[_BundleCmdFile_Parse] bundle cmd file=/cert/root.crt, sig_len=0, SHA_256_Digets=07c6b13c7aa1da898ab41b5fbbceb74f2ff59f27e348fbbdb30d857affb20dc5, cert=, secured=0, bundle=0
[_BundleCmdFile_Parse] bundle cmd file=/sys/mcuimg.bin, sig_len=256, SHA_256_Digets=1a9f7fe337bcaa860aeb163e9e780f09708fbe4d86f455363189c968568794ac, cert=dummy-root-ca-cert, secured=1, bundle=1
[_BundleCmdFile_Parse] bundle cmd file=digcert_high_assurance_ca.der, sig_len=0, SHA_256_Digets=7431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf, cert=, secured=0, bundle=0
[_BundleCmdFile_Parse] bundle cmd file=digcert_high_assurance_ca.der.cer, sig_len=0, SHA_256_Digets=7431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf, cert=, secured=0, bundle=0
[_BundleCmdFile_Parse] bundle cmd file=dummy-root-ca-cert, sig_len=0, SHA_256_Digets=34941765501d16a4ab776c3a74d89945f1a2575c5893069f62ffbe803f344549, cert=, secured=0, bundle=0
[_BundleCmdFile_Parse] bundle cmd file=dummy-root-ca-cert-key, sig_len=0, SHA_256_Digets=d3f34abc6a4de3f009273b4e1d0c71957835425baa0c9896aca88cb508a7ee8b, cert=, secured=0, bundle=0
[_BundleCmdFile_Parse] bundle cmd file=dummy-trusted-ca-cert, sig_len=0, SHA_256_Digets=07ad6ba74b3921009edf184cb382c05a32baacf9c767f74427c094b2c56aa135, cert=, secured=0, bundle=0
[_BundleCmdFile_Parse] bundle cmd file=dummy-trusted-ca-cert-key, sig_len=0, SHA_256_Digets=2543e48899c5f811b8d92d3e49e5d536bd42e38a4040bba03cfafa01baa2cb48, cert=, secured=0, bundle=0
[_BundleCmdFile_Parse] bundle cmd file=dummy-trusted-cert, sig_len=0, SHA_256_Digets=19bef7bca12e10815591cee2771f4208abb2a78d18f74402253c05c4ea020626, cert=, secured=0, bundle=0
[_BundleCmdFile_Parse] bundle cmd file=dummy_ota_vendor_cert.der, sig_len=0, SHA_256_Digets=a160b855d7a00a6002922181377249a80ecd6a738d23e1dd8976c8bb7fad1bcb, cert=, secured=0, bundle=0
[_BundleCmdFile_Parse] bundle cmd file=/sys/servicepack.ucf, sig_len=256, SHA_256_Digets=51c316ebc565876ef093eae24fe14c0617ba90295b91f665a2c42898337e59ee, cert=, secured=1, bundle=1
OtaArchive_RunParseTar: parsing archive file header
OtaArchive_RunParseTar: skip block align RecvBufLen=863, SkipAlignSize=6
OtaArchive_RunParseTar: FileType=0, FileName=ota.sign, FileSize=72
[_BundleCmdSignatureFile_Parse] signature verification failed!
OtaArchive_RunParseTar: ERROR in _BundleCmdSignatureFile_Parse, Status=-12291
OTA_run: ERROR OtaArchive_RunParse, Status=-12291
----------------------------- END OF LOG ---------------------------
On checking the OTA library classes, the failure occurs from the OTAArchive.c function _BundleCmdSignatureFile_Parse(). But the signature verification succeeded during the first 15 attempts and OTA update was correctly done. It returns failure only after the 15th attempt.
1. Has anyone faced such an issue ?
2. Does the certificate we use have any expiration time after which it fails verification ?