• State Resolved
  • Locked Locked
  • Replies 4 replies
  • Subscribers 51 subscribers
  • Views 502 views
  • Users 0 members are here
Support feedback
Options
Options
Similar topics

This thread has been locked.

If you have a related question, please click the "Ask a related question" button in the top right corner. The newly created question will be automatically linked to this question.

CC2652R: How to implement security features

NAKAGIRI Masato
Prodigy 130 points
Part Number: CC2652R
Other Parts Discussed in Thread: Z-STACK, UNIFLASH, FLASH-PROGRAMMER, , CC2642R
Hi Team;

We have questions about the documentation below regarding the security features of CC26x2.
"Understanding Security Features for SimpleLink™ Zigbee CC13x2 and CC26x2 Wireless MCUs"
www.tij.co.jp/.../swpb022

Our goal :
We want to store an encrypted common key data on our equipment.

Questions:
1)Can we store the common key encrypted on the device?
If we can, let us know how to store it.
2)Is there a library for encryption?
If yes, please tell us where to refer.
3)What is the purpose of using "128-bit unique device identifier"?
4)About Debug security, please tell us the procedure of locking debug access to the device.
5)About Debug security, we think that after locking, JTAG can only do factory resets.
Is it right?
6)We believe that the above security features require CC2652, not possible CC2642.
Is it right?

Thanks;
N.M
  • 0
    TI__Guru**** 212847 points

    Hi N.M.

    1) NWK and APS keys related to Zigbee communication are stored on the device automatically and handled by the Z-Stack library.
    2) If you would like to implement your own application encryption procedures then please refer to the TI Drivers Runtime APIs.
    3) The IEEE 802.15.4 MAC address is used for unique device identification for the Zigbee extended address or Pan ID.
    4) You can disable the JTAG from the CCFG, please reference the TRM.  This operation can be completed using UNIFLASH or FLASH-PROGRAMMER.
    5) This further depends on your CCFG bootloader settings.  Here is an Application Report for more information.
    6) The CC2642R shares the same security features as the CC2652R but this makes me think you are using the BLE stack, not Zigbee.

    Regards,
    Ryan

  • 0 in reply to Ryan Brown1
    Prodigy 130 points
    Hi Ryan,

    Thanks for the reply.
    We'll ask more questions in relation to the previous question.

    What we want to do is to encrypt the common key and store it in the flash memory of the equipment.
    And we don't implement Zigbee communication on the equipment.

    1)Can we encrypt the key data and store it in the device's flash memory?
    Please tell us how to do it if possible.
    4)We checked the TRM (swcu185d) and guessed that reading CCFG_TAP_DAP_0/1 register would show JTAG ports are enable or disable.
    But we couldn't find a description to disable JTAG. How do we disable JTAG using Flash Programmer?
    5)We checked the Application Report (swra466) but we couldn't find any mention of JTAG locking.
    What documents describe JTAG locking?
    6)We guess that what we want to do is possible with both CC2642R and CC2652R. Is it right?

    Thanks,
    N.M.
  • 0 in reply to NAKAGIRI Masato
    TI__Guru**** 212847 points

    1) Here are aesKeyAgreement and nvsinternal examples which could help, along with referencing the TI Drivers Runtime APIs.
    4) "Lock debug interface" is selectable from the Customer configuration section of the Edit tab in FLASH-PROGRAMMER 2, you can view the help documentation from the GUI for more information. 
    5) Locking and disabling JTAG is synonymous in this context.
    6) Yes

    Regards,
    Ryan

  • 0 in reply to Ryan Brown1
    Prodigy 130 points
    Hi Ryan-san,

    Thank you for your advice.
    I'll try it.

    Thanks,
    N.M.