• State TI Thinks Resolved
  • Locked Locked
  • Replies 1 reply
  • Answers 1 answer
  • Subscribers 40 subscribers
  • Views 872 views
  • Users 0 members are here
Support feedback
Options
Options
Similar topics

This thread has been locked.

If you have a related question, please click the "Ask a related question" button in the top right corner. The newly created question will be automatically linked to this question.

CC3220: OTA: Recommended filesystem flags (failsafe) for bundle update

Arnout Diels
Intellectual 730 points

Part Number: CC3220

Hi,

I've been using the OTA library to remotely update my devices.

This is working well and I thought the process was very failsafe (even in case of powerloss, will revert back to previous image).
As long as I was using only the mcuimage.bin in the ota.tar, this was indeed the case. 

When I tried to update both the mcuimage.bin and a certificate, I noticed that this was not atomic. (If the device reset after the certificate was parsed, during the mcuimage, after the reset, it would have upgraded only the certificate and not the mcuimage).

After some searching, I then discovered that this was due to the "bundle" attribute in the ota.cmd json:

[
    {
        "digest":"794232094228a8377fff9da0ca5984e80cdb12366f84473a65a6741da725cdee",
        "certificate":"",
        "signature_base64":"",
        "secured":0,
        "bundle":1,
        "filename":"ca.pem"
    },
    {
        "digest":"0200ff14a009ae28c43032c5960d08f2b8c1f95a6534b75c7cbe2d74d41d05c1",
        "certificate":"",
        "signature_base64":"",
        "secured":0,
        "bundle":1,
        "filename":"/sys/mcuimg.bin"
    },

And that this attribute could be set in uniflash by setting the "failsafe" flag when creating the tar.

However , attempts to upgrade my existing files with an OTA (with bundle attributes) failed. The oatarchive returned the following:

OTALIB: OtaArchive_Rollback: ERROR sl_FsCtl, Status=-10282 

Which translates to "SL_ERROR_FS_BUNDLE_FILE_SHOULD_BE_CREATED_WITH_FAILSAFE"

It seems that is not possible to do a bundle upgrade on a file that was not created with the failsafe attribute to begin with.

Can this be confirmed?

I tested this, by fully flashing a device, with both the mcuimage.bin and the ca.pem with the failsafe attribute. Then indeed, the bundle-ota does succeed.

My real question:

Given these sutbleties, it is important to get stuff right the first time when you flash a device in the factory (as they cannot otherwise reliably be updated).
In my case, I can get away with it, by just issuing bundle-updates for new files, and make the new firmware look for the new files.

However, the question: What is the recommended approach (in terms of uniflash programming) in factory programming to ensure the best/safest OTA possibilities afterwards?

- I just learn't: Make sure all files you ever want to upgrade should be marked as failsafe

- Are there any other things that are important to know?

Thanks for your feedback!

  • 0
    TI__Guru 61436 points

    Hi Arnout Diels,

    As you already discovered, the failsafe is important (for the bundle feature).

    Secure (Encrypted) with or without signature are 2 more flags that you need to consider (depending on the content).

    If you use the secure file and need to access the file, you should either use the Vendor token flag (with a token that you define in the Uniflash' "file properties" screen and use later when accessing the file for read or write) or set it as "public read" or "public write" (depending on required access method) in order to override the auto-generated token check.

    For more details please refer to the "File System" chapter (7) in the CC3220 NWP Programmer Guide ().

    br,

    Kobi