• State Resolved
  • Locked Locked
  • Replies 8 replies
  • Subscribers 51 subscribers
  • Views 250 views
  • Users 0 members are here
Support feedback
Options
Options
Similar topics

This thread has been locked.

If you have a related question, please click the "Ask a related question" button in the top right corner. The newly created question will be automatically linked to this question.

LP-CC2652R7: SECURE_BIM

Gayathri GP
Prodigy 50 points
Part Number: LP-CC2652R7
Other Parts Discussed in Thread: SYSCONFIG, CC2652R7

Hi team,

Had this development board and run the Project Zero example project on the LaunchPad and verify that the project runs as intended on this evaluation board.

Requirement is I want to change the current BIM to Secure_BIM. How to modify the default CCFG values,in the BIM Off-Chip to add security features in this ProjectZero example and rebuild?

Could you help?

Thanks & Regards,

Gayathri

  • 0
    TI__Guru* 94028 points

    Hi Gayathri,

    Thank you for reaching out.

    You'll first have to enable OAD BLE Security in the project_zero project. This can be done through SysConfig in BLE > Advanced Settings > OAD defines Only. Make sure to rebuild the project.

    For the BIM, you have two options. Either using the pre-compiled bim_offchip secure hexfile (in <SDK>\examples\rtos\LP_CC2652R7\ble5stack\hexfiles\bim_offchip\Release). Or you can recompile the project <SDK>\examples\nortos\LP_CC2652R7\bim\bim_offchip according to your requirements. In that case, the symbol "SECURITY" should be predefined.

    More details are available in the User's Guide.

    I hope this will help,

    Best regards,

  • 0 in reply to Clément
    Prodigy 50 points

    Hi, Is there any step-by-step documentation of the same ? Actually, I want to explore the secure boot feature of this device. Please provide the documentation regarding this, if any.

    The requirement is to generate our own key pair and sign the application image using that key and validate this signature at boot time.

  • 0 in reply to Gayathri GP
    TI__Guru* 94028 points

    Hi,

    I recommend to review the User's Guide and the SimpleLink Academy labs dedicated to OAD as they should cover a pretty similar question.

    Best regards,

  • 0 in reply to Clément
    Prodigy 50 points

    okay, thankyou

  • 0 in reply to Clément
    Prodigy 50 points

    Hi

    Why is the signature value different for each build ( project_zero_LP_CC2652R7_tirtos_ticlang(Active-Release)), even though the private-public key pair and application are the same?

  • 0 in reply to Gayathri GP
    Prodigy 50 points

    Hi team,

    Any updates on above query?

    Project Zero worked; the on-board led and button service functions properly.(Default : Unsecure build configuration)

    The following changes were made to enable Secure Boot:

    1. Imported the ccs bim_onchip_LP_CC2652R7_nortos_ticlang project and changed the build configuration to Release.
    2. Using the key_generate.py script, I generated a new key pair and edited the bim_onchip_main.c file to change the public keys and signer information.
    3. Imported the project_zero_LP_CC2652R7_tirtos7_ticlang project (Release:Active) and changed the SYS_Config to enable OAD BLE Security. Used the Ti private key to generate the signature.

    When I load this bim and project zero to launchpad, it works well. What I expected was that the projectzero application would get rejected because the private key used was one that Ti provided and the public key used in bim was a newly generated key.

    Is this procedure to enable secure boot correct? Could you help?

  • 0 in reply to Gayathri GP
    TI__Guru* 94028 points

    Hi,

    Please open a new thread as this question is not totally related to the initial topic.

    Thank you for your comprehension.

    Best regards,

  • 0 in reply to Clément
    Prodigy 50 points

    okay thankyou